Even if you're not an IT expert, protecting your ministry's data is part of good stewardship. This checklist will help you spot key areas where your ministry may need stronger safeguards for financial records, personal information, and computer systems. Use it to guide conversations with staff or support professionals and take simple steps toward better security. Areas covered include the following:
Do you perform monthly backups of business and financial information and store it in a secure, off-site location, such as a safe deposit box or a reputable cloud-based storage service?
Do you have policies in place to protect confidential information like contribution records, counseling notes, and other sensitive information?
Do you have policies in place to report a data breach in accordance with state law and to protect your ministry from legal action?
Do you have policies in place to maintain compliance with Payment Card Industry (PCI) rules for use, processing, and storage of credit card information?
Do you appoint a senior staff member who has responsibility to ensure security policies are in place and followed?
Do you limit access to sensitive data and systems to authorized individuals and is that data password protected and/or encrypted?
Do you change passwords for user accounts and cloud services on a regular basis and when an employee leaves?
Do you enforce or encourage the use of two-factor authentication for access to email, church records, and other sensitive data?
Do you provide or encourage the use of a password manager (like LastPass, 1Password, Dashlane, etc) so those who login to your systems can use unique and complex passwords?
Do you work with a qualified staff member or computer support company to secure your computer systems?
Do you update your operating system for security reasons?
Do you update virus and spyware protection on systems, devices, and applications?
Have you installed firewalls that are designed to prevent unauthorized access to your computer network?
If you offer wireless internet access to your attendees, have you created a separate, private network for the church’s administrative computers?
Do you protect against objectionable or illegal WiFi use by blocking questionable websites, password-protecting the wireless network, and asking users to agree to an Internet Usage Policy?
