Are You Putting Your Members at Risk?
(Originally published as an article within ECCU’s former e-publication, Ministry Banking Today.)
It used to be that if your wallet was stolen, you were out cash and handed the headache of fighting fraudulent credit card charges. Oh, the good old days.
Now, if your wallet is stolen, your entire identity might be stolen along with it.
We’re all aware of the risks, and we try to do what we can to discourage dumpster divers, hackers, and thieves from victimizing us. But do you know how to protect your ministry members’ information? According to the Identity Theft Resource Center, hackers account for less than 12 percent of all data loss incidents. That means the real threat to your members comes from inside your organization—either from outright theft or from carelessness leading to theft. And, because more information is easily accessible, more records are compromised when data loss occurs at the hands of insiders—by 10 to 1.
Ministries commonly collect and store members’ personal information, from mailing lists and donation records to payment card information. Carefully managing this information not only protects those near and dear to your ministry, it just makes good business sense. A security breach of 1,000 compromised records could cost your ministry upwards of $170,000 in damage control. Yet, it only takes one data breach to become public before all member confidence is lost.
Improve Physical Security
- Send and receive business mail from a secured mailbox or post office box.
- Use Payment Card Industry (PCI) compliant policies and procedures for handling and destroying any documents containing card numbers.
- Verify a member’s identity before providing any personal or financial information by telephone or e-mail.
- Secure your building with locks and alarms.
- Store business, employee, and membership records in locked cabinets.
- Limit staff and volunteer access to sensitive information.
- Train staff on how to protect the privacy, confidentiality, and security of personal information.
Improve Online Security
- Use a PCI compliant merchant processor.
- If possible, only use a compliant online system or terminal for capturing transactions.
- Configure your computers and common applications like Microsoft® Office to automatically update or "patch" your operating system. This is your first line of defense, and it’s free. Software companies regularly issue free updates to close holes that hackers could climb through. Download these updates as soon as you learn they’re available.
- Own and use virus and spyware protection. This protection is essential, even for a one-computer office.
- Update virus definitions daily. Most software can be programmed to update virus definitions automatically. If your computer hasn’t updated its virus definitions in several days (or weeks), your subscription may have expired. Contact your software manufacturer.
- Scan computers weekly for malicious software. Most virus and spyware protection software can be programmed to do this automatically.
- Install a dependable firewall. Both hardware and software firewalls are designed to prevent unauthorized access to a network. Hardware firewalls tend to work the best.
- Secure your wireless network. Use Wi-Fi Protected Access (WPA) encryption to translate information into a secret code that computers can decipher only with the correct password. Without this encryption, you’re inviting anyone with a wireless laptop to access your ministry’s computers.
- Preserve critical data. Back up business records daily, weekly, or monthly, depending on the size of your ministry. Store backups in a secure, off-site location, such as a safe-deposit box. This protects your ministry from losing records to computer breaches and other events, such as tornadoes, floods, or fires.
- Use passwords to limit employee and volunteer access to sensitive information and train staff to keep passwords private.
- Change passwords frequently and terminate access when an employee or volunteer stops working for your ministry.
For more details on protecting your member data, take a look at ECCU’s white paper, Is Your Data Secure?