Category: Information Technology

I’m not sure they ever went away but it’s a good warning as holiday shopping season gets underway.

The public service announcement by the FBI warns that there have been instances across the U.S. recently of scammers posing as service representatives of software company tech support or computer repair services in attempts to trick victims into following instructions.

They contact victims by phishing email or by phone, warning that an annual subscription service is about to be renewed within hours at a cost which is commonly in the range of $300 to $500 – and that the victim should get in contact if they want to cancel the payment.

If you use a computer or mobile device long enough, sooner or later something will go wrong. You may accidentally delete the wrong files, have a hardware failure, or lose a device. Even worse, malware may infect and wipe or encrypt your files. If the examples above happen to you, backups are often the only way you can rebuild your digital life.

Many of the files we create today are already automatically stored and backed-up in the cloud, such as Microsoft Word documents stored in Microsoft OneDrive, Dropbox, or Google Drive, or personal photos stored in Apple iCloud. But there may be files you create that are not automatically stored in the cloud, or perhaps you want additional backups for personal use.

What

The first step is deciding what you want to back up: (1) specific data that is important to you; or (2) everything, perhaps including your entire operating system. Many backup solutions are configured by default to use the first approach and only back up the most commonly used folders. If you are not sure what to back up or want to be extra careful, consider backing up everything.

When

Second, decide how frequently to back up the data. Built-in backup programs such as Apple’s Time Machine or Windows Backup and Restore allow you to create an automatic “set it and forget it” schedule. Options include hourly, daily, and weekly. Other solutions may offer “continuous protection” in which files are immediately backed up as they are edited or saved. At a minimum, I highly recommend automated daily backups of critical files.

How

Local or cloud-based backups? Local backups rely upon devices you physically control such as external USB drives. The advantage of local backups is that they enable you to back up and recover large amounts of data quickly. The disadvantage is that if you become infected with malware, it is possible for the infection to spread to your backups. Also, if you have a disaster, such as fire or theft, you could lose your backups as well as your computer. If you use external devices for backups, store a copy offsite in a secure location and make sure your backups are properly labeled. For additional security, consider encrypting your backups.

I highly recommend cloud-based backup solutions like iDrive, Carbonite, Backblaze, and many others. These solutions are online services that back up and store your files on the internet. Typically, you install an application on your computer. The application then automatically backs up your files either on a defined schedule or as you modify or save them. Some advantages of cloud solutions are their simplicity, automation of backups, and access to files from almost anywhere. Also, since your data resides in the cloud, home disasters such as fire or theft will not affect your backup. The main disadvantage is the bandwidth it consumes, but you can schedule these backups to run at night (leaving your computer powered on of course). Your ability to backup and restore depends on how much data you are backing up and the speed of your network. You can always be extra safe and use both.

With mobile devices, most of your data such as emails, text messages, or photos you take are automatically stored in the cloud. However, your mobile app configurations, system preferences, and other files may not be stored in the cloud. By automatically backing up your mobile device, not only do you preserve this information, but it is easier to transfer your data when you upgrade to a new device.

The first meeting of the Parish Software Review Committee met via zoom on Thursday, October, 27. We intend this review process to be very transparent and will be keeping all of you updated on the committee’s progress, including sharing the recordings of our meetings:

Click Here to View the Powerpoint Slides from our first meeting.

Click here to view the recorded meeting.

Parish Management Software advisory committee members

Adobe’s newest tool for creating online content. Adobe Express packs the power of Adobe’s world-class tools into a simple platform for producing social media posts, flyers, logos, videos, posters, business cards, and more in minutes.

Click Here to Request Up To 10 licenses for Adobe Express Premium

Adobe Express Premium Features:

• Premium Editing and Photo Effects
• Social Media Scheduling
• Customizable Branding Kits
• Adobe Fonts and Adobe Stock Libraries

Common Red Flags to Help you Identify Phishing Emails and Texts

• The email address contains a random mix of letters and numbers
• The text is from an unknown number
• The email or text contains typos or odd language
• The email or text asks you to buy something
• The email or text asks you to provide financial information
• The email or text asks you to provide personal information about yourself or someone else at the church, especially the senior/executive pastor, a decision maker, etc.
• The email or text asks you to download an attachment or click a link — if someone you do not know is asking you to do either of these things, that is suspicious!!!
• The email or text asks you to purchase gift cards (iTunes, Apple or other gift cards) and then send the activation code on the back of the gift card

One tip for preventing these types of emails from ending up in your inbox in the first place is to avoid posting your staff email addresses on your website in plain text or with an email link. Cyber criminals can easily crawl your website for email addresses, so if you include everyone’s information in an online staff directory, you are making yourself an easy target for receiving these emails. An alternative is to only have one general email address on your website that all online inquiries go to. Whoever manages that email address can forward requests accordingly, and this person needs to be sure they are trained in cybersecurity and hyper-aware when sifting through emails.

Sample Bulletin Announcement about Emails or Texts Impersonating Priest or Someone from the Parish

By policy of the Diocese of Sioux Falls, priests and deacons will not request financial assistance for their personal needs (cash or gift cards) from you via text message or email. As many have posed as our clergy while trying to scam parishioners of funds, we urge individuals to first verify they know the sender before ever giving money. If you are in doubt, please call the parish’s office.

