Chances are, you know at least one person who has been the victim of a phishing attack or data breach. Your neighbor. Your coworker. Your best friend. You. And it’s not just individuals who fall prey to these cyber attacks. Government agencies, banks, retailers… even houses of worship aren’t immune.
As reports of phishing and data breaches become more and more common, it’s natural to feel concerned, especially if you’re responsible for protecting the personal information of others. Fortunately, there are steps you can take to safeguard against cyber attacks.
What is Phishing?
Phishing (pronounced “fishing”) occurs when an individual attempts to trick a victim into downloading malware (software that damages the computer) or handing over sensitive information — for example, a username and password.
A phishing scam can be executed in a number of ways: via cold calling, emails, pop-up messages, or search engine results. Here are a couple examples:
Your Account Will be Deactivated in 5, 4, 3…
In this scenario, you receive an email: a deactivation notice. It appears to be from your internet provider (or bank, or utilities company, etc.). The email prompts you to click a link and update your credit card information, claiming services will deactivate if you don’t take action. You oblige. On the other end of that email? A phisher who now has access to your bank account.
“We’ve Identified Malware On Your Computer”
In this case, you might receive an email or pop-up message from what appears to be tech support at a well-known company like Microsoft or Apple. The message warns you of a problem with your computer — a virus or malware. The person behind the message — “tech support” — requests remote access to your computer, along with payment in return for fixing the problem. As it turns out, “tech support” is actually a scammer looking to take advantage of your trust.
Protecting Against Phishing
There are a number of steps you can take to protect your organization against phishing attacks. Start by following these preventive measures:
- Beware of fake internet links. Sometimes, fake links are disguised as legitimate links. Before clicking a link, hover over it — you should be able to see the true URL destination. Another safety measure: instead of clicking on links, type the URL directly into your browser to ensure its validity.
- Unleash your inner skeptic. If it seems too good to be true, it probably is. Conversely, if someone threatens horrible consequences if you don’t agree to their demands, you might just be the target of a scam.
- Always verify the source. If you receive a request for personal information or money, contact the alleged source of the communication directly. In the case of the tech support scam mentioned above, for example, look up the legitimate company’s phone number and call them to verify the message.
What Constitutes a Data Breach?
Does your organization collect members’ names and email/mailing addresses? Phone numbers and date of birth? Credit card information? Unfortunately, the fact that your organization stores personal information of any kind makes you eligible for a potential data breach, which occurs when sensitive, confidential, or protected data is accessed or disclosed in an unauthorized way.
“Churches of all sizes can be victims of a malicious data breach or a simple unintentional data loss accident,” according to Tom Widman, president and CEO of Identity Fraud Inc., a corporation that helps protect against identity crimes and data theft. “Luckily, there are cost-effective resources available that can help control the risk and impact of a breach.”
Implementing Data Security Procedures
The best way to protect your organization from a data breach involves developing data security procedures. We recommend the following steps:
- Review the data being collected and storage protocols. What types of data is your organization storing? Is it strictly personal data — name and email address — or are you also capturing things like financial data? Review how the information is stored and which staff or volunteers have access to it.
- Classify the data. Which data can be designated as “public use” (name, email, etc.) and which is strictly confidential (financial data, medical histories, etc.)? Sensitive information should be kept classified for key personnel only.
- Install or update a computer antivirus program. Programs such as Norton™ AntiVirus or McAfee® can go a long way in protecting computers from hackers.
- Encrypt your computer network. Programs such as SensiGuard or AutoKrypt can help protect information that is sent.
- Scan your system for security vulnerabilities. Programs like Rapid7 or Nessus can help you get started.
Developing a Response Plan
In addition to establishing data security procedures, you should also formulate a response plan to be deployed in the event of a data breach.
“As part of the risk management plan, congregations should consider how they would respond to a breach, including who can help manage the thorny issues of breach response and the financial impact of the incident,” Widman said. “A proper breach response can help prevent a bad situation from turning catastrophic.”
In the event of a data breach, your organization should respond quickly and professionally, notifying organization members of the situation and, if possible, offering free credit monitoring or identity recovery assistance. You should also identify a professional to help manage your recovery in the event of a breach, such as a lawyer or a representative from your insurance company.
There are simple ways to safeguard your organization against cyber attacks like phishing and data breaches. At CM Select, we’re here to help. If you have questions regarding phishing or online data breaches, or are interested in cyber liability insurance that can help protect you and your organization, email CM Select Customer Service at firstname.lastname@example.org or call 1-800-200-5864.
The information contained in these materials is intended solely to provide general guidance on topics that may be of interest to you. While we have made reasonable efforts to present accurate and reliable information, Church Mutual Insurance Company, S.I. disclaims all liability for any errors or omissions, or for any actions you take or fail to take based on these materials. The information provided may not apply to your particular facts or circumstances; therefore, you should seek professional advice prior to relying on any information that may be found in these materials.