Does Your Church Have an E-Crime Response Plan in Place?

March 5, 2020 - 5 minutes read

hacker-4031973_640‘E-crime’ (electronic crime) refers to crimes that take place over the internet or through mobile devices. Any person or organisation that uses the internet or a mobile device is vunerable to e-crimes, and that includes churches and other not-for-profits.

Rather of being physically robbed or burgled, with e-crime a person or organisation could lose money from their bank account or credit card through identify theft, online auction fraud, hacking, or by falling prey to cyber scams or fake online offers.

Fortunately there are some fairly basic steps you can take to protect yourself and your organisation from these types of attacks. This includes strong passwords, 2-factor authentication, anti-virus programs, data backups, regular bank reconciliations and more. Our previous post on cyber scams has more tips on reducing the risk of online scams and fraud. You should also ensure you have cyber protection insurance in place to cover you for online risks.

However, despite the best prevention, there’s always the possibility that you could become a victim of e-crime. This makes it important to know the telltale signs and to have a response plan in place.

Detecting e-crime

Indicators of e-crime include:

  • Unusual or unexplained transactions on your bank account or credit card.
  • Missing data or files.
  • Privacy breaches – e.g. where confidential information has become exposed.
  • Your website looks different and appears to have undergone unauthorised changes.
  • Unusual activity on your website – such as spam or sudden large increases in traffic.
  • Unexpected password changes.
  • Emails demanding a ransom for stolen data.

All these activities could indicate you have become a victim of cyber attacks – such as credit card fraud, identify theft, phishing, ramsomware or hacking.

Responding to incidents of e-crime

  • Contact your bank immediately if you notice any unexplained or unauthorised transactions on your account.
  • Report suspected scams to the Australian Cyber Security Centre.
  • Report suspected crimes to the police. Make sure to keep evidence – e.g. computer logs, emails, ransom demands and so on.
  • Contact your insurer as soon as possible if you need to lodge a claim for financial losses due to cyber attack.

Stay Smart Online also provides recommendations for responding to specific types of cyber attacks. For example:

Phishing emails:

Let’s say you have received an email that may be genuine but you are not sure. In this case contact the organisation named on the email for verification. Do not forward the email to them but instead send a screen shot or snip.

Ransomware:

In a case where your files or computer are inaccessible and a scammer is demanding a ransom, do not pay any money as there is no guarantee of your data being returned anyway. Instead, contact your IT provider, and restore your files using your most recent backup.

If you are unable to recover your data however you can go to ‘No More Ransom‘ for decryption tools.

Website vandalism:

Just as property can be vandalised so too can websites – through unauthorised changes, electronic graffiti or malicious codes.

If your website has been attacked, it’s recommended you do a security check using the Google Developers Tool.

You should also take your site offline, at least until the problem is fixed – e.g. through restoring from backups and installing security updates and plugins. Once your site is back online review it again.

As well as the above it’s imporant to tighten your passwords, keep a regular watch on your site, and make sure to install software updates.

Create a documented response plan

You should also prepare yourself by developing a detailed incident response plan for e-crime.

This involves analysing the hazards and risks, developing response steps for the different types of attacks (see above), assigning key roles to staff members, and doing ongoing monitoring and reviews.

Overall it’s really just a matter of vigilence, sound risk management and good security measures. You should also train your employees and volunteers in detecting signs of online attacks and in how to respond.

Financial protection through insurance

Our cyber protection insurance provides cover for financial losses, cyber event response costs and business interruptions due to online attacks. Get in touch with our office if you need to discuss your policy with us.

Further reading

Stay Smart Online: Incident response plans

CCI: Link to all posts on cyber security

Written by Tess

Tags: , ,