In recent years, bad actors have been targeting churches of all sizes to access the data that these churches store, like Giving histories and people data. While Subsplash takes security incredibly seriously, there are a couple of things that Dashboard admins and end-users should know to protect themselves as much as possible.
Before we go through preventative measures, I want to take you through some ways that churches are targeted. While this is not an exhaustive list, here are two common ways that bad actors prey upon churches:
Social engineering. This is the process of accessing a website, finding out who the pastor or an important member of the staff is, and then contacting churchgoers in an attempt to solicit gift cards or other information.
Gaining access to a staff member’s email, and then finding the places that email has been used to log in to. This is especially common for people who use shared logins to websites, where multiple people use the same email/username and password combination to log in.
Dashboard User Preventative Measures
These steps will secure your account and make it more difficult for bad actors to access it. Once again, this is not an exhaustive list, but are some great steps to take.
Immediately discontinue the use of shared logins as many places as possible. For the Subsplash Dashboard, each user that needs to make changes to the Dashboard should have their own account with the set permissions needed. Future iterations of the Dashboard Login will dissuade the use of shared accounts. This is important as each user can create a strong and unique password and make their account a much harder target.
Using Multi-Factor Authentication (MFA) on sensitive logins, such as the email account used to log in to the Subsplash Dashboard. MFA drastically reduces the ability to access another person’s account.
Using a Password Manager to create strong passwords and store them securely. Each login to a website should have a unique password. A strong password should contain at least 8 characters (the longer the better). Allowing a Password Manager to create a unique password is one of the best ways to secure your site. One of the ways bad actors access accounts, especially of the elderly, is by gaining access to the email and then using that email’s password to login to every website listed in the email. Discontinuing the use of shared passwords can help keep them out.
End User Preventative Measures
Do not give out personal information, like passwords, banking information, debit/credit cards, etc via email or text, and only through secure channels where you can verify the person on the other end is who they say they are. Only submit banking information or card information through the Giving or Payments portals in the Subsplash Apps and Websites to prevent any social engineering.
Use a password manager to store and create passwords that are unique to each account with sensitive data or banking information.
Use Multi-Factor Authentication (MFA) on your email client. (Gmail, Yahoo, Outlook, etc) This will help protect your email account from being accessed.
This is not an exhaustive list of steps you should take to protect your accounts, just meant to be good steps to protect your accounts and for Dashboard users to help protect congregants from bad actors.