CONTENTS
07.18
12 this summer, make the most of ministry photo opportunities Go beyond point-andshoot. Build a bank of photos to draw upon.
4
can cyber-security software do it all?
the golden data protection rule What's happening in Europe shouldn’t stay in Europe.
18
Only a fool believes that software is foolproof.
can discipleship go digital? A cyclical discipleship model focused on connecting everyone to a relationship with Jesus.
9 Email & Websites: Cybercrime Dens of Iniquity! Easy to implement strategies that you, your staff and your family can adopt.
TECH CHECK 07.18............................................... 15 MinistryTech.com JULY 2018
16 |2
A Word from the editor Ray Hollenbach
Managing Editor
Ray Hollenbach
Art Directors
Troy Irvin, Henny Vallee
Contributing Editors
Matt Farrand, Russ McGuire, Caleb Neff, Nick Nicholaou, Mike Norris, Yvon Prehn, Jonathan Smith, Steven Sundermeier
Copy Editor Laura Severn
ADVERTISING VP Advertising Sales
Jared Bryant
National Media Consultants
Nikki Dirks, Charles Fleece, Malari Foster, Joseph Landry, Seth Rankin, Barbara (McDonald) Wolfe, Ryan Yoder
Account Associates
Leslie Massey, Bethany Payne, Syndie Porter, Nicole Vargas, Lara Whelan
Administrative Director Rebecca Meyer
Publisher
Outreach Inc. 5550 Tech Center Dr. Colorado Springs, CO 80919 (800) 991-6011 Ministry Tech® is a registered trademark of Outreach, Inc. Written materials submitted to Ministry Tech® Magazine become the property of Outreach, Inc. upon receipt and may not necessarily be returned. Ministry Tech® Magazine reserves the right to make any changes to materials submitted for publication that are deemed necessary for editorial purposes. The content of this publication may not be copied in any way, shape or form without the express permission of Outreach, Inc. Views expressed in the articles and reviews printed within are not necessarily the views of the editor, publisher, or employees of Ministry Tech® magazine, or Outreach, Inc. © Copyright 2018 Outreach, Inc. All Rights Reserved.
MinistryTech.com JULY 2018
I’m excited about this month’s every tech user. Brandon Kelley issue of Ministry Tech because of the opens up the how-to of “digital high quality of the articles presented discipleship,” while also raising by our regular contributors. Even questions of how much discipling though each of our contributing needs to be interpersonal, as well. writers has his or her finger on the Our always-practical specialist pulse of technology, each writer also Nick Nicholaou gives practical understands the importance of direction—and money-saving tips—by thinking through the intersection of sharing the leverage created by his technology and ministry. firm, MBS, and Yvon Prehn (our In this issue communications Jonathan Smith draws specialist) lays out how Look beneath a line connecting the the tech and you’ll any church (any size!) growing public concern can leverage the handalways find— for data security (and held tech of a personal privacy) and smartphone, which the scriptural golden means that every rule. He writes, “One church-member now has with a biblical worldview could sum a voice in church communications. up GDPR as the Golden Rule of Data, The underlying theme is, of treating others' data the same way course, that our Lord did not come to you want your data treated.” As you save gadgets, but people! Look read the full article you’ll see a steady beneath the tech and you’ll always pastoral hand as well as a tech-savvy find—people! Only the church is mind. Smith reminds us, “It’s infused with the love of God: the love important for us to remember that in that always has as its object the the church world data means ‘people,’ redemption of every Son of Adam or and people means souls.” Daughter of Eve (to steal a phrase Protected With a Purpose columnist from C.S. Lewis). Steven Sundermeier defines the limits of automated on-line protections—and the necessity of personal responsibilities required of
people!
