Computer Security

by the Rev. Charles Austin (July / August 2005 • Volume 21 • Number 4)

It is a dangerous world, even for the computers that sit in our offices. Bad things can happen.

Some bad things happen because computers are pieces of machinery. Parts can break, wear out, choke on dust and dirt, or simply quit working for mysterious reasons. That’s why the smart computer user frequently backs up all the critical data on the hard drives. Programs can be reinstalled, but membership lists, financial records, congregation council minutes, and other data have to be saved in several places to avoid disaster. Computers are pieces of machinery, and they will fail.

Viruses, Spam and More
But there are other threats to church computers.

Consider this. Your church council secretary rushes in one hour before the monthly meeting. “I didn’t have time to print out the minutes,” he says, pulling a floppy disk out of his pocket. “And I need to make one final correction.” He inserts the disk into the church’s computer and finishes the work so that the council can have the corrected minutes.

The next morning the office secretary turns on the computer. The disk drives whirr and whirr, but nothing comes up on the screen. Or she boots the computer, calls up the monthly income report and the computer shuts down, displaying the dreaded “blue screen of death” with the message “unable to retrieve BX316.dll. Fatal operation error.”

A virus has wormed its way from the council secretary’s disk to the church’s computer.

Here’s another problem scenario. This time the disk inserted by the council secretary isn’t infected. But after saving the minutes, he decides to do a little web surfing while waiting for the printout. He checks the trash pickup days at the town’s Web site, then follows a link about recycling. This leads him to a couple of additional sites. Then he signs off, after sending a quick e-mail to a colleague at work about tomorrow’s luncheon meeting.

Before long, the church’s e-mail inbox is crammed with spam; strange, offensive, and unwanted missives from places with weird names.

One more horror story. The financial secretary checks the spread sheet showing the income for the past month and leaves the computer on. Someone else walks by and finds the giving records of members displayed on the screen. The temptation is strong to scroll through and see just whether Mrs. Hobson is as generous as she says she is.

Casual use of church computers can destroy information, get the church on spammers’ lists, and create pastoral problems.

How to Protect
It is not hard to protect church computers from most of these problems.

Access to the computers must be restricted. Secretaries and others authorized to use the church computers should be required to sign on with passwords and instructed not to let anyone else use their password.

“Drop-in” use by church officers or members should be prohibited, unless the church has a separate computer for that purpose, not linked with any critical office machine.

Computers that are online should be protected with a “firewall” that offers some protection against known viruses and “worms” that hide in e-mail and on internet sites. Norton Utilities® and similar programs can keep out many viruses; but the programs must be purchased, installed, and maintained to keep the list of virus infections updated. This usually requires an annual subscription.

If it is necessary to insert a “foreign” disk in a church computer, it should be scanned by an anti-virus program first to make sure it is not infected.

Everyone who uses church computers should be instructed to avoid casual Web surfing. Build a list of necessary sites — the ELCA and synod Web sites, local agencies, and other places useful to the congregation’s work and known to be safe to visit. Enforce the no-surfing policy. There are numerous stories about occasions when people embarrassed themselves, their employers, and their churches by inappropriate use of the computer.

You might want to install a filter or program that monitors online usage to spot potential problems.

Access to critical and confidential data should be protected by a double password, and all authorized users should be instructed on how to access the data without inadvertently leaving it open to others.

If churches use “servers” to store data and make it accessible from several sites, you might need the advice of a computer specialist to protect the server from unauthorized use.

There is a dark side to computer security, for it means that we have to think about whether church computer users will do unacceptable or dangerous things. We don’t like to operate on the basis of suspicion.

But the goal of computer security is to protect the church’s equipment and data and preserve the confidentiality of necessary records. Churches should develop a policy on who uses their computers and for what reasons. This can protect data from viruses and other encroachments and avoid the serious problems that can occur if someone uses the church computer for unauthorized purposes.

Charles M. Austin is interim pastor at Zion Lutheran Church, Ridgefield, New Jersey.