For the past few months, we all have been learning about the root causes of the Target data breaches.  This case involves thousands of customer credit card numbers stolen over the 2013 Christmas Shopping Season. 

Could my church network be a target?

You may not have the credit card data or the huge amount of private information that a big retail store has, but you have something far more valuable that someone else wants to steal or tamper with.  You have a platform for spreading the truth of Jesus Christ and there is an enemy who wants to slow you down and malign your course.

Let me ask you this: 

Are you working for the Lord’s purposes?  If so, the enemy will use anything he can to stop or divert your efforts.  Your church network has information that you believe is important right?  Well, then an adversary is likely to think the same way.  

Think for a minute about the type of information that you are responsible for.  For example, Children’s name and age records, tithe and offering records, personal counseling session details, sensitive emails and personal information, as well as church employee records such as their social security number.

So what happened at Target?

Latest reports indicate that Target had recently contracted a security service to monitor threats facing their network.  Unfortunately, although certain threats were identified and reported by the service, Target didn’t take full action against the attacks.  It’s not clear why they didn’t fully respond.  Sometimes one is inundated with false alarms or doesn’t see how individual issues could really pose a threat.  Either way, it is essential that we all take extra time to research a potential issue and see what we may be facing.

The details:

In short, a number of servers around the US were compromised by a foreign organization to pull together lots of private credit card data.  They collected data in small sizes during typical business hours in order to stay under the radar.  When the security service notified Target, they didn’t research the facts to see if there had been a compromise.

What was the impact?

Their systems were breached resulting in a compromise of thousands of customers’ private information causing them to now face fines and penalties, as well as impending lawsuits.  And more importantly, they have certainly lost a level of customer confidence.

Based on a recent FBI report, attackers value your private information many times more than you do.  Attackers actually spend, on average, $3 for every $1 you spend to protect your information.

OK, so what can I do?

It is essential to have good stewardship of the networks that are entrusted to our care. This includes diligently researching all reported potential threats that may affect your systems.

A great start is to pay close attention to your Anti-Virus or Anti-Malware scans, your Firewall reports, and your Windows Event Logs.  Also when you get that feeling that something just doesn’t seem right, pull down your logs and look through them.

Know that you may be a target because you are a church or just because you are connected to the internet.  Many times attackers are just trolling around anywhere and everywhere trying to find vulnerable systems and you may fall prey to their attempts.  

Over the next few postings I will be diving deeper into to certain steps you can take with your systems to better protect yourself.  Yes some things will cost you money, however there are many things that you can do just by rolling up your sleeves and getting involved.

BTW, as you are reading this, you may be thinking that “I need to do something now.”  Please drop me a line; I’d be happy to dialogue with you on your specific needs.  

Kevin is an IT Security Professional at a leading insurance company and a blogger advising the Church of Computer Security issues facing us today.  To reach him, please email Kevin@SecuringTheMinute.com.