Ray Hollenbach is the Editor of Ministry Tech magazine. He has previously served as the editor of Outreach’s Better Preaching Update, and as the editor of the Pastor channel at Churchleaders.com. You can reach him at rhollenbach@outreach.com.
|3
DATA PROTECTION
^
THE GOLDEN RULE Treating Others' Data as You Want Yours Treated
by Jonathan Smith
I
know what you’re thinking. You’ve received numerous emails over the past few months about General Data Protection Regulation (GDPR) and you are sick of hearing about it. Seeing GDPR one more time makes you want to scream. I’m with you. I’ve gotten emails about GDPR from companies that I have no record of ever interacting with, and I’m a geek so I keep track. As I’ve traveled around the past few months since GDPR went into effect on May 25, 2018, I’ve been amazed at the number of questions folks are asking about it and the astonishing lack of available information, especially as GDPR relates to churches and ministries. In an attempt to narrow the knowledge gap, here is my best effort to tackle the GDPR issue, specifically how it relates to churches and ministries. Please note, I’m not an attorney (I don’t even play one on TV), so while I’ve done my research it is always good to ask your legal counsel to sign off on any plans or changes you may have or plan to implement in response to GDPR.
WHAT IS GDPR? GDPR stands for the General Data Protection Regulation, and was passed by the European Union to provide their citizens with more control over MinistryTech.com JULY 2018
their personal data and what those they’ve given their personal data to can do with it. In many ways, it could stand for Golden Data Protection Rule; as one with a biblical worldview could sum up GDPR as the Golden Rule of Data: treating others' data the same way you want your data treated.
It’s important for us to remember that in the church world data means "people,"and
people means souls. The law also provides a few specific provisions for EU citizens. First, what is considered personal data is defined. Second, EU citizens can request their data be completely removed or can only be used for certain purposes. (For example, you can contact me using my data but you cannot send me ads using my data.) Third, organizations operating in the EU have to report any data breaches within 72 hours. As you read the GDPR regulations you can understand why it was written. It took Equifax weeks to notify the world that they had been hacked. GDPR addresses that. Your data on Facebook makes you the product, not
the customer, and you have no control over what Facebook does with your data. GDPR addresses that. How does this affect those not in the European Union? This is the biggest question surrounding GDPR, and one that the entire planet is struggling to understand. The European Union has 500 million citizens, so they have the ability to push their agenda a bit. The challenge for organizations that operate worldwide is that the EU has set the strictest of standards, so do you operate with multiple policies concerning data collection and use based on where the individual lives, or do you work off GDPR since that ensures the most people will be covered by your policies? If you don’t fully understand that you aren’t alone. In response, some U.S. companies have stopped operating in the EU until they can figure this out. The issue is that although you are U.S. company, you operate in the EU and are storing data for EU citizens. GDPR states how you should do that.
Enforcement This is where the world of international law gets complicated. While GDPR tells you how you can/should store and use the information of its citizens, it cannot be enforced on organizations that do not have a physical presence in the EU. Let’s take
|4
Facebook for example; they have a large, lucrative presence in the EU. They have data centers there, offices and people—the whole ball of wax. As such the EU is able to enforce GDPR because Facebook has a physical presence there. In other words, there is a location that can be seized, personnel that can be arrested, and executives that can be taken to court. For organizations that do not have a physical presence in the EU this does not apply. Since there is no office or data center or person you can hold accountable, the EU is not able to enforce their laws on those outside the EU, for example, in North America. That’s how international borders work.
#RUHOOKED
Teens & Social Media By Jonathan Smith
MinistryTech Monthly Contributor & National Speaker
Blah, blah, blah, how does this impact churches? If you’ve skimmed the first part of this, that’s fine, but this is the part where you should pay attention: At its heart, the GDPR legislation is about being a good steward of data. While data can mean a lot of things (from name, address, phone number, to t-shirt size and food allergies) it is important for us to remember that in the church world data means people and people means souls. We did not need GDPR to tell us to be good stewards of the people our ministries serve. The Bible tells us to be good stewards (1 Corinthians 4:2). The Bible also tells us to obey the authority (Romans 13), including governments, placed over us. In this case it seems the EU government is telling those who operate in the EU to do what the Bible says and to be good stewards of data. GDPR requires a few things that I would hope churches around the globe are already doing: 1. If your data is breached, you report it within 72 hours. Even without GDPR, every church should have a data breach plan and procedure in MinistryTech.com JULY 2018
A book for teens and the people who care about them. #RUHOOKED ISBN: 9781939881175/$6.99 Available at TRISTANPublishing.com and Amazon.com place and want to be open and honest when mistakes happen. The church is the last place that should try to cover it up for weeks or months. 2. If a user wants you to remove them from your database, you remove them. Even without GDPR, every church should have a procedure to remove a record from their database if someone does not want any of their information stored with your organization.
