« Creating a Disaster Relief Ministry | Main | 'Most Significant Religious Case in 20 Years' »

July 12, 2011

Cyber Crime: Coming to a Church Near You?

Hackers steal $680,000 from Iowa church.

cyber_post.jpg

The St. Ambrose Cathedral in Des Moines, Iowa, became victim to an apparent cyber crime last month when unidentified hackers stole $680,000 by luring away critical electronic information.

CBS News, reporting on the incident, quotes law enforcement and cyber security experts about how the hackers did it:

The heist begins with a technique known as spear phishing. In it, hackers lure an organization's financial officer with an email--a note that appears to be from a friend or the IRS-- enticing them to click on a link.
That click opens the door to a malicious software infection that allows vital information, like bank passwords, to be captured.
Criminal groups can then wipe out the account--ultimately transferring the cash to their own accounts, in places like Russia or the Ukraine--leaving victims high and dry.

CBS News also highlights other recent victims from around the country, including one public library in Florida, and two local governments in New York and New Jersey.

That makes these types of crimes all the more troublesome, said Verne Hargrave, who presented "Fraud in the Church: High-Tech Style," last week at the National Association of Church Business Administration's annual conference in Washington, D.C.

It means hackers are aware of financial sources big and small all over the country, including churches, he said.

“These guys in Eastern Europe know about you guys," said Hargrave, a certified public accountant and author of Weeds in the Garden. "They know about what’s going on, and know it may be an easy target.”

Hargrave offered these six tips for avoiding an attack like the one in Iowa:

  • Dual controls. Have at least two people involved in every account, every cash collection, and every cash payment system. With electronic funds transfers, separate the three processes (bill approval, bill preparation, and bill transfer).
  • Dedicate a stand-alone computer. Use it only for electronic funds activity. It shouldn't be tied to an individual and it shouldn't have access to other financial databases. Limit its online activity. Keep its antivirus and firewall protection updated.
  • Limit administrative rights. Only those with specific needs for accessing electronic financial activity should have access to the computer used to do it.
  • Reconcile daily. Reconcile your church's bank accounts daily.
  • Change passwords. These need to be changed regularly, and preferably with a combination of upper- and lower-case letters, and one numeral and one symbol included.
  • Don’t e-mail files. Use secure connections for any electronic file transfers.
For more help on good electronic practices in church offices, check out Protecting Electronic Data from ChurchSafety.com. For more help on church financial practices, check out the Essential Guide to Church Finances from YourChurchResources.com.

Matt Branaugh is director of editorial for Christianity Today International's church management publications and resources. His current duties include editing the Church Law & Tax Report and Church Finance Today newsletters, ChurchLawAndTax.com, and ManagingYourChurch.com, as well as leading an editorial team of four people. He also writes the Church Law & Tax Update, Church Finance Update, and Church Management Update e-newsletters, and the "Office Toolkit" column for Leadership Journal.

Related Tags: cybercrime, cyberfraud, embezzlement, finances, fraud, giving, hackers, internal controls, liability, money, risk

Comments

The venue where the crime that took place in St. Ambrose Cathedral is very shocking, considering the religious side of the institution. If this could happen to a religious organization, this could much more happen to the business side. Indeed, the call for identity protection leaves no excuse to absolutely everyone.

Post a comment:

Verification (needed to reduce spam):