TECHNOLOGY EMPOWERING MINISTRY www.ministrytech.com
May 2016
Part 2
protecting The Soft Underbelly of the church
The Silent and Destructive Communication War Between Boomers and Millennials Are you aware of this silent war claiming casualties in your church every week?
People are the biggest security risk any organization faces. Implement practical tips to safeguard your church against disaster.
>> DRAFT2DIGITAL >> CHOOSING THE PERFECT CHURCH EVENT SOLUTION >> HIGHER POWER WITH KEVIN PURCELL
CONTENTS
5.16
CHOOSING THE PERFECT CHURCH EVENT SOLUTION
12
Church events can be effective, but they can get messy in a hurry without the right software. Here’s how to choose the best one.
4 Protecting the Soft Underbelly of the Church
STARTUP
DRAFT2DIGITAL These four college buddies transformed an industry that hadn’t changed in 100 years.
At the end of the day, people are the biggest security risk any organization faces. Implementing these practical tips, however, will safeguard your church against disaster.
16 8 The Silent, Destructive Communication War This silent war between Boomers and Millennials is claiming casualties in your church every week. But many aren’t even aware of it—are you?
HIGHER POWER
Bible Mark Up for Tablet Presents God’s Word . . . . . . . . . . . . . . . . . . 14 How to Plan Your Next Church Event, No Matter the Size. . . . . . . . . . . . . . . . . . . . 20 2 | MinistryTech.com
23 PROTECTED WITH PURPOSE
RAMPANT RISE OF RANSOMWARE ( ALERT-TA16-091A) The one topic raising awareness in the cybersecurity world is the alarming rise of ransomware.
A Word from the editor Joey Tindell Editor Joey Tindell jtindell@outreach.com
Art Director Crystina Lindoerfer
Contributing Editors Yvon Prehn Nick Nicholaou Russ McGuire Jonathan Smith Steven Sundermeier Kevin Purcell
Copy Editor Rachael Mitchell
Publisher
Outreach Inc. 5550 Tech Center Dr. Colorado Springs, CO 80919 (800) 991-6011 Ministry Tech® is a registered trademark of Outreach, Inc. Written materials submitted to Ministry Tech® Magazine become the property of
Redeemed Imaginations
T
his is my first “letter from the editor.” And, as I thought about what to write, I recalled a quote I recently came across by Charles Finney, the father of modern revivalism (even though he lived in the 1800s): When you come back to God for pardon and salvation, come with all you have to lay at his feet. Come with your body, to offer it as a living sacrifice upon His altar. Come with your soul and all its powers, and yield them in willing consecration to your God and Savior. Come, bring them all along— everything, body, soul, intellect, imagination, acquirements—all, without reserve.
Outreach, Inc. upon receipt and may not necessarily be returned. Ministry Tech® Magazine reserves the right to make any changes to materials submitted for publication that are deemed necessary for editorial purposes. The content of this publication may not be
Imagination. That word really stood out to me. I’ll explain why shortly. Last April Comscore released a study showing that the number of mobile-only internet users now
exceeds desktop-only in the U.S. That means the majority of the people in your community and church interact with the web on their phones nearly constantly. So, what do Charles Finney, imagination, and a Comscore report have to do with one another? Everything. When believers with redeemed imaginations leverage the power of technology, amazing things can happen. The question is, how is your church going to leverage technology? I would encourage you to quite literally ask God to fan the flames of creativity and imagination in your church, for the purpose of accomplishing His purposes. Sure, it’s often easier to not engage. But, as Russell Moore said in his book Engaging the Culture Without Losing the Gospel, “to rail against the culture is to say to God that we are entitled to a better mission field than the one he has given us.” Guess where the new mission field is—the mobile internet.
copied in any way, shape or form without the express permission of Outreach, Inc. Views expressed in the articles and reviews printed within are not necessarily the views of the editor, publisher, or employees of Ministry Tech® Magazine, or Outreach, Inc. © Copyright 2016 Outreach, Inc. All Rights Reserved
Joey Tindell is the Web Marketing Manager of ChurchLeaders.com and the Editor of MinistryTech Magazine. He has worked for several ministry-minded organizations including In Touch Ministries and The Rocket Company. You can reach him at jtindell@outreach.com. May 2016 | 3
COVER STORY
Protecting the Soft Underbelly of the Church
Part 2
by Jonathan Smith | How do we provide maximum kingdom impact while also being good stewards of the data God entrusts to us? People are the biggest security risk any organization faces. Implementing these practical tips, however, will safeguard your church against disaster.