3. If a user wants you to email them prayer requests but nothing else, you honor that request. Even without GDPR, you should be able to send folks what they want and not require them to get everything you send out. There is a difference between sending out prayer requests and fundraising requests: Do you allow folks to determine how you use their data?
|5
What About Financial Data? I’m sure by now some of you are wondering about financial data. What happens when someone gives you money and then wants to be totally removed? In the U.S., you are required to keep a record of that financial transaction for seven years. Even without GDPR, if someone wants to be removed, but they’ve given you money, do you have a procedure to remove them while still keeping the financial record for seven years and then removing them completely when the seven years are up? As most churches don’t have a physical presence in the EU there isn’t an issue here, but what happens if you do have a presence in the EU and someone from the EU gave you money and then wanted removed from your database? The principle is to apply donor intent; they don’t want to be in your database so you treat them as if they weren’t there by removing everything you can until such time as you can remove their record entirely. While there may be a lot of legal and international law issues at play here, I believe the core concept is not a legal one but one of ministry integrity. We should not have needed GDPR to tell us how to care for the data those we minister to have entrusted to us.
NEXT STEPS 1. If your church or ministry does not have a data access and management policy, then get one. Even a basic policy and procedure for how you handle user data and requests they make is important and shows that you’ve thought about it and care about it.
FREE 2’ x 6’ Banner
with purchase of Church Kit See details online!
TELL YO U R CO MMU NITY:
YOU BELONG HERE!
$69 value
Now in its 10th year, National Back to Church Sunday is a single-day event focused on extending an invitation of love, peace and hope to our unchurched friends and neighbors. A single day to reclaim the true nature of Church – exactly as Christ commanded. Since the beginning of Back to Church Sunday, more than 4-million Christ-followers have participated through over 30,000 churches. BECOME A BACK TO CHURCH SUNDAY CHURCH IN 2018!
VISIT BACKTOCHURCH.COM
“If you are serious about your church reaching out and about reminding your church about the Great Commission, this event is an answer.” GRAND RAPIDS INTERNATIONAL FELLOWSHIP
MinistryTech.com JULY 2018
Free Fall Kickoff Resources
Video Social/Web Graphics Powerpoint Template
500 Free Engager Invitations
Fall community outreach tip sheet
Church listing on BacktoChurch.com map of participating churches
|6
2. This is not an IT issue nor should this be dumped on the IT team. While IT clearly has a role in data management, they should not be the decision makers. GDPR requires organizations that operate in the EU to have a privacy compliance officer. This can be a new employee or a role added to an existing employee. While churches and ministries may not need a privacy compliance officer, the concept of having someone constantly checking to make sure you are being good stewards of data and coordinating that across ministry and church departments and silos is valid. 3. Get legal counsel. If you do operate in the EU or are concerned you might, it would be wise to consult with a licensed attorney with experience in this area. Don’t try to figure it out on your own. The EU is intent on enforcing GDPR and no church or church ministry should want to be on their radar. The Golden Rule comes from Matthew 7:12 and Luke 6:31: “Do unto others as you would have them do unto you.” This applies to how individuals relate to each other in person and online, and also to how organizations treat each other and those they serve. Whether we are talking about money, data, time or talent, the Golden Rule is more than just a rule or ideology from long ago, it is the Word of God. MT Jonathan Smith is the Director of Technology at Faith Ministries in Lafayette, IN. You can reach Jonathan at jsmith@faithlafayette.org and follow him on Twitter @JonathanESmith.
