Security Online for Christians and Churches
If you use the internet then your personal information is at risk. Following these tips will help prevent you from falling foul of hackers, scammers, spammers and others who would want to take advantage of you.
First and foremost always ensure that your computer has up-to-date Anti-Virus software (well known ones include McAfee, Norton, AVG, Kaspersky, Microsoft Windows Essentials, Microsoft Defender). If you haven't run a FULL SCAN lately we'd recommend you do so at your earliest opportunity. Depending on your computer this may take a number of hours but can often go on while you work (or sleep).
Make sure all your passwords are secure. By this we mean ensure
- It is more than 12 characters in length (generally speaking the longer then better)
- It should be a combination of upper and lower case characters, numbers and some symbols/punctuation
- As well as avoiding dictionary words also never use names, places, books in the bible or John316 (possibly the most common Christian password)
- Have a unique password for each site you visit. Clever hackers break into easy targets and steal the list of email addresses and passwords used to login. They then try the same login details at banks and other high value sites.
- Some sites give you an easy default password when you first signup. Once you have logged in you should change this to something secure
- Change your password regularly. If you don’t comply with the above please change it now
Notes about email accounts
- Your email account is extremely important. If someone gets into your email account they can easily see details of your friends, often find your date of birth and see who you bank with and other personal financial information
- Think about all the sites you have logins for. If you can’t remember your password you just click a button and what does it do?... sends a new password to your email address. If someone is in your email then your whole digital life is potentially compromised
- Accounts such as GMAIL optionally provide two factor authentication – this is great and enabling it should give you a lot of protection. It takes a few minutes to setup but here’s a guide on how to do it on a number of services (including Facebook and PayPal) http://howto.cnet.com/8301-11310_39-57566228-285/how-to-enable-two-factor-authentication-on-popular-sites/. For a moments hassle you can be a lot more secure!
- Beware of Phishing emails which pretend to come from your bank, Facebook, PayPal. etc telling you to click a link to reset your password (they take you to a site that looks like the real deal but if you put details in there you are actually handing over your login details to criminals)
- If you receive an email from a friend with a link to click then be aware that their account could have been hacked. If you aren’t expecting something from them feel free to ask what it is about before clicking (you may just find they never sent it!)
- When sending emails out to a group of people it is best to send on the BCC line. This will prevent viruses and malware on any of the recipients’ computers from grabbing everyone else’s addresses and putting them on spam/hack/virus lists
- If you are using Webmail (where you read your email in a browser) your email account should be set to use HTTPS. This provides security between you and the site you are accessing. Without HTTPS it is extremely easy for people to intercept your data. When you login to the email account check in the address bar for the HTTPS:// or a padlock symbol. Some systems let you optionally turn it on under Options or Settings.
- There are lots of great tips at http://www.church123.com/preventing_junk_email.htm about avoiding spam
General signup info, social media and websites
- When you sign up for online services think about the information you give them. Do they really need your date of birth, etc? If the answers you give out to XYZ site provide the same information someone needs to get passed your bank security then if they hack your email you are wide open to abuse. We’d recommend you change your DOB by a few days on any sites that aren’t government / banking / legal websites. Why not make up a fake place of birth, etc? This will help protect you from identity theft
- Facebook profiles are easy targets for identity thieves. We recommend you remove personal details that would help an attacker (especially your date of birth). If one of your friends’ accounts gets compromised then it’s likely that all your profile details can be seen. Always ensure your security settings in social media are appropriately set (for example, you may wish to only permit friends to see your profile rather than everyone)
- On Facebook there are large numbers of scams. For example a recent one says something like ‘Click Like on this, Share with your friends and you could get a free iPhone 6’. You may well be giving access to your personal details to a complete stranger and your friends may also be exposed. The stranger wants to scam, spam and possibly steal your identity. If something in Facebook looks like an amazing deal then please do some background research to confirm it is real before clicking. If it’s too good to be true then it’s probably a scam
- Twitter, Facebook, Microsoft, Sony and Apple are all big names that have recently been hacked. With any site you sign up to if you assume that eventually a hacker will download the database that stores your information that’s probably likely. There are many security breaches that don’t get reported. Smaller sites such as forums and chatrooms are very easy to crack so be mindful what you are signing up to
- Always ensure you really are on the site you think you are on by checking the address (normally at the top of your browser)
- Never give out too much personal information over an insecure connection (secure connections either have a padlock or HTTPS:// in the address bar)
Overseas workers - Online safety for missionaries
- Please be very careful when you are putting information on the web regarding people that you may know who are working in potentially difficult circumstances. Some governments and radical organisations may not like their work. You should always discuss with the individual(s) concerned before they leave what their security requirements may be. Depending on the country they are serving in you may want to never post anything about them online - this could include websites, forums, emails, social media, password protected members only areas and anything connected to the web! With their permission you may decide to post online about them but change their names and never include the country they are working in. We know this sounds potentially paranoid but we would caution that being over careful helps prevent potentially very serious incidents
- If the person is working with a larger organisation (such as Tearfund, Christian Aid or CAFOD) they should have their own security policy to help keep workers safe in the field. Please contact them to ask for any advice
- Assume that all emails (and potentially phone, txt, Skype, FaceTime and letters) sent to or from the worker are monitored
- There are lots of online call and messaging services, such as Skype. Whilst some of these claim to be secure it is likely that many national security agencies can easily eavesdrop at will
- Of course the above doesn't apply for many countries where persecution and restrictions are not an issue. In those cases the Internet can be a really great way to communicate. Always first check with the individual before you first post or send too much information in an email etc.
We hope the above information will help keep you safe online.