Data Protection, Cyberattacks and Church Consulting

by Church Consultant, Christson Adedoyin, MSW, MATS, PhD.

Data breaches and hacks have become ubiquitous, and many organizations invest millions of dollars in protecting organizational and service-users’ data. Little to no mention have been made about data breaches in congregational, or faith-based contexts. It is against this backdrop and urgent need that Church Consultant working in partnership with church/faith-based organizations should be proactive in data security and confidentiality. To this end, therefore, I posit at least four reflections that Church consultants should be mindful of, as they partner with congregations and faith-based organizations (FBOs) about data protection and security.

First, current reports indicate that Churches and FBOs have become prime targets of hackers in recent times. To put this in factual context, Churches and FBOs online donation and giving platforms have been reported breached consistently, and in growing occurrences in the last five years. For example, cyberattacks and scams have been in the news media against the Vatican, Jewish Synagogues, and even Church collection plates. A pitiful case study showed when hackers stole almost $700,000 raised online by St. Ambrose Cathedral of Des Moines, Iowa in 2011. The amount was raised to help homeless and abused women. See details HERE. Consequently, Church Consultants should be mindful of possible data breaches and hackers’ threat of Churches / FBO information or data under their custody during, and after a consulting period. It will be preposterous for Church consultants to assume that hacking attacks are only targeted at corporate organizations and never targeted at Church and faith-based institutions.

The second reflection of mine is that it is indeed long overdue for Church Consultants to have data protection training, or continuous education in view of the persistent cyberattacks and data breaches now assailing Churches and FBOs.  Moreover, Church Consultants should be aware of two-factor, or multi-factor authentication verification process for all consulting projects when consulting or working with sensitive data collected from Churches or FBOs. Both of the aforementioned (continuous education, and multi-factor authentication) are importantly needed by Church Consultants for data protection, data confidentiality, encryption knowledge, and an integral part of our overall best practices and continuous education, or professional development.

Third, Church Consultants should request the data management practices that have been put in place by Churches they plan to work or consult with. The importance of understanding the data culture and approving of an existing Church data management practices of handling congregations and FBOs data apriori, indemnifies a Church Consultant against legal action by a client in the event of a cyberattack or scam during or after a consulting contract. While a lot of lectures and publications flow from Fortune 500 companies, start-ups, and other types of organizations on big data security and confidentiality, it is indeed true that little, or no knowledge exists about Church and FBOs’ best practices on how to protect sensitive congregants, or FBO’s client data. For instance, email encryption from Churches and FBOs must be a best practice that must be taught Pastoral staff, agency workers and volunteers who handle data (big, or otherwise) as a good starting point and cultural change.

My fourth reflection point of the importance of managing data and ensure confidentiality is promoting Church and FBOs awareness that ensures that members of the various ecumenical institutions, or FBOs, are well educated and aware of the fact that Churches and FBOs are now choice targets of hackers, scammers and cyberattacks. Just like most people require, or hold stores and e-commerce platforms, accountable for the safety of their credit card information, the same level of assurances must be demanded from Churches and FBO entities before members participate in data collection and processing endeavors. It is when Churches and FBOs in general know that their congregants, or service users hold religious organizations to higher data security standards that the issue of data confidentiality will be given more priority and importance in faith communities.

Overall, Church Consultants need to urgently encourage Churches / faith-based community organizations to secure the data confidentiality of their members and service users against the relentless attacks of hackers. I also see the imperativeness of learning data encryption as part of the continuing education of Church consultants to transfer information from one source to another especially when such information contains very sensitive participants, or client information. Conclusively managing data and learning how to encrypt databases is now a must, and inescapable competence imperative for Church Consultants.