Multi-factor authentication (“MFA”) has emerged as an important tool to provide an additional level of verification beyond user passwords to protect information systems and user data. The goal of MFA is to verify identity and to make sure the person logging into an account really is the person they are claiming to be. MFA is FREE and one of the easiest things you can do today to significantly increase the security of your church staff and their accounts. Overall, we strongly believe that MFA is a vital element in any comprehensive approach to security.

Passwords Aren’t Enough

Why is this necessary? Security experts know that passwords alone simply are not an effective deterrent to cybercrime and security breaches, because there are so many problems with the way that most people handle their passwords, from creation to use.

The most common password mistakes include:

• Using easy-to-guess passwords, e.g. birthdays, addresses, pet names, etc.
• Writing and/or storing their passwords in easy to find places (hint: the sticky note on your monitor or desk is not secure!)
• People share their passwords with others.
• Many people use the very same password for all or multiple services, applications, devices, accounts, etc., thereby creating unnecessary exposure for themselves in many important areas of their life and work.
• Many have unwittingly provided their password via spoofed sites or phishing emails that are created to steal these passwords.

As a result, passwords are stolen and compromised all the time. Your own passwords may very well be compromised and residing on a list of thousands of other stolen passwords for sale to those who would use them for negative purposes.

How Does MFA Work?

So what does that have to do with your church? Well, churches maintain a lot of personal data, including very sensitive data about member’s giving and financials, staff social security and payroll data, and pastoral counseling notes. The church staff has to be able to trust that systems are secure and working properly so they can perform their ministry jobs. A breach could be harmful, embarrassing and costly. This is where multi-factor authentication comes in.

MFA provides a second layer of security by adding a step to the sign-in process when someone uses their password to log in to an MFA-enabled account. How does it work? Typically, MFA employs a code that is updated on a timer. This code is sent to the user’s trusted secondary device via a text message (or a pre-downloaded app) when they use their password to log into a MFA-enabled account. The user is prompted to enter the current MFA code. Without using the MFA code or the verification app, access to the account is prevented, regardless of whether a user has the proper password. There are typically multiple options for delivery, including text, email, or app, for the user’s convenience.

While it can be argued that MFA adds a basic level of complexity to the log-in process and the need for some basic user training, the benefits of the level of security it provides to user accounts is far greater than these small adjustments. The main “barrier” is the necessity of a smart phone or secondary device, but is safe to say that almost everyone has one of those these days.

The Benefits of MFA

When you really break down the process, it is quite simple and user-friendly. It simply makes it harder for OTHER people to log in to your account. Not every single product and platform supports MFA, but it is our best practice recommendation that if MFA is an option, you should enable it.

The main benefits of MFA are:

1. It is FREE!
2. It is an easy way to immediately increase the security of accounts for every user in your organization
3. It is increasingly available on most platforms that include a log-in system

At this point in the cybersecurity game, Multi-Factor Authentication is a necessary element of a basic user-security setup. The minor inconveniences of a slightly longer sign-in process and training are far outweighed by the extra level of security it provides. Of course, it is not a “silver bullet” that will solve all of your problems. MFA covers breaches at the log-in step, but it does not cover voice phishing, physical security, a lost USB stick, or an end-user falling for social engineering tricks. Tools like MFA must be coupled with solid end-user security awareness training, the most important layer of security to which organizations must give their attention. Awareness of the types of schemes employed by cyber criminals and others who would cause harm is the most effective protection against security threats. Nevertheless, MFA is an effective, accessible and easily-implemented step in creating a more secure environment for your church.

This article was pulled from enableministry.com

Multi-Factor Authentication: A Must-Have for your Church!

REPOSTING AS A REMINDER

I’m interested in learning more about Flocknote

Bank of America recently sent a customer service email warning users to watch out for this new phishing attack.

Threat actors are sending realistic texts requesting that you send money using Zelle® as payment due to a “fraud alert.” These texts make the warning look01 legitimate, and if you respond to the text then you’ll receive a call from a fake representative.

This person will use social engineering techniques and will trick your users into asking for you to send money to yourself through the Zelle® payment method. In reality you’ll be sending the money directly to these scammers’ pockets, and they will be able to receive your money into their account.

Check out this 1:22 animated video from Zelle on how to spot this type of scam and share it with your users:
https://blog.knowbe4.com/heads-up-bank-of-america-warns-about-recent-scams-that-request-zelle-payment-due-to-suspicious-activity

LastPass Hacked

Password management service LastPass confirmed a security incident that occurred roughly two weeks ago and resulted in the theft of certain source code and proprietary technical information.

According to Spiceworks News & Insights:

“While customer data and passwords remain unaffected despite the break-in, LastPass said the hacker could steal the source code and other proprietary data, given the compromised account had access to the LastPass development environment.

Learn more about the LastPass hack at Spiceworks News & Insights.

My Advice (What to do next)

Turn on MFA (Multi-Factor Authentication, sometimes called 2FA) for any and all password managers and your online accounts.

How to turn on MFA for Last Pass.