6 Ways to Protect Your Congregation from Scammers

The article explores the concerns and dangers inherent in an act that purports to provide greater protection for personal data. It sounds like a sci-fi movie until you realize that it is the world we live in. The irony is that the legions of humans out there hoping to scam us have now been joined by armies of AI-driven “bots” that gather information on us at the speed of electrons moving across the internet. Bots (derived from the word “robot”) are software programs that perform automated, repetitive, pre-defined tasks across the internet. Bots can be programmed to explore websites and look for specific things such as email addresses, phone numbers, or even account numbers.

Framed by this terrifying story as a backdrop, let me ask the question: “What is your church doing to protect your church members’ personal data and the potential trauma of getting scammed?”

I don’t have the technological background to offer you a foolproof plan for protection from scammers but let me offer some broad ideas that may send you in the right direction.

1. SECURE YOUR CHURCH COMPUTER

Church computers that are not secure are probably the greatest threat to your members’ and donors’ data. Weak passwords, unsecured internet networks, and situations where too many people have access to one computer can all contribute to a data breach. The last item on this list offers good, concrete steps to take to protect data on your church computer, but here are a couple of basics:

• Limit the number of people who can access the church computer.
• Change the password often.
• If your church provides Wi-Fi to everyone (no password required), check with your internet provider about setting up a separate password-secure access network for office use.
• Be sure your church computer has up-to-date virus and malware protection.

2. BE TRANSPARENT ABOUT THE INFORMATION YOU COLLECT AND HOW IT WILL BE USED.

These days, many of us create passwords, security questions, and pin numbers that we can remember because they are tied to familiar names and dates, so be conscientious and clear about the information you collect: “We like to send a birthday email to our members…” or “We list anniversaries in the monthly newsletter.” If data is not required for church records, give people the option to withhold it. If you are collecting email addresses and cell phone numbers, assure people that these will never be shared beyond the United Methodist Church family.

3. DON’T INCLUDE MEMBERS’ PERSONAL INFORMATION ON YOUR WEBSITE.

Did you know that bots may be checking out your website? If you are posting any personal information on the church website in a format the bot can recognize, you are giving away people’s private data. Posting anything like a church directory on your website should happen only behind a password-protected wall. The same caution should be exercised for a social media page (Facebook, Instagram, etc.) that is not a closed group but available to the public. Social security numbers (for staff or volunteers) should not be stored electronically on a church computer, nor should bank or credit card numbers.

4. CONSIDER USING EMAIL MANAGEMENT SOFTWARE.

Email has been a financial blessing for churches, especially when first-class USPS mail costs are $.66 per piece and up. Those savings could be well spent on a good email management system or software. If your church is sending out large emails that include everyone’s email address, you run the risk of all the emails being compromised if any person’s computer has been compromised by malware. An email management solution will help prevent your group emails from being interpreted as spam (junk), which could lead to your account being blacklisted by certain mail clients. Many of the management systems will help you send better emails – more apt to get positive responses. Mailchimp, Constant Contact, and a host of others are available; most provide a free trial. Your church management software may also provide you with the same protection.

5. BE CLEAR ABOUT HOW YOU WILL AND WILL NOT MAKE FINANCIAL APPEALS.

I will often get emails from my bank or from companies where I have a credit card account, and they warn me, “We will never contact you by phone or email and ask for your password.” This is an important step to protect an account’s security. It is wise for churches to be clear with their members about how financial appeals will be made to donors. “Our church will never ask for your credit card or bank information via an email or over the phone.” Financial appeals approved by church leaders should be easily confirmable by the church office or website.

6. SHARE RESOURCES FROM ACROSS THE CONNECTION ABOUT SCAMS AND CYBERCRIME.

Discipleship Ministries works to equip local church leaders with the tools and information we believe are helpful and important for the church’s mission and ministry and for making disciples for the transformation of the world. Other agencies across the church provide excellent resources to help educate people in the church who may not be aware of the tactics of scammers and other cybercriminals. Check out the following links and look for ways to share them with your congregation. All of these are provided to you, thanks to your congregation’s faithful support of its apportionments (mission shares, shared ministry).

From United Methodist Communications:

• Jeremy Steele, “Is This Email Fake? How to Avoid Phishing Scams,” United Methodist Communications.
• Jeremy Steele, “Understanding Email Scams Affecting the Church Lately,” United Methodist Communications.

From General Council on Finance and Administration:

• Cybercrime Webinar Part, 1.