With the increase of online scams and fraudulent schemes running rampant these days, parishes are discovering that they are not immune, and need to be just as vigilant when it comes to protecting parish and parishioner data. This includes programs that encrypt and protect parishioner bank accounts and employee social security numbers, protected usher bags that prevent theft, and online classes that school your staff on the latest phishing scams.
1. Are Your Accounts Protected?
As a parish, you’re tasked with many essential duties, including keeping track of sacramental records, updating parish contacts, paying utility bills, maintaining the building, and keeping track of parish giving. It’s no wonder that with so much going on, it can be easy to be lax about keeping things safe online. And that’s exactly what hackers and online scammers are counting on.
Keep your employee and parishioner financials safe by using secure online financial programs. From mainstream programs, such as QuickBooks and FreshBooks, to a parish-specific cloud-based software solution like WeGather that has categories for parishioner finances and data, the important thing is that everything is safe, encrypted, and backed up.
2. Tamper-resistant Security Bags & Three-person Counting System
While it can still be shocking to think, most parishes have had their fair share of theft and embezzlement. According to a January 31st, 2019, article in the “National Catholic Reporter,” church collections are particularly vulnerable to theft because up to 40 percent of parish donations are typically in the form of cash, which varies from week to week. Things that can help prevent this are using serial-coded bags for the collection and then having a three-person counting system after Mass. They also stress the benefits of online giving, where transferring money directly to the bank will leave an online trail that makes theft difficult to conceal.
Unfortunately, theft within the office is also something fairly common at parishes. In 2018, a church employee at St. Robert Bellarmine Catholic Church in the Diocese of Kansas City-St. Joseph embezzled more than $400,000 over a seven-year period. The parish used a checkbook system from which checks were torn out and an accounting stub was left in the book. The employee was writing checks to herself, then entering the names of various vendors on the stubs, according to investigators. And because there weren’t “checks and balances” implemented in the church office at that time, the employee was able to stay undetected for years.
Having multiple people keep an eye on parish finances, such as a finance council, is just one way to keep parish money safe. The Diocese of Palm Beach has guidelines for parishes that include making sure that duties are segmented and not just having one person in charge of it all. Per the guidelines, the greater the number of individuals involved, the stronger the internal control.
3. Online Security Awareness Training
You don’t know what you don’t know, which is why it’s important to keep up to date on the latest online scams and how to avoid them at all costs. Consider giving your parish an intro to this growing epidemic by signing them up for online security awareness training, such as KnowBe4. In addition to online courses and tips for keeping passwords safe and for spotting suspicious website links, KnowBe4 does simulated phishing attacks, where employees will occasionally get an unexpected “pop quiz” on what they’ve been learning.
With permission from the employer, they may receive a suspicious email that will direct them to click an unknown link or prompt them to enter personal information. The results of who clicked are recorded, and those people are flagged for additional training.
4. Think Before You Click
Finally, phishing scams have been growing more and more lately in parish communities. Whether it’s an email request from someone at the parish, or a text message sent to a parishioner asking for gift cards or money, scammers are getting savvier in tricking people into giving them money. What can you do to avoid all this? Think before you click!
If you ever get a text message from someone claiming to be the pastor of your parish, or a hastily written email from a prominent member of your parish staff, with a strange request — you need to train yourself to step back and think: is this normal?
Usually the request is for iTunes or GooglePlay gift cards to be purchased, the back scratched off to reveal the PIN number, and then both sides photographed and texted back to the person asking for them. Rather unusual for a pastor or someone else on staff to ask for, right? Nine times out of ten, you’d be right, and the best thing to do is delete the text message or email ASAP. But if you still have doubts, you can always connect with that person through other means — like calling the parish office directly to speak to Father, in order to be sure.
Every day, you hear of a new internet scam. The best way to not fall for these scams is to remain vigilant, always verify, and always think before you click. For more ways to protect yourself, visit the Federal Trade Commission’s Consumer Information website for some great tips.