1 of 5

"Only the flexible survive."

It's a phrase we've heard—and possibly said—many times. Life is unpredictable, and challenges do come our way, so how should uncertainty affect the way we approach information technology (IT) in our churches and ministries? We are dependent on our computers today in ways we might never have imagined. We rely on them to store contact information, process financial transactions, communicate—many of the nuts and bolts that enable and hold ministry together. Therefore we should do all that is reasonable and cost-effective to protect our organizations from being shut down by a disastrous event.

Planning now gives the flexibility needed for ministry survival.

And in the ever-changing legal and financial regulatory landscapes, IT disaster recovery plans are even more necessary.

Because of the role IT plays in our ministries, certified public accountants are now required to test for good IT strategies. Those familiar with CPA audits know that auditors are increasing their focus on IT issues. Even if your church doesn't get audited, these areas are wise to address:

• Management oversight. Who is responsible for your church's IT decisions? Chances are good you're relying on a talented staff member, volunteer, or vendor—and that's okay! CPAs need to see that implemented strategies they may have recommended were overseen and approved by top management.
  
  Those in top management may not have the expertise to make technical recommendations. But they have perspective of the ministry's direction, and hopefully, a sense of whether a recommendation is a good fit for the organization by way of integrity and stewardship.
  
  
• System security. This is an area of great importance and it must be addressed. Tackle such issues as:
  
  
  • Firewalls for systems that have full-time Internet connections;
    
    
  • Server room security;
    
    
  • And, additional policies to keep out those who should not be on the system.
  The most common mistake made in this area is the password policy. The corporate standard in the U.S. is to have cryptic passwords of a significant length that cannot be easily cracked. But that strategy doesn't work well in church and ministry offices. We have found many times that those kinds of passwords are so hard to remember that most church and ministry system users write them down on a note kept under their keyboard, in their desk calendar, and so on. The better policy: Require passwords to be at least 6 digits, include at least one (but not all) number, at least one (but not all) punctuation, and at least one (but not all) capital letter, and use an acronym of a favorite verse or worship song. These are easily remembered, cryptic enough to not be easily hacked by an Internet program, and offer the added benefit of reminding folks of the reason they're logging in to your system. This strategy, coupled with using the network's Invalid Login Attempts function (we set it to lock a user account for thirty minutes after three unsuccessful login attempts), is good and effective protection.
  
  We also recommend not letting users change their passwords because most will not choose strong enough passwords, making the system vulnerable. So don't set passwords to expire; instead, change them for users if they've shared theirs with someone. The policy should state that staff members are not to share their password, but that if they do, they should inform their supervisor and have the network administrator set a new one.
  
  

next page... |  1 of 5

share this page