L
ast month we talked about the cyber challenges churches face. This month we will look at some simple ways the church can protect itself from those bad actors using wise policies and procedures. This assumes you have a firewall and a proper network design. How do we provide maximum Kingdom impact while also being good stewards of the data God has entrusted to us? First, let’s look at your Church Management System or ChMS. Do you rely solely on the ChMS vendor to keep your data secure? Do you test the security of your ChMS or do you just take the vendors word for it? Do you have security audits with your financial audits? I assume you have financial audits. Even then the security questions in a financial audit can be useless. A church IT friend of mine answered the security
4 | MinistryTech.com
audit question, “How do you keep your data secure?” with, “12 flying monkeys.” He never heard back from the auditor regarding that answer. He should have. Use a security company for a dedicated security audit or ask your ChMS vendor for a copy of the security audit they have done on their product. Remember the Anthem hack of early 2015? The hackers were after data that is similar in nature to the data we store in our ChMS software: names, addresses, phone numbers, and SSNs. Second, what is your password policy like? Is it written down? How do you enforce it? Does it make sense? Research has shown that longer, more complicated passphrases are more secure than shorter, complicated passwords that users have to change frequently. Forcing users to change their passwords, whether to their
computer, ChMS, or any other system on a regular basis leads to the passwords being written down on the bottom side of the keyboard —where some of those bad actors know to look. I suggest using long passphrases. 15 characters or more, with a capital, lowercase, number, and special character all required. Using a phrase from your favorite song or Bible verse works. “InthebeginningGod1!” as an example—but don’t use anything obvious or inscribed on a plaque hanging on your wall. A passphrase like this will never need to be changed unless it is compromised. Your password policy should also include the ability to prevent users from sharing their passwords, even with volunteers. It is far better to invest the time and issue a volunteer a login than to share staff access. The same is true for your ChMS. Does your password policy also apply to
other sites and services that require your users to login? If you find that a user has shared or compromised their password I suggest setting it to something like,“I sharedmypasswordsonowittakesme 5minutestoentermypassword?!” and forcing them to use that for a week. Third, do you have any data access policies? Who gets access to your data? What level of access? Does everyone see everything or do users only see what they need to see? What criteria do you use to determine who sees what? Do you allow people to snoop around your database? Who can view giving data? How do you determine who sees what?
It is vital that security and cyber threat protection decisions not be made by tech people—rather, leadership needs to get input and make wise, informed decisions about how to keep data safe, how much money to invest, and deternime policies and procedures.
Volunteers are great and we use them all the time but do they need ChMS access at home? While doing visitor data entry should they see SSNs and giving information? It may take a little more work to set users up so they only see what is necessary but it is better—especially when you consider the amount of turnover volunteers have. Fourth, physical access should also be addressed, that’s physical access to the hardware storing the data. How do you protect your server
room or is it just a closet everyone can get into? I’m convinced I could walk into most churches, steal a server, and walk it out to my car and drive off with it if I just pretend that I own it. Finally, our people or personnel policies also have to be reviewed. Having the right people in the right positions is often times half the battle. What happens when folks are dismissed or fired and access must be removed? While we would like to say that doesn’t happen in (Cont. on page 6) May 2016 | 5
IN SUMMARY »» »Create»a»password» policy »» »Implement»data»» access»policies »» »Restrict»physical»» access »» Review»your»people
the church world we all know it happens far too frequently. Are you hiring people you can trust with your data? People are the biggest security risk any organization has. They fall prey to phishing scams and because they want to help they click on things they shouldn’t trying to help people they shouldn’t trust. This leads to data loss. Do you provide training for your users to teach them how to avoid such threats? It is vital that security and cyber threat protection decisions not be made by tech people—they are leadership decisions and hopefully
the tech folks have a representative at the leadership table. I’ve written about this before and the importance of IT being in submission to the church leadership. Contrary to popular belief tech people aren’t wired to say no. But we are trained to keep things safe. Leadership needs to get input and make wise, informed decisions about how to keep data safe, how much money to invest, and policies and procedures. Again, the nature of our business makes this a challenge. We use volunteers. But decisions made in the light of day with the involvement of the necessary parties is a huge step towards avoiding disaster. MT
Jonathan Smith is the Director of Technology at Faith Ministries in Lafayette, Indiana. You can reach Jonathan at jsmith@faithlafayette.org and also follow him on Twitter @JonathanESmith. 6 | MinistryTech.com
Create. Share. Connect.
INSTANTLY. It’s Quick, Easy and Fun!
If your church already has a photo directory, chances are it’s out of date (and probably was by the time you rst recei ed it You know it’s impossible to keep it current ell, not anymore
Thanks to Instant Church Directory, digital photography and wireless de ices, you can produce and share a photo directory yourself — in just a few hours (honestly
Start Your 30-day FREE Trial Today!
InstantChurchDirectory.com or Call TOLL-FREE 1 800 992-2144 Mention Savings Code 13260
Send a Quick Message to your directory. FREE with your paid membership.
The silent, destructive communication war between Boomers and Millennials [
T
here is a silent war going on in churches today. Nobody talks about it and many in the church are not even aware it is going on, but it continues day after day and the injuries, both to individuals and to the Kingdom of God, are immense. This is the war of communication expectations between talking on the phone, email, and texting. Though this conflict can happen between any members of the church, for purposes of this article, I’m going to oversimplify it by sharing
8 | MinistryTech.com
by Yvon Prehn
]
what I’ve seen happen many times between Boomer and Millennial age groups. Though I’m using these two groups as examples, read into them “Boomer and older” and “Millennial and younger.”
Here are some typical skirmishes: Situation #1: A Boomer congregation member places a phone call to a Millennial Youth Pastor and leaves a message. No response. Boomer tries email. No response. Sunday comes around and Boomer angrily
confronts Millennial, “I was going to contribute two scholarships to Winter Camp, but since you didn’t have the courtesy to respond to my offer, the scholarship money has been donated elsewhere.” Millennial responds, “I’m really sorry. I didn’t get any of your messages.” Situation #2: Millennial Youth Pastor texts the Boomer age people in the church who have said they want to be part of the prayer team for youth. She is excited with the list she received from the church
office and sends a series of Instagram links along with the texts showing the kids they will be praying for at an upcoming strategy session at Starbucks. When the time comes for the strategy session, only one person out of the 15 she sent multiple text messages to shows up. On Sunday, when she tries to be kind and ask why various Boomer individuals didn’t show up, she gets a combination of blank stares and replies of “You never contacted me” in response.