MinistryTech.com JULY 2018
GDPR FAQs (Wow, that’s a lot of letters!) 1. We support missionaries or other ministries that operate in the EU and have a physical presence there; does that mean we fall under GDPR? No, if the organization you support in the EU that has a physical presence there does fall under GDPR, but you as an individual or organization that supports them do not. 2. Should churches have data access and user rights policies? Yes! Even if it’s only in a basic format, a policy that shows who gets access to your data—and for what purposes—and how you handle the data you’ve been given is important. It is also important to note how you handle requests for removal from your databases or email lists. With everyone talking about GDPR you may find a guest or two asking if you have any data policies before they give you their children’s allergies when they check their kids in some Sunday. 3. Should anyone lose sleep over this? No! What we are talking about here is Golden Rule type stuff. If you are losing sleep over GDPR, then there are probably bigger issues to address in how you handle user data! 4. Is this really new? No. In 1995 the EU had a privacy policy called Data Protection Directive. This expired when GDPR was enacted. In many ways GDPR further refines and enhances privacy and data protection provisions that have been around since 1995. 5. What counts as data? This is harder to answer because there is admittedly some subjectivity here. The obvious name, address, phone number, email address, Social Security number and pictures are pieces of data that can be used to positively identify a person. Recently an EU court ruled that under certain circumstances an IP address can also be considered personal data, and is therefore subject to GDPR. 6. If we take signups and collect data on our website, do we need to make changes for GDPR? Only if you have a physical presence in the EU.
|7
can discipleship
go digital?
11 Intentional Steps To Get You Started by Brandon Kelley
2.19
billion. That’s the number of monthly active Facebook users worldwide. As the amount of time people spend online continues to increase, the church has to leverage this space to make disciples. The very thing Jesus told His church to do was to make disciples, and if people are spending their time online, the church should be there making disciples.
What is Digital Discipleship? Digital discipleship is just that— discipleship that happens digitally. It’s where the church leverages technology for the sake of spreading the Gospel and helping followers of Jesus grow in their faith and knowledge of God’s word. Most churches are, at the very least, recording audio of their sermons and posting them online and on podcasting platforms like iTunes. If you aren’t doing that and want to find out how, give Nate Smoyer’s article on how to
MinistryTech.com JULY 2018
Bringing people in Growing people up Sending people out do so a read. But that’s only one small part of digital discipleship. In fact, that’s just scratching the surface of the possibilities. While I will be giving you a number of ideas on how to do digital discipleship, the key is having a strategy. Because without one, you’ll end up with a jumbled mess.
3 Questions to Shape Your Strategy We often shape the purpose around a sermon series and even an individual sermon by asking ourselves some variation of these questions: What do I want them to know? What do I want them to do? What can we do to create next steps? These same questions can be used
to frame your digital discipleship strategy. As you create content, what is the theological truth or truths that you want people to walk away from their device knowing? What is it that you want them to go and do? What could be their next step once they go through this specific experience? At our church, The Crossing, we have a cyclical discipleship model (which translates well to our digital discipleship strategy) that is focused on connecting everyone to a relationship with Jesus. We do this by focusing on three things:
Bringing people in Growing people up Sending people out So as people go through the discipleship journey, they will be brought, grown and sent. As this happens, they will begin bringing others, growing others and sending others. When you are thinking through your digital discipleship strategy, you should ask yourself, what are we trying to accomplish as a church and how can that be leveraged digitally?
|8
11 Ideas to Utilize in Your Strategy Once you have your strategy locked down and you know what your goals are, you can begin creating content or re-purposing existing content to be utilized in your digital discipleship ministry. 1. Put Your Sermon Audio Online If you use WordPress for your church website, a free tool to make sermon audio into a podcast that can be submitted to iTunes, Stitcher and other platforms is Blubrry. It’s a plugin that is easy to use and easy to setup. 2. Put Your Sermon Video Online This is going to cost some money, but it’s worth it. You’ll want to choose the right video camera, edit the video and publish it online. If you’re not familiar with how to edit video, check out this behind the scenes video on editing. 3. Put Class Audio Online If your church already has a form of classes, then utilize that content online in addition to in person. You’ll want to edit the audio appropriately and get a good audio recorder. Here’s a great one that connects to your iPhone. 4. Start a Blog for Your Church Do you have someone on staff that can write? Have a volunteer in your church that can write? I’m sure you do. Employ a team of people to produce encouraging blog posts that further your strategy. 5. Encourage Staff to Start Their Own Blogs People connect more to people than they do brands. Whether you like it or not, your church can be perceived as a brand even though there are people behind its content. If you are in a multi-staff environment, encourage other staff members to start their own blogs. MinistryTech.com JULY 2018
6. Start a Monday Morning Vlog Connected to the Sermon If you’re not a preacher, allow me to let you in on a little secret: Most times what was said in the sermon wasn’t everything that could have been said. What I mean is that there was probably a story, illustration or angle that your pastor could have taken in his message, but didn’t due to time. Utilize that unused content in vlog form to give people encouragement on Monday morning.
