Cyber Criminals Target Personal Computers
April 3rd, 2006Posted by: Theo Nicolakis
On March 6, Reuters reported that Cybercriminals were increasing the number of smaller attacks in an attempt to avoid detection by stealing individuals’ personal and financial information. The article reported that in the second half of 2005, Symantec saw the continuation of a trend whereby computer hackers were targeting people’s personal computers (their “desktops”) and web-based applications.
Hackers are leveraging computer-based viruses, Trojan horses, and worms to uncover sensitive and confidential information stored on an individual’s computer. The ramifications of such an attack could be the compromising of financial information, passwords, or even identity theft.
As church communities increasingly venture into the online world, they must be cognizant of the need to protect their parish computer systems from such attacks. Parishes computer systems contain valuable information about the finances of the church, information about their parishioners, and other confidential material.
Moreover, parishes need to likewise understand that guarding their own perimeter is not sufficient. In my interaction with parishes, the majority have a treasurer who is a volunteer or parish council member maintaining the parish financial information on that person’s computer system. Even though the treasurer may be using a “backup” copy, parishes must now take into account the security of parishioners’ systems. If a treasurer were to have sensitive financial information about a parish stored on his or her computer and then that computer were to be attacked, the parish could be affected. Indeed, in cases where sensitive information is stored on a laptop computer, it is not simply hacking that needs to be taken into account, but also the physical stealing of the computer.
The point here is that backing up data–though vitally important!!–is not enough. Should a hacker gain access to a system, backups are simply backing up a compromised system with all the holes a hacker used in the first place. Rather, parishes need to think seriously about comprehensive digital security and establish guidelines and standards for any system containing parish data OF ANY KIND.
At a minimum, this should include anti-virus, anti-spyware, and firewall software from a reputable vendor. In addition, systems must be maintained with the latest security patches and hardened to prevent unauthorized access.
Physical access to systems must also be reviewed. All systems should be locked to permanent fixtures with steel cables. Parishes should maintain passwords on any and all systems, limit who has access to those passwords and change them regularly.
An ounce of prevention can help parishes maintain a high level of trust with parishioners. Indeed, it is far less expensive for parishes to implement simple, common sense measures than to deal with a compromise that will potentially affect a parish’s finances, parishioner’s personal information, and everyone’s trust.