How Secure Is Your Information Security?

By Rev. Michael L. White

In this edition of THE CHURCH ONLINE, I will address the matter of information and system security for the church office. Perhaps you thought all the security you had to worry about was installing steel doors, deadbolts, bars on windows, and a theft alarm system, but I want to alert you to a less obvious and perhaps sneakier intrusion into your church office. It can come in through your Internet connection and steal your software, data files, image files, and even vandalize your computer system.

While a broadband, or "always on", DSL, cable modem, or wireless Internet connection is perhaps the more vulnerable, even dial-up connections can be hacked by data thieves or Web vandals. So how can you protect your church's sensitive data, such as finance records, membership records, or any other sensitive information you may choose to store on your computer(s)? Let me offer a few tips on making your church office computer systems as safe and secure as possible.

1. Don't connect any computer to the Internet if it has sensitive information installed on it. This is the safest you can make your information from an Internet hacker attack.

2. Don't connect any computer with sensitive information to your local area network (LAN) if any computer on that LAN has a connection to the Internet. NOTE: Although your data is presumably safe if you do not have file sharing enabled, why take the chance that some very clever hacker may figure (or maybe already knows) a way to enable it by remote access?

3. If you choose to enable file sharing on your computers, and you will have to do this if you wish to share files across your network, be sure to use secure password protection for every drive or folder for which you allow access. NOTE: A secure password combines random upper and lower case letters with numbers and some allowable symbols and punctuation signs, such as colons, hyphens, etc. The longer your password, the better. Common words you can find in a dictionary (even a slang dictionary) and dates (like your birth date or any date in any format) can be easily guessed by password-cracking, hacker software. Also, don't store your passwords near your computers; don't use the same one on every computer; and change your passwords periodically (maybe every three months), in case they've been compromised.

4. Install a good anti-virus and anti-Trojan program on every computer you own, and keep the virus definition files up-to-date! Your computer is not fully protected unless you have the latest virus definition files. Norton Anti-virus and McAfee are perhaps the two most popular, but AVG, by Grisoft (http://www.grisoft.com), is a free anti-virus program which works well, too. Trojan Be Gone is an excellent and FREE anti-Trojan program. Download your copy from my web site at http://www.parsonplace.com/download.html

5. Install a personal firewall on every computer with an Internet connection. The best and most highly recommended personal firewall currently available is Zone Alarm, and you can download it for FREE from http://www.zonelabs.com for personal, non-profit, and non-governmental use. It appears "The best things in life are free."

Zone Alarm will protect your computer from both outside and inside attacks. By inside attacks, I mean spyware and Trojan horse programs which secretly send data to their authors about your browsing habits, personal information, etc. Zone Alarm stops them dead in their tracks and gives you the option of disallowing them access to the Internet. According to online technology expert, Steve Gibson, Zone Alarm is simply the best.

You can read more about online security concerns at Steve's web site, Gibson Research Center (http://grc.com), as well as in the June and October 2001, issues of Christian Computing Magazine (http://www.ccmag.com), page 30, and the December 2001, issue of PC World Magazine (http://www.pcworld.com), page 196. I've also added a security section on my own web site, Parson Place (http://www.parsonplace.com), to provide links and advice on handling security issues both at home and in the church office. Please check it out and send me your feedback.

I pray you all have a very Merry Christmas and a safe, secure, and Happy New Year!