7. Start a 30-Day Challenge Through Automated Email Email is powerful. People pay attention to what comes into their inbox. So why not leverage that to help grow people’s faith? Create 30 short and to the point emails devoted to challenging your congregation in some specific way, and then tell people what is happening. Give them the chance to opt-in (online and in-person) and utilize automated email marketing through Mailchimp (it’s free for up to 2,000 subscribers) to deliver the 30 emails over a 30-day period. Email automation does cost $10/month. Here’s how one church is doing it well! 8. Create Video Shorts From Sunday’s Sermon Instead of only posting the entire sermon video online and on social media, edit down a short clip that
|9
addresses a single idea. Life.Church (formerly LifeChurch.tv) does a great job at this on their Facebook page. We’ve recently begun doing this as well on our YouTube page and Facebook page. 9. Create Encouraging Visual Graphics for Social Media Never underestimate the power of a picture. Never underestimate the power of a short statement. It just may be the encouragement someone needs to approach God anew in the midst of a tough situation. I love Canva for this. It’s one of the 20 great tools and apps for pastors. 10. Record Video of Someone Telling Their Story People resonate with hearing other people’s story of how God is working in their life. Story is powerful so use it. You’ll have to be on the lookout for opportunities to do this, but it’s worth it. Record the video, upload it to YouTube or Vimeo, and then share it on your social media channels and in your church blog.
Reach your community effortlessly with the Gospel every day. Social Reach Daily is the easiest way to energize your church’s social media presence, providing amazing, inspirational posts automatically to your Facebook page each day. Posts that your members will want to share with their own community of friends.
Try Social Reach Daily for FREE and watch your digital outreach grow!
Visit SocialReachDaily.com/Offer to try FREE for 30 days!
MinistryTech.com JULY 2018
11. Write and Publish Original Worship Songs I know. Easier said than done. But if you have the people to do it, why not?
Digital Discipleship Should Only Be a Part of Your Overall Strategy Digital discipleship is only a thing because people spend time in the digital world. The great thing is, though, people are real and we can still have in-person discipleship as our normal vehicle for growing people’s faith. The key is creating a strategy that works alongside your overall discipleship strategy, and then creating content that will help move people forward in their walk with God. MT Brandon Kelley serves at a fast growing church plant in Batavia, Ohio (east side of Cincinnati), called The Crossing, in the role of Spiritual Development Pastor. Among the many things he does at The Crossing, serving on the teaching team is one of them. Connect with Brandon on Twitter or email: Brandon@rookiepreacher.com
| 10
MinistryTech.com JULY 2018
| 11
COMMUNICATIONS
THIs summer, make the most of
ministry photo opportunities Shoot now; publish later!
by Yvon Prehn
A
nyone with a relatively new smart phone can take great pictures, but you need to do more than just take a ton of pictures and keep them on your phone if you want to use them for ministry. This summer you can be intentional about taking pictures, improving them and using them for your church communications. There are plenty of tools.
Edit your photos In the same way that you must edit and refine your writing, you need to edit with your photos. Here’s how to start: 1. Shoot intentionally – Think ahead of time what you want your photos to say. Before shooting, select a theme, like: “I want to show how involved our church is with the community.” It will help you take pictures of your outreach teams in action, the people volunteering, the locations where they do ministry.
