Cybersecurity in the Parish

Recently I was helping a brother priest set up his new computer — a process that requires personal information and a password. I asked him what he wanted his password to be. He said he didn’t want one. “But it’s required,” I told him. “I don’t want one,” he repeated. When I told him it was not possible to continue without creating a password, he insisted that it be the word “password” — not a wise decision.

Neither my confrère nor anyone else I know would want to live in a home without locks. Yet when it comes to digital technology, some people, perhaps many, fail to appreciate the need for security. Whether it is our personal computer or smartphone, the parish computers or the parish wireless network, all should have the best possible security. Not only does this protect us, it also protects the people and communities we serve. Computers are used for personal finances, personal and professional correspondence, and myriad other tasks. Parish computers hold financial records, census data, information about the parochial school children and other important documentation. Security breaches compromise this sensitive and vital information.

Concretely, what can be done to ensure good security? For starters, if a computer is used by more than one person, each user should have his or her own account. Most software allows for separate user accounts. This is helpful in tracking and correcting errors in data entry. Some of the latest computers make personal identification possible with biometrics such as facial recognition and fingerprint scans; this is ideal, because it is much more difficult for someone with ill intent to fake biometric traits than to guess a password.

Speaking of passwords, they should be complex and changed periodically. A secure password will include both uppercase and lowercase letters as well as numerals and other symbols. Do not share passwords with others. Only the pastor or administrator should create passwords and secure them in a locked or encrypted file on the computer; it might be a good idea to keep a printed list of passwords in a sealed envelope in the safe, if you have one.

Screen savers should be set up so that when a computer has been inactive for a determined length of time, the screen locks and users must re-enter their password (or better, biometric identification) to gain entry. Moreover, computers should not be left unattended unless the user has locked the screen or logged out.

Wireless networks also need proper security. No parish office should have an open network. Hackers can and will try to find a way into a computer system. If they succeed, they could steal your files by locking or encrypting them and then demand that you pay a ransom to recover your files.

I have written about the importance of having a good ministry website and about the use of social media. All of these must be attended to by trustworthy people under the care of the pastor or administrator.

The administrator also must be sure that all computer software is updated regularly. The latest operating system and software updates often include security updates to keep your computers and wireless networks safe from attacks. When a computer, network or software application can no longer be updated, it is time to replace it. If your computer is never connected to the internet, and if you never insert flash drives to transfer data, you have nothing to worry about. Most of us, however, are connected to the internet, or perhaps an intranet, and use some kind of portable drive to share files with other computers. Our computers are thus vulnerable to hacking, viruses and malware of all kinds.

Finally, be sure that all computers have a backup system. If you don’t backup, it is only a matter of time until you lose your information. Consider using two kinds of backup: one on-site, the other off-site. That way, should natural disaster strike, you can rest assured that your files are secure.

FATHER JAY FINELLI is a priest of the Diocese of Providence, Rhode Island. He is a webmaster, podcaster and blogger.