Close this search box.
Close this search box.

Digital Security for Churches: How to Prevent Cybersecurity Breaches

Not long ago, an Ohio church lost an alarming $1.75 million due to hackers breaching two employees’ email accounts.

After gaining control of the email accounts, the hackers were able to pretend to be the employees and deceived other workers at the church that the bank and wiring instructions had been changed.

By the time the church had figured out what was going on, it was too late.

Like any other organization today, churches are susceptible to attacks from hackers and scammers. The key to avoiding a similarly tragic situation is to ensure that your church is well prepared for any cybersecurity threat that comes your way. Here are some tips to help prevent a cybersecurity attack on your church.

Understand the Different Types of Hacking and Scam Methods

Hackers can try to infiltrate your systems in various ways. Here are three of the main ones.



While there are many different subsets of ‘hacking,’ they are all very similar in terms of how they work. Essentially, hacking is when a scammer attempts to gain access to personal information your church possesses. To achieve this, they’ll use some sort of technology to break into your network.

Signs to look for:

√ Missing files that appear to have been removed

√ A large number of pop-ups

√ An increase in your internet or phone bills

√ The inability of some employees to log on to accounts, possibly meaning a password was changed without them knowing.


Phishing involves the hacker attempting to pose as a legitimate company or organization and will try and trick churches into giving them their usernames and passwords by claiming that the employee’s account has been compromised.

You may think that this wouldn’t be a very effective tactic, and it may not be as many organizations, churches and companies can decipher a legit email from one that isn’t. But scammers that use this tactic go for quantity over quality. According to Phishing Activity Trends Report, 2022 was a record year for phishing, with more than 4.7 million attacks logged by the Anti-Phishing Working Group. The idea here is that you’re bound to find some people who will fall victim if you send out enough fake emails.

Signs to look for:

√ Email address does not match the organization

√ Suspicious and nosy requests

√ Grammatical errors

√ Urgent or threat if not responded to immediately


Malware and ransomware commonly get confused for being the same, but they are actually different from one another.

Malware scams involve someone attempting to trick you into installing software that scammers can then use to access your systems. Ransomware, on the other hand, is when a hacker will try to block you from accessing certain files or even your system altogether. As the name suggests, they try to get you to pay ransom to gain control again.

Signs to look for:

√ Excessive amounts of pop-ups

√ Extremely slow computers

√ Computers downloading and launching software without your approval

Preventing Cybersecurity Breaches

So how do you prevent hacking, phishing, malware, and ransomware breaches at your church? Here are three important steps to take.


  • Having an IT professional on staff is a great way to manage your cybersecurity. If you don’t have a staff member specializing in this area, consider contracting with an IT security consultant.
  • Anyone who has the ability to access your church’s online systems MUST be well-versed in best practices in maintaining the integrity of your cybersecurity. If need be, hire a third-party IT company to come in and train your staff in on digital security. They can do scam simulations for your team to demonstrate techniques and help them identify what to look for as well as what not to do.
  • Scammers and hackers are getting more and more sophisticated. There many great cybersecurity blogs and publishers you can follow, including Krebs on Security, which is dedicated to investigating cybercrime stories and happenings. Schneier on Security is another great one, where you’ll find information on internet security, hacking, and patching as well as safety tips.
i3 Nonprofit— Your Safe and Secure Text Giving and Communications Solutions Provider


Our i3 Nonprofit Solutions PCI Level 1 Compliant gateway provides the highest level of security so that you can be rest assured your donor data is secure. Because mobileAxept’s hosted donation page adheres to these standards, even if your website is vulnerable to an attack, your donation page is not.


Here at i3 Nonprofit Solutions, we offer multiple solutions to help you keep your members engaged and donating. This includes our ReachNow, GiveNow Text, and ConnectNow services.


We invite you to contact us for more information today.

Recent Posts

RCM Healthcare: The Unexpected Costs of Recruiting Billing Employees

Experian Health surveyed 200 revenue cycle executives to better understand the impact of staffing shortages on reimbursement. It found that 96% of survey respondents report a lack of qualified workers has a “detrimental impact” on revenue channels. What’s more, 80% of respondents report department turnover rates as high as 40%, much higher than the national average of 3.8%.

Read More