MinistryTech.com JULY 2018
capture everything: the children’s ministry, the music ministry, outreach ministries, teachers teaching classes. Whatever catches your eye. 2. Group photos don’t tell a story – Group photos (the kind that portray a bunch of people standing in a line, facing the camera) say nothing beyond, “This is the group that served the homeless in our city.” Take one group photo to remind the people of who went on the trip and give it to them, but publishing it online says nothing more than showing the people involved. There is no motion, no action, no emotion, no story. Instead of group photos, take pictures of individuals interacting with the people they help. Show them loading up the van with supplies. Show your pastor hugging a homeless person, or two volunteers praying together before leaving to minister.
| 12
COMMUNICATIONS 3. A lmost every photo will be better if it is tightly cropped. You can do that to some degree when you shoot an image, but usually you need to do more. Just like a well-edited story is far more powerful than one that rambles all over, a tightly cropped photo that zeros in on something essential is always more powerful. (You can do simple cropping right on your phone, but below I provide a list of sites you can use on your computer at the church office.) 4. Caption your photos. This is essential. No picture is selfexplanatory. It may be very meaningful to you, but if you don’t caption it your audience will learn nothing from it and they may come to a totally incorrect conclusion of the meaning of the picture. This is especially important with ministry pictures where your audience may not know the people or the setting.
Create your own photo bank You usually don’t have time to take a picture or plan a photo shoot when you need a picture and are on a writing deadline, but if you’ve planned ahead and you have your own photo bank of pictures to draw from you will create much more effective communications. This can be a lot of work, but you will be glad you did it later on during the year when you write about ministries, ask for volunteers or post on social media. Here are some tips for how to create your photo bank: Think through ahead of time all the groups and ministries you’d like to have pictures of. Then during the summer, not only take pictures of mission trips and special events but MinistryTech.com JULY 2018
also be strategic about putting together a collection of photos that you can use during the year. Assign members of a team to help get all you need. Take pictures of your church, the outside, various departments at different times of the day and from different angles. Take abstract shots from various angles of the pulpit, the lighting and the cross, whatever distinctive features of your building you have. Take pictures of the kitchen
and fellowship halls with and without people. Some of these can later serve as great backgrounds for social medial messages. Take pictures of the staff—not formal, posed pictures, but pictures of them involved in ministry. Get a picture of the senior pastor involved with children at VBS, of the church secretary and the group that puts together the bulletin, of the key committees and leadership that meet
To fully fulfill the Great Commission
RESOURCES FOR CHURCH COMMUNICATORS Training Templates Strategy Resources Podcast
www.effectivechurchcom.com | 13
COMMUNICATIONS at the church. Take shots close-up and from various angles. Take pictures of the various ministries of the church—capture everything: the children’s ministry, the music ministry (practicing as well as performing), outreach ministries serving with a ministry like Habitat for Humanity, teachers teaching classes (from the students' viewpoint and over their shoulder): whatever catches your eye. Take pictures of “found objects” that can be used for spiritual purposes: Bibles owned by members with lots of scribbled notes; the rocking chair in the nursery, crosses or statues around the church, signs or markers of various kinds, local images that have meaning to your congregation. Think about backgrounds for social media, like sunsets behind the church, and make them specifically your own.
Paint.net – Another free program that has more advanced image manipulation. If you only have the time to try one and no money, go with ipiccy.com—it’s lots of fun and very easy to use. Here’s a free, short course on How to make the most of mission trip photos that illustrates a number of the tips talked about. Now that you
MinistryTech.com JULY 2018
Yvon Prehn’s ministry to church communicators has two parts: http://www. effectivechurchcom.com, a site of FREE templates, strategy and resources, and http://www. churchcomtraining.com, a Church Communicators Online Training School.
You want the freedom to … reach out … minister to people … create fellowship … contribute to your community PowerChurch Plus was created for just that!
Tech tools to modify your photos There is no need to learn Photoshop in order to crop and modify your images. Though there are many free and low-cost options out there, here are three I like a lot. The first has a minimal cost; the next two are free. PicMonkey is my favorite. It’s $7.99 a month, or $71.88 a year, but you can do an incredible amount of image editing, applying lots of different filters and effects. They have a sevenday free trial to test it out. Ipiccy.com — This program is similar to PicMonkey and it is free. It doesn’t have all the features but it has a lot of them, and the ability to make some great collages very easily. (It does have advertising, but it isn’t very intrusive.)
know what to do, get out there and start taking photos that will make your church communication ministry more effective all year long! MT
Membership Accounting
We provide you with the tools to increase administrative efficiency and streamline accounting tasks, freeing you up to perform the work that matters.
