Volunteers are great and we use them all the time but do they need ChMS access at home? While doing visitor data entry should they see SSNs and giving information? It may take a little more work to set users up so they only see what is necessary but it is better—especially when you consider the amount of turnover volunteers have.
Physical access should also be addressed.
I’m talking about physical access to the hardware storing the data. What tech-policies do you have to protect your server room, or is it just a closet everyone can get into? I’m convinced I could walk into most churches, steal a server, and walk it out to my car and drive off with it if I just pretend that I own it.
Our personnel tech policies also have to be reviewed.
Having the right people in the right positions is often times half the battle. What happens when folks are dismissed or fired and access must be removed? While we would like to say that doesn’t happen in the church world we all know it happens far too frequently. Are you hiring people you can trust with your data?
People are the biggest security risk any organization has. They fall prey to phishing scams and because they want to help they click on things they shouldn’t trying to help people they shouldn’t trust. This leads to data loss. Do you provide training for your users to teach them how to avoid such threats?
It is vital that security and cyber threat protection decisions not be made by tech people—they are leadership decisions, and hopefully the tech folks have a representative at the leadership table. Contrary to popular belief tech people aren’t wired to say no. But we are trained to keep things safe. Leadership needs to get input and make wise, informed decisions about how to keep data safe, how much money to invest, and policies and procedures.
Again, the nature of our business makes creating tech policies a challenge. We use volunteers. But decisions made in the light of day with the involvement of the necessary parties is a huge step towards avoiding disaster.
Jonathan Smith is the Director of Technology at Faith Ministries in Lafayette, IN and the President of MBS, Inc. He is an author and frequent conference speaker. You can reach Jonathan at jsmith@faithlafayette.org and follow him on Twitter @JonathanESmith.