What is going on In both groups, the person sending the message felt they were doing
Millennial communication channels — Many Millennials rarely talk on their phones—they don’t answer them or listen to messages. Nor do they read email— they rarely sit down at a computer because they do everything with their phones. Except talk on them. They text. A lot. They constantly scan and send social media on their phones. These are the communication channels they use. The result is that if they are called and left a voice message or sent an email, chances are they won’t hear it or see it. Boomer communication channels — Boomers talk on their
of) messages sent through Facebook. Of course there are many exceptions to the examples above, but they are worth considering when communication problems arise.
Suggested solutions Before practical solutions, as is always the case, let’s look at the spiritual solutions first. For all age groups in the church we do well to remember that we serve a Lord, “who did not come to be served, but to serve and to give his life as a ransom (Matt. 20:28).” We are commanded to “Do nothing out of selfish ambition or vain conceit. Rather, in humility value others above yourselves, (Phil. 2:3).”
There’s a silent war of communication expectations between generations going on in churches today.
all they could to communicate. However, just sending a message is not the same as communicating a message. In both cases the message was never received by the party it was intended for. Before I get to specific advice on how to deal with this redemptively in the church, let’s step back and realize that we are at a unique time in the world of communication because, though we have many channels of communication available today, different groups use different tools that do not necessarily communicate with each other. Following are some examples of this:
phones. They listen to and leave messages. Many have no idea how to text, how to receive one or how to send one. Many of their phones don’t have the texting app enabled or it may not be available. If they have it, they may not know how to use it. For many Boomers their preferred method of technological communication is email, though many Boomers and older don’t even know how to use this. The Boomers who use email, assume everyone has email and responds to it. The social media of choice for many Boomers is Facebook—but they use Facebook at home on a computer and they primarily look at the updates and ignore (or are not aware
How then can we act with humility and a heart of service in our intergenerational communications? Here are some suggestions:
1
Be honest in your print and online church communication listings. Many problems arise when a church lists staff email addresses, but the staff members do not answer their emails. Where this is particularly destructive, and happens often, is between youth pastors and parents, where the parents email and the youth pastor doesn’t respond.
2
If an email address is given, staff MUST commit to checking and responding to email. (Cont. on page 10) May 2016 | 9
3
If staff won’t do this and prefers to text, DON’T list their email. List a number they can be reached and specifically state “Pastor Jeff prefers to communicate via text.”
4
In the church if you are on a committee or volunteer for a ministry or work with volunteers, before anything else, ask “What is your preferred communication method? Text, email, phone call?” Then respond in the way requested, even if that is not your preferred method.
5
If you don’t know how to text, consider learning how to do it. If typing with one finger or your
thumbs seems impossible, most phones today make it possible to send a text by dictating it into your phone. If you hate to respond to email— get an app on your phone and do it anyway.
6
In conclusion These are not easy communication changes to make, particularly if you have to learn a new way to communicate, but warring communication methods hurt individuals and the church. Pray for patience and grace with yourself and each other and remember it’s not about you, but about keeping peace and growing the Kingdom of God. MT
For more advice on church communications from Yvon Prehn in our constantly changing communication world, go to http://www.effectivechurchcom.com.
You want the freedom to … reach out … minister to people … create fellowship … contribute to your community PowerChurch Plus was created for just that!
Membership Accounting Contributions Events Calendar
We provide you with the tools to increase administrative efficiency and streamline accounting tasks, freeing you up to perform the work that matters.
Install on your PC or network, or access online. Choose which fits your needs.
Check In Completely Integrated
We provide software tools, freeing you up to fulfill your mission.
www.PowerChurch.com • 800.486.1800
10 | MinistryTech.com
PCS-11301-ChurchExecutive_4.75x7.25.indd 1
7/14/11 10:23 AM
A United Church Is An Effective Church.
The RDS Unite App Will Keep Your Members Connected. Bring your congregation closer together with RDS Connect Unite®. It is a suite of features for smartphones, tablets, laptops and PCs for your members and staff. • Cloud-hosted for Apple, Android and Microsoft devices • Unite members with your RDS database for instant access in real time • Strengthen your community of believers From your digital device, your members will be able to: • See and update information about their families • Make gifts and contributions • Review their personal contribution and payment history • See the church photo directory, send e-mail, make phone calls or text messages and add photos • View a map with directions to a person’s address
More features and capabilities to come! Unite® is for churches using RDS Connect, Cloud-hosted systems
RDS CONNECT
Church Software For Today and Tomorrow For more information contact RDS at 800.337.6328 or 405.840.5177 www.rdsadvantage.com • E-mail to rds@rdsadvantage.com
Choosing the Perfect Church Event Solution Church events can be extremely effective. But, they can also get messy in a hurry without the right software. Here’s how to choose the best one.