Contributions Install on your PC or network, or access online.
Events Calendar
Choose which fits your needs.
Check In Completely Integrated
We provide software tools, freeing you up to fulfill your mission.
www.PowerChurch.com • 800.486.1800
| 14
tech check
07.18 No Wifi? No problem. Stay Entertained the Old School Way Maybe this is a step too far, but gaming on the go is also on the comeback trail (or did it ever really leave?). Who doesn’t need another portable device to carry around? Youth ministries are still playing catch-up ever since last year’s Pokémon AR craze. Here’s your chance, though. Back before Christmas Tom’sGuide.com listed the top six handheld gaming consoles. It’s worth mentioning now because last year’s Christmas gifts are today’s Craig’s List treasures. Nintendo Switch, anyone? n EDITOR’S NOTE: Who can possibly keep up with all the tech options available these days? TECH CHECK highlights tech news and new gadgets that save you time, energy, money—and keep you from reinventing the wheel. Have a hot tech tip or news item? Email rhollenbach@outreach.com.
MinistryTech.com JULY 2018
Mozilla’s Firefox Comeback Do you remember all those browser crashes—the ones that always happened at just the wrong moment? So you switched to Google’s Chrome browser in search of speed, stability and winning features. Keep in mind that in tech-o-sphere, just a few years can mean lifetimes for applications. And that’s apparently true of Mozilla’s Firefox browser, which has been making something of a comeback recently. Just two weeks ago the New York Times crowned Firefox as the comeback kid: “Mozilla redesigned its browser to take on Google’s Chrome. Firefox now has strong privacy features and is as fast as Chrome.” When’s the last time you conducted a review of your go-to web browser. If the answer is “two years to never,” maybe it’s time to download Firefox’s latest version and see what’s stronger, faster and safer than you remember.
n
Maybe Eight-track Tapes Will Also Make a Comeback? Now you, too, can shake it like a Polaroid picture. Wired Magazine recently went old-school (It’s Hip to be Square) and sang the praises of two new instant film cameras: the Fujifilm Instax Square SQ10 (“best for Instagram natives”) and Lomography’s Lomo’Instant Square (“best for artsy lo-fi fanatics”). Here’s a fun exercise. Bring one to your next staff meeting and brainstorm on possible uses within the church. We’ll get you started: community-building, child safety or volunteer spotlights. It turns out that everyone still likes watching these “instant” pics to develop themselves. But take care—just like the folks at the original Polaroid Company—these gear-makers have learned that the real profit is in selling you the film, over and over. It can get pricey in a hurry!
n
| 15
Email&Websites:
Cybercrime Dens of Iniquity! How Cybercrime Infections Happen
T
[
by Nick Nicholaou
he most current stats published by the FBI (2015 via ic3.gov) show they received nearly 290,000 cybercrime complaints that year, with an associated loss of $1.1 billion! Are you and your data safe? What do you need to do—and not do—to be safe?
Age Groups Affected The two age groups most impacted by cybercrime are ages 20-39, and ages 40-59, and both of those groups are about evenly split. Together they account for 80 percent of cybercrime victims in the U.S. That makes sense when you figure that those under 20 (4 percent of victims) don’t have much to spend online, and of those over 60 (16 percent of victims), only a portion of those are heavy computer users. So, what the stats seem to say is that if you use a computer, you are equally at risk no matter what your age is.
How Do Cybercrime Infections Happen? Most cybercrime happens one of two ways: 1. Via Email. An email appears in your inbox that has a link, graphics or a form to complete, or may appear to be from someone you know (known as spear phishing). 2. Via Infected Websites. Websites, even those that are legitimate, can be infected with malware easily if their hosts are not keeping up with security patches and strategies. Criminals can buy inexpensive ‘crime kits’ that look for and infect vulnerable websites. We’ve even seen that happen to church and ministry websites!
How to Protect Yourself and Your Data Let’s address this in the two categories of email and websites. 1. Via Email. There are a number of things you can do and are best not to do to help in this area: • Make certain your email is scanned by a capable SPAM filter to help minimize the number of dangerous emails that get to your inbox. I say minimize because