Where do you keep data and information about your congregants and donors? Is it in an Excel file on someone's desktop computer, or in an Access database housed on your laptop? If someone were to steal your computer, would the thief suddenly have the names, phones numbers, and addresses of your givers at his fingertips?

If a hacker wormed his way into your desktop, would he find information about people's giving, including checking account numbers? What about your ministry's financial and banking information—where is that kept? Are you vulnerable to outsiders accessing and abusing ministry funds?

It's becoming increasingly easy for personal and financial information to be accessed as more and more churches utilize 21st-century technology. So the question arises: How do you prevent access to sensitive ministry information by those with malicious intent?

Common Gateways
E-mail has become the most prevalent form of business and personal written communication. Its popularity, however, is now one of its liabilities, increasing its vulnerability to attacks from hackers. E-mails are often sent using a formatting language known as HTML to enhance their look. Unfortunately, HTML provides opportunities for hackers to embed malicious code that you will never see. Most e-mail programs provide a way to turn off the HTML and view messages in plain text. They won't look as nice, but this is an easy way to increase your protection.

	Nearly every state requires organizations to protect all personal, non-public information they have in their possession.

Opening e-mail attachments can also execute harmful code. Many times these attachments have nondescript names or are documents that were never requested. These attachments will not infect a computer unless they are opened. E-mails that contain unsolicited attachments should be deleted without opening them. Some malicious emails even appear to be from known contacts, so if an attachment isn't expected, don't open it no matter who it is from.

Web-based e-mail gives users access to e-mail from any computer on the Internet, making it convenient for those people who travel extensively to communicate with colleagues and friends while away. Web-based e-mail also uses HTML, so it is susceptible to the same malicious coding as HTML e-mail.

Spam e-mail can be coded to track and report back to the sender when a user views the e-mail offer. This lets the sender know that a valid e-mail address has been found and that the user will view spam e-mail. That validation makes your e-mail address worth more to spammers, since they can sell validated e-mail lists to other spammers for more money. So don't open or reply to spam unless you want to receive more of it!

Other Areas of Vulnerability
"Surfing the web" can present many hazards that seem benign but can prove to be either annoying or destructive. The programming languages that make web pages so interesting also provide hackers with opportunities to hide their malicious programs. Many of these hidden programs take advantage of flaws in the operating system and other legitimate programs you run on your computer.

A hacker can leverage these flaws to gain access to the personal files on your computer, or to capture your keystrokes (perhaps as you type in your password) and screen content (maybe when you display your bank account information). They can also install programs that will give them full control of your computer if they choose.

The best way to avoid falling victim to these criminals is to be intentional about your web surfing: surf with a purpose, knowing what you're looking for, not letting advertisements and other intriguing links lead you where they want to take you. As much as possible, stay with known, reputable sites—especially if you're making a purchase or otherwise divulging any personal information on the site. Also be sure to stay current on all security patches for your operating system and other programs on your computer. Keep your antivirus and spyware programs up to date. You do have antivirus and spyware programs, right?

Social networking sites like blogs and chat rooms enable users to share ideas, opinions, and other information. Posted information is generally archived so that others may review it later. Criminals will use search engines to find this information and build profiles of victims. From the posted information, they can collect names, addresses, phone numbers, family member names, employer information, e-mail addresses, pictures, and more.

If you are going to post personal information on a social networking site, consider that the people you're writing for aren't the only ones who can read it. Aside from the criminals, how would you feel if your employer or a relative read what you wrote? If you're putting up your own site on a social network such as MySpace, you can reduce this risk by putting a password on your personal space and controlling who you allow to access it. You might also want to use an

e-mail account at a free service when posting to these forums. This will lessen the likelihood of spam e-mail being sent to your work or personal e-mail address.

First Line of Defense
Hackers actively search for vulnerabilities in computer systems connected to the Internet. A firewall will help prevent unwanted access to a computer or network. Metaphorically, a firewall is the same as locked doors and windows on a house.

A firewall can be an application that is installed on the computer system or a device that sits between the computer system and the Internet. In either case, the function is the same—to protect your system from unwanted and uninvited access. A firewall is your first line of defense against attacks on your computer. If a computer is going to connect to the Internet, a firewall is essential to even the most modest level of security.

Businesses or institutions that maintain records of customers or members but do not have the technical resources to install, configure, and maintain a firewall should enlist the services of companies who can do this for them. Nearly every state now has some form of legislation that requires such organizations to protect all personal, non-public information they have in their possession.

In addition to firewalls, antivirus and spyware software can be installed to prevent harmful code from running on your computer system. This software scans files, e-mails, and attachments for any harmful code. If it detects harmful code, the software can be configured to take various actions, such as removing the program automatically, or quarantining the program (taking the file out of use but leaving it in a place from which it can be recovered if it turns out to not actually be harmful code).

Antivirus programs can only prevent malicious program codes they know about. In order to make sure your program knows about the latest threats, it should be configured to frequently download updates to the program's virus definition files. This ongoing service is one reason why it is important to install a well-supported antivirus program.

We have access to amazing technology that makes our lives easier in many ways. Unfortunately, technology also presents opportunities for those with malicious intent to access information that has historically been considered secure. While we can't prevent people from attempting to access the personal and financial information we keep stored, we can take effective steps to prevent them from succeeding.

Alan Weisenberger is vice president of technology services at Evangelical Christian Credit Union. Copyright © 2008 by Alan Weisenberger. Used by permission.