Y
ou’ve worked long and hard to prepare for your church’s upcoming children’s ministry conference. If all goes well, this will be the first of many such gatherings. But you know that if you’re not able to manage the promotion and registration for the event, it doesn’t matter how wellorganized the conference is. You need a solution that will make the reservation and money-handling process as simple and intuitive as possible. To make it work, this event solution has to fire on multiple cylinders. You need to be able to:
• Register attendees • Take money up front • Receive all the appropriate information, i.e., what size t-shirts to order • Easily monitor progress with a glance Let’s take a look at some of your options. 1. Do it offline I can’t imagine any scenario where someone would think this was a 12 | MinistryTech.com
tenable choice. But you could put a sign-up sheet in your lobby, and have people email, phone, or text you to RSVP or register. Obviously, choosing to handle an event in this fashion is going to reflect poorly on your conference before it even begins. You’re going to need to come up with a much better solution than this. 2. Use a premium tool Using a service like Eventbrite or Brown Paper Tickets might seem like a good idea but there are some serious drawbacks. Unless your event is free, it’s a more expensive option that will cut into the profitability of your event. This usually includes a set dollar amount per ticket and a
percentage of the ticket’s value. Their market for promoting events isn’t always church friendly. Someone can log in to look for your conference under local events and be met with a myriad of questionable options. With some of these enterpriselevel services, you do not receive the money raised from the event until the event is over. 3. Use an economy tool Another option is to use a generic form tool like Google or Wufoo forms coupled with a payment provider like Paypal, Stripe, or Google Checkout. The biggest advantage is that it’s a costefficient solution, but that also contributes to its deficiencies: It’s not going to mesh with your church database, so you’re going to have to do more work to juggle various elements together. It’s not an elegant solution. It will look like exactly what it is: some complementary tools hacked together to do the job. Forget about a consistent branding experience! 4. Use echurch Events Powerful and elegant, the new echurch Events tool is a perfect middle ground between the premium event platforms and more cost-conscious alternatives.
Unlike the high-priced choices, it’s created with the church in mind, and it is more productive and powerful than the bottom-tier choices. Consider these features: 1. Easily create an attractive and
2. 3. 4.
5.
6.
7.
branded website where people can register for your event. Accept credit cards online with your Pushpay merchant account. Track cash and check payments offline. Quickly see important stats: how many attendees, how much money has come in, t-shirt sizes, etc. Get the information you need by creating custom questions for the registration process. Receive funds immediately instead of needing to wait until the end of the event. Effortlessly integrate payments with the most popular database systems.
Event registration has been the most requested tool for churches using Pushpay, and we’re excited to roll out this robust tool. Since the key to cost efficiency lies in using the same tool to accomplish many important tasks, this is a perfect time for churches to start using Pushpay for as their mobile giving solution while enjoying the benefit of the echurch event tool. If you’re interested in discovering even more ways that Pushpay can help you engage your congregation, schedule a demo of the total engagement package. MT
DISCOVER THE 5 PROVEN PRINCIPLES OF FAST CHURCH GROWTH FROM THE TOP 100 CHURCHES.
In this free Ebook you’ll learn: !
The #1 mistake churches make with their mission & vision
!
The most effective way to communicate to new visitors
!
How to build key relationships in your city
Free limited-time download.
DOWNLOAD NOW
See more at: http://blog.echurchgiving. com/choosing-the-perfect-church-eventsolution/
May 2016 | 13
HIGHER POWER
Bible Mark Up for Tablet Presents God’s Word by Kevin Purcell
I
’m always looking for some cool ways to present God’s word in my preaching and teaching ministry. When I started watching John Piper’s Look at the Book video series on YouTube, I loved the simple and elegant black background with white Bible text that he uses in these videos. He draws on the text and screen using colorful marking pens. I investigated and discovered that Piper’s using a tool that inspired a developer to make an Android and iOS app called Bible Mark Up. This free iPad or Android app inserts the Bible text from one of a number of translations onto a black background. The teacher or Bible student uses the 9 colors to draw on the screen. Watch John Piper use this tool to great effect in his Look at the Book video series on YouTube. (http://bit.ly/lookatbookvids) Logos Bible Software users can also buy these videos along with a nice study guide that goes with the videos. The
Diagram»1 14 | MinistryTech.com
free video series puts the videos and the study guide right inside Logos Bible Software (https://www.logos. com/product/54898/look-at-thebook). See Diagram 1. See how Piper users the tool that inspired this app to show how the parts the text fits with the rest of the text. He draws circles and lines and underlines. He uses colors to connect one part with another. It’s simple but masterful. I’ve begun using it in my teaching ministry and plan to do more. I interviewed the developer recently on the Theotek Podcast (http://www.kevinpurcell.org/biblemark-up-app-presents-bible-theotekpodcast-063). He demonstrated Bible Mark Up and we talked about possible future changes. The app includes some cool features. It’s got a lot of international translations in addition to the ESV, NASB and KJV. Sadly, they don’t offer my preferred HCSB translation. For teachers who use original languages it includes Greek Textus Receptus and Hebrew Aleppo Codex all online. We also get access to some public domain works like Strong’s, Lexicons and some Commentaries. I haven’t used anything but the English Bible texts since I don’t plan to do my study in the app. I just use it to present.
Diagram»2
See Diagram 2. Here’s the workflow. The opening screen asks the user to type in a Bible reference. It will then copy the text to the black screen in portrait orientation at first. Tap on the end of the line to change the line breaks. At the bottom of the screen there’s a button that reads Modify Breaks. Tap it to move the next line up to the current line that you tapped. Repeat this till the lines all show up the way you want. Then tap on Scale & Move at the bottom and pinch to zoom or shrink the text. Remember to keep the text large enough so people in the back of the room can read the text. When you’re ready, turn the
or underline all the words related to one of the sub topics in one color. Then use another color to visually link the next subtopic. Use lines to connect pronouns with the proper noun they represent. See Diagram 3. The app could use an update and here’s what I’d include: 1. An erase button that removes all the markups in a single tap. 2. I’d like the ability to pay extra Diagram»3
tablet into landscape mode and tap on Draw. Use the colored inking and markup buttons to draw when you wish. I will often underline or circle key words, put parenthesis around a phrase I’m discussing or draw lines to show relationship between words or phrases. Use multiple colors. For example, if a text is discussing one topic but has some sub topics, circle
for other modern translations or reference works. I understand the app developer can’t make it free if he adds paid content, but I’d love to pay to get that kind of content. 3. Add shapes like lines, ovals, boxes and more.
Kevin Purcell
text color. It’s be great if I could highlight a word or words and change just the color of those words. Even if the developer never adds all the above features, it’s still a worthwhile tool to install on your iPad or Android tablet. MT You can get the app for iPad (https:// itunes.apple.com/us/app/bible-markup-bible-study-app/id986455115?mt=8)
4. Change from black to white background.
and Android (https://play.google.
5. If you change the background color then you need to change the
maranatha.booklook&hl=en) where
com/store/apps/details?id=air.com. it’s free for each platform.
May 2016 | 15
STARTUP
Draft2Digital These four college buddies transformed an industry that hadn’t changed in 100 years. by Russ McGuire (russ.mcguire@gmail.com)
I
n this article series, we’ve defined a Christian entrepreneur as a person, driven to glorify God in all he does, and ruled by the Word of God, who starts a new venture and is willing to risk a loss in order to achieve the success of the venture. Each month I’ve been introducing you to specific Christian startups and entrepreneurs, some of which may be helpful to your church, ministry, business, or
and CEO of Draft2Digital, an online business that helps authors get their books published. The company announced their service on the last day of 2012. Today, less than three and a half years later, they have helped more than 20 thousand authors publish more than 80 thousand books which have sold more than 5 million copies worldwide. They have grown from Kris as the only employee at the beginning of 2013 to 15 full time employees today. The business is
In less than three and a half years Draft2Digital has helped more than 20 thousand authors publish more than 80 thousand books which have sold more than 5 million copies worldwide. family, but my main intent is to encourage and inspire you to be entrepreneurial in your ministry and career. This month I’d like to introduce you to Kris Austin. Kris is co-founder 16 | MinistryTech.com
focused on treating their customers well and has been profitable enough to be entirely self-funded, and has been able to provide support to the owners’ churches and a variety of ministries. That doesn’t mean that
Russ McGuire A trusted advisor with proven strategic insights, Russ has been blessed by God in many ways including serving as a corporate executive, co-founding technology startups, and writing a technology/business book. More importantly, he’s a husband and father who cares about people, and a committed Christian who seeks to honor God in all that he does. His newest venture is as Entrepreneur in Residence at Oklahoma Christian University.
the journey has been lacking in “sanctifying opportunities.”
Four College Buddies Kris graduated from Oklahoma Christian University in 2004 with a degree in Computer Science. Over the years, he kept in touch with many of his college friends, including fellow CS grads Toby Nance and Sean Sanders, and English major Aaron Pogue. Each enjoyed success in their diverse career paths, but Aaron ran into a roadblock in achieving his dream of publishing his first novel and turned to his computer buddies for help. The major publishing houses had turned down his book, and when he turned to the opportunity to self-publish through the eBook markets, he found the existing tools hard to use and frustrating to navigate. Toby quickly developed a
script to quickly and easily take a manuscript, like Aaron’s, and turn it into a distribution-ready eBook file. As they talked about it with their friends, they started to get a vision for a service to do the same for all the other aspiring, but frustrated, authors out there. In March 2012, they formed the Draft2Digital business, but it wasn’t until Kris quit his job in August of that year to become employee #1, that they really started making traction on the web-based system they would launch at the end of that year. The rest, as they say, is history. (By the way, Aaron’s fantasy novel became a bestseller and he has followed
it up with six other fantasy and sci-fi novels, with several projects currently in the works.)
Four “Knows” I recently asked Kris to share his experiences launching Draft2Digital with my Christian Entrepreneurs group at Oklahoma Christian. He started by sharing the four things that he said every entrepreneur needs to know. Kris shared that every startup needs to know your industry. Kris and his programming buddies didn’t know the book publishing industry when they started, but they needed to learn quickly. The
traditional industry had worked the same way for over a century, dominated by a small number of publishers (the “Big 5”) who controlled which books reached the shelves in bookstores. Then, in 2007, Amazon introduced the Kindle and disrupted the industry. Several other eBook publishing platforms followed Amazon’s lead including Barnes & Noble, Apple, and Google. These moves opened the publishing world for authors to credibly self-publish, but there are technical issues and distribution issues that make it complex for authors. Kris said that it’s critical to also
know your customer. (Cont. on page 18)
May 2016 | 17
For Draft2Digital, the customer they sell their service to is the author. Authors just want to write. They don’t want to be in the publishing business. They don’t want to be layout designers or marketers or distribution negotiators, and yet self-publishing requires all of these activities. Before Draft2Digital launched, others had already pioneered the author assistance space, which leads into the third “know”—know your competition. Kris and company recognized that their primary existing competitor had certain admirable traits and strengths,
based on real customer engagement. They knew what set them apart, so they kept their product simple, not confusing customers with too much information and too many options. They also played to their strengths. As Kris said, “we’re programmers”— so they used software to automate and simplify whenever possible.
but that it wasn’t fully meeting the
side of business.” (Kris joked that it
others and taking advantage of the Draft2Digital platform to get them published. Kris and team had to find a way to identify these and shut them down. The next challenge was with erotica. Kris quickly learned that more than half of the revenues in the publishing industry come from “romance” novels and other forms of erotica. The company had to develop a system to automatically detect and categorize different genres of content to be able to appropriate handle each kind. Software freed them from having to read this and other dangerous content themselves. On the light side, Kris talked about the impact on others. He praised God for first helping authors realize their dreams, and then helping them make a living. Draft2Digital has been able to provide some authors with six-figures in royalty payments. He particularly emphasized the joy that comes from showing authors the respect they deserve. “You really can respect your customers and succeed in business.” He then, equally passionately, shared the joy that comes from providing jobs for employees, putting food on their tables, and showing them that
needs of authors. That understanding allowed Draft2Digital to focus on the specific author-centric activities and attributes that would set them apart for their target market. Finally, Kris emphasized that you need to know your plan. As a self-funded startup, the company fully leveraged the Lean Startup methodology, launching their MVP (minimal viable product) at the end of 2012 and then iterating rapidly
is obvious that science fiction is his favorite genre.) Space is limited in this article, so I can’t recount all of these experiences here, but a couple of “sanctifying experiences” are worth sharing. One thing that Kris and team learned with their MVP offer is how quickly sin can creep in. The day they launched, scammers started automatically generating books violating the copyrights of
you care. It sounds like Draft2Digital is living out the Golden Rule. Jesus said “So in everything, do to others what you would have them do to you, for this sums up the Law and the Prophets” (Matthew 7:12). I hope that some of the lessons that Kris shared can be a blessing to you as you consider how to act as a Christian entrepreneur wherever God has placed you. MT
18 | MinistryTech.com
Two Darks and Two Lights In his talk, Kris also shared what he called “the dark side of publishing,” “the light side of publishing,” “the dark side of business,” and “the light
For the scholar, the seeker, the servant. OC is home. · · · ·
Recognized as one of the best universities in the west by U.S. News and World Report and The Princeton Review. More than 80 areas of study. More than 40 current National Merit Finalists. Named to the President’s Higher Education Community Service Honor Roll.
www.oc.edu/tech
May 2016 | 19
✪ by John Gilman
How to Plan Your Next Church Event, No Matter the Size Learning howSectempo to get people to show up,event and then rehendit occum iduciaeffectively con non resota lorem more follow up afterwards is often thequodi hardest lesson tospace learn.here text
I
get energized when I dream up outreach events. One of my favorite pastimes is planning church wide concert series or barbecues in my back yard. I want to see people come, have a good time and find Christ. In fact, I get excited when I dream up outreaches and I’ve learned a lot over the past years. I’ve even learned a few things the hard way. The hardest lesson was learning how to actually get people to show up and then remembering to effectively follow up with people once the party had come and gone so they keep coming back. It all comes down to prayer and planning. Planning your event well takes careful thought. Everyone knows the 3 F’s (Food, Fun, and Fellowship) that make summer events successful. Eating together, playing together and spending time with each other create a natural environment for relational development. The 4th F, Followup, is where churches can drop the ball. For both large and small events, it’s important to have a followup plan in place. Either way, both large and small events take different steps to make the event successful.
20 | MinistryTech.com
Here are eight questions to ask while planning your next large church event: n Who’s my audience? Fit your event to your audience. If it’s families with kids, plan fun games. Get them moving and get them wet. If it’s young adults, make it exciting. Take them hiking up a trail or rafting down a river. n How will I get the word out? Make a plan for email blasts, church posters, bulletin inserts, online ChMs forums, social media, and mail. n How much will it cost? Make sure it’s affordable for the church and your audience. Try your best to make it free, especially if your audience is families. Just don’t make it cheap. Give them great memories. n What will it feel like when people show up? We all know how it feels to walk into a new place. Make sure people are there to greet attendees. Make sure the place is clean and safe. Have a good music mix playing to create energy and set the tone. Make lots of signs so people know where things are located. n What happens if the weather doesn’t cooperate? Pick a backup date or activity. Include this in the promotions.
n
n
Move the party inside if you can or move it to another day if you can’t. How will you get their information? People don’t want to give you their information. They don’t want more junk mail or visits from stranger. You can ask them for it, but give them assurance you won’t sell it or spam them. (*Please don’t sell their information or spam them.) You can have them register to receive their tickets, arm bands, or food voucher. You can have raffles or giveaways that require registration or a like on your Facebook page. What will you do with their information? Large events require organized followups that keeps people connected to the ministry after the event has ended. If you’re planning any large church events, make sure you’ve thought through your organizational followup as thoroughly as you’ve planned your menu, games, music and activities. Define your followup plan. You should include prayer, mail, and electronic communication. Mail them something that has a purpose. Thank them for coming and invite them to another event at your church. You might just keep them
n
on a list to mail promotions out for other events. Handwritten thank you notes are powerful. Who will pray for them? Today, prayer is underrated. It works so don’t forget to pray for visitors
Planning a large church event takes a lot of time and organization. But if you plan it well, you’ll reap the rewards. Similar to large events, you need to have a specific plan for smaller church events. Sometimes, smaller church events can be more effective than larger church events. They give more people the chance to get involved in ministry. Smaller events don’t have to replace large events, but they can supplement them and add to your church’s capacity to reach your community. Make sure you aren’t overlooking your smaller events and they are still a priority in your church. Here are five questions to ask if you’re considering smaller events: n
n
n
n
Do your people have the vision? Vision is contagious and if the leader is infected with a vision the people will be too. Train your people and your small groups to host their own smaller scale outreach events. Do your people know why? Why is reaching their friends and neighbors worth their time and money? Why is it their responsibility? How does throwing parties fit with this?
Are your people free to fail? Create an environment that honors risk taking and embraces failure. We all have tried things that haven’t worked, but hopefully we’ve found some things that work along the way. Do your people have the time? If you’re cramming 36 weeks of church activity into summer’s 3 months, (Cont. on page 22) don’t expect them May 2016 | 21
or guilt them into being at everything. Release them to be the salt and light in their communities. Give them permission to stay home even though this Saturday is, “Your big event that reaches out to lefthanded single mothers with PhDs who love art and you’d really like them to show up to support it.” n
Who will pray for them? Today, prayer is underrated. It works so don’t forget to pray for your people and visitors.
Though these smaller events don’t take as much organization up front, they are still similar to large events in that they need to have a strong followup to keep members coming back. Organic followups support smaller events. If someone in your church or a small group throws a barbecue for 1520 people, it’s their job to follow up with them individually. Here are some ideas to do the next time people C.O.M.E. to your small event.
C
Coffee, invite them. Make plans to grab a coffee or other beverage at a later date.
O
Openended questions, ask them. Get them talking, and get to know them. Give them a place to belong. Get to know people and build relational bridges.
M E
Meals, share them. Invite them to share another meal. Meals take longer than coffee give space for more conversation.
Engage, connect with them. Open your heart and life to them. Ask them if it’s ok to friend them on Facebook or for their cell number.
22 | MinistryTech.com
Small events are personal and a great chance to get to know your members on a deeper level. Are you planning small events to welcome your members with open arms? The next time you plan a large or small church event, remember to think about these questions and you’ll plan an event that engages your members for the next few months to come. What are your best tips and tricks to planning an engaging and meaningful church event, no matter the size? MT
John Gilman, Senior Director of Marketing at ACS Technologies, is chiefly responsible for overall corporate marketing strategy and direction. He has traveled the world many times over working with some of America’s top brands and prominent nonprofit ministries. John is passionate about helping the church make disciples. Follow John on Twitter at @ACSTech.
PROTECTED WITH PURPOSE by Steven Sundermeier
Rampant Rise of Ransomware (Alert -TA16-091A)
O
ver the last few months, there is one topic raising eyebrows and raising security-awareness in the cybersecurity world and that is the rampant rise of ransomware. Yes, we have covered this topic before in my column, but I feel a strong sense of duty in keeping you informed on what the latest hot-buttons in Security are, and ransomware is IT! Need proof? On March 31, 2016, The United States Department of Homeland Security (DHS), in collaboration with the Canadian Cyber Incident Response Centre (CCIRC) issued a joint Security ALERT pertaining to guess what? Ransomware. I feel it is worth covering again. It harkens me back to when I was in deep with my parents for some crazy stunt I pulled as a kid and BOTH my mom AND my dad joined together to sit down and talk to me. I quickly understood that when both parents were present, I was in for a serious discussion. Similarly, this very rare joint-cyber-alert with the U.S. and Canada, providing additional
information and caution on ransomware, is no different. Ransomware is a form of malware developed to encrypt (prohibit access to) files on a computer with the sole intent of extorting money from its victims (paying a ransom to recover encrypted files). Generally speaking, there are two main classifications for ransomware—Encryptor (encrypts all important files and demands a
FBI stated that they have received over 2,400 complaints about [Encryptor-style] ransomware for the year costing victims upwards of $24 million dollars. According to the most recent joint release, while the ransoms demanded can vary, the individual dollar amount is typically around $200-$400 to restore files. According to internal research on our end, after carefully
In a report released late last year, the FBI stated they’ve received for the year more than 2,400 complaints about Encryptorstyle ransomware costing victims upwards of $24 million dollars. While demands may vary, the typical ransom dollar amount is around $200 to $400 to restore files. ransom to decrypt files) and Screen Locker (locks an infected system, preventing proper access until a ransom is paid). Most of the latest strains that our Thirtyseven4 Labs are observing fall under the Encryptor classification. In a report released by the FBI late last year, the
reverse engineering thousands of samples, we have seen this ransom set as high as $10,000. In fact, officials at Hollywood Presbyterian Hospital in Los Angeles said they paid the equivalent of $17,000.00 to the ransomware creators! Can you imagine having your (Cont. on page 24) May 2016 | 23
critical (and potentially lifesaving) patient files encrypted and at the mercy of cyber thugs? And this wasn’t just a single hospital incident, there are numerous reports of other hospitals recently falling victim to
ransomware within the last month. (i.e. Baltimore’s Union Memorial Hospital, Chino Valley Medical Center, Desert Valley Hospital and the list goes on). So you may be asking how all these individuals and organizations are becoming infected with ransomware. In the case of the hospitals above, security professionals believe they have traced the infections to “phishing” emails. Phishing emails may contain links to websites that are infected with malware. Most ransomware infections are a result of opening an infected email attachment. Ransomware attachments have been maliciously and cleverly disguised as Invoices, Resumes, Mail Package Delivery Confirmations, etc. to trick users into opening them. A user or company could also get infected by using an infected USB drive, through unpatched security vulnerabilities or
24 | MinistryTech.com
visiting an infected website through drive-by-downloading). In one of the most recent cases, Cisco’s Talos group discovered that ransomware authors were taking advantages of an older version of Follett library management software, in association with JBoss web servers. The cyber criminals would use a known vulnerability in this software to install thousands of backdoors putting over 3 million computers at risk. To paint a picture of the severity of the ransomware threat, in 2014 the ransomware “CryptoWall” infected 600,000 computers and took 5 billion files hostage! Here at Thirtyseven4, we have seen ransomware detections shoot up by 300% in the 1st Quarter of 2016 (from the 4th Quarter 2015), and our Thirtyseven4 Viruslab has already discovered 28 new families of ransomware. Here is one more additional statistic that is both startling and sad: about 50% of users and businesses hit with ransomware pay the criminals the demanded ransom to get (or maybe not get) their data back. According to the issued DHS Alert, the US-CERT (United Stated Computer Emergency Readiness Team) recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
1
A. Go back to a paper file system. Just kidding—wanted to see if you were paying attention! The following are the real recommendations . . .
B. Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
2
Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
3
Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
4 5
Maintain up-to-date antivirus software, and scan all software downloaded from the internet prior to executing. Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
6
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the Web. See Good Security Habits and Safeguarding Your Data for additional details.
7
Beware! Do not follow unsolicited Web links in emails.
The threat of ransomware is the real deal! The topic of ransomware has increased significantly in the media lately, as it’s a concerning issue on the minds of computer users today. I can personally tell you that we [Thirtyseven4] field more questions regarding ransomware than most all other malware related topics combined. Here are just a few real-world examples of questions/concerns we receive about this “Hot topic”: • “Does ThirtySeven4 protect us from this?” • “Oh, I was also going to ask, how is your product doing at preventing and detecting Ransomware? That freaks me out these days hearing some of the horror stories out there!!” • “On our technical listserv, there are many schools that are being infected with Cryptowall and are using other Antivirus software other than
Thirtyseven4. They mention their Antivirus is not ‘catching it’. Can you tell us what we can do to prevent this ransomware and do your definitions include it?” • “We were hit three times with Encyptor using a free EDU solution. How is Thirtyseven4 different?”
files and malicious attachments are executed and reverse engineered on our end and all coded active and inactive URL’s used by Locky to connect to or possibly connect to in the future are properly blocked within our Browsing Protection module.
I feel a very important piece of the topic is to also understand why installing security software is so important to combating ransomware, and to grasp what the antivirus industry is doing about it (understanding that not all security solutions are created equal). To illustrate this point, here are some steps Thirtyseven4 is taking to lead the industry in its aggressive approach against combating the rise of ransomware. [Let’s just look at the Locky ransomware example]
Step 2. Generic Detection: This is the procedure used by some AV scanners to supplement Signature detection. The problem with this approach when it comes to Locky is that their files also vary in their internal structures (in addition to simply scrambling garbage code to evade signature detection) and utilize different and ever changing wrappers. This newer process used by Locky renders Generic Detection ineffective, as it makes it very difficult for a security vendor to block Locky simply by adding Generic Detection. However, Thirtyseven4 still utilizes this detection technique to supplement the additional steps below especially for some of the more “common” groups.
Step 1. Signature Detection: For many antivirus vendors this is the primary approach to battling all forms of malware, including ransomware . . . they create and add new signature detections based on their intercepted malicious Locky attachments . . . the problem is that the files keep altering in each variant to evade detection so covering ransomware in signature based detection alone is ineffective. Thirtyseven4’s approach is to create signature based detection after we’ve already proactively (see below) stopped unknown samples. We do not use signature-based detection as the sole means to stop new infections for happening.
Browsing Protection: All Locky
Step 3. PathBased Detection: A third step is to include and implement PathBased detection. PathBased detection is only being successfully used by a couple of providers as a proactive approach to detecting ransomware. Thirtyseven4 incorporated this technique a few years back in our Advanced DNA Scan module (added feature in our Thirtyseven4 Endpoint Security Console 5.3 release). Up until recently, it has been an absolute way of detecting unknown ransomware threats. However, (Cont. on page 26)
May 2016 | 25
When both the US and Canada release a warning together about the dangers and vulnerabilities associated with ransomware, we would be like ignorant children to turn our heads the other way.
are continually adding new engine enhancements as the techniques of the cybercriminals evolve.
the logic behind Locky changed that. Instead of copying itself into a users Application Data directory, Locky began dropping itself in the %temp% directory under random names. Previously used PathBased Detection resulted in likely high possibility of false detections. More needed to be done to reduce false detections and
Step 4. Engine Enhancements: Given the new nature of Locky and desiring to provide our customers with the absolute best protection against Locky and similar threats, we quickly incorporated new industry leading engine enhancements. For this section, I am electing not to disclose all the nuts and bolts of what we are
yet keep a high level of proactive detection. Due to growing number of cases, we still utilize Pathbased detection on the basis of their names that are commonly found in Locky cases.
doing here due to the sensitivity of the “cat and mouse game” between us and the bad guys! All I will say is that its high-level, industry leading stuff that has been proven 100% effective against the Locky threat! We
Shel y nows church
In conclusion, even children can sense when a situation is serious. When both my parents had me sit down with them, I knew that we were in for a “teachable moment” as they called it. And when both the United States and Canada release a warning together about the dangers and vulnerabilities associated with ransomware, we would be like ignorant children to turn our heads the other way. We must educate ourselves (reread this article!) and take proactive measures in keeping our information and data (and family and lives!) safe. Consider this our little “teachable moment”, and let’s move forward positively! MT
ana e ent
Choose from two solutions.
Easy and powerful cloud-based church management solution with child check-in, integrated giving, mass contact, native mobile app, member access and more.
Track and Manage your members better than ever before with database management, mass contact, group relationships, mission trip organization, reporting, tasks, and more.
Which is the right choice for your church? shel ynext co
26 | MinistryTech.com
| shel ysyste s co
|
T-SHIRTS
FOR ALL YOUR MINISTRIES Build excitement and create a sense of belonging in your church with our new ministry themed t-shirts. Now with lower minimums and lower prices!
May 2016 | 27
THE LAST WORD
Whatever you do, work at it with all your heart, as working for the Lord, not for human masters Colossians 3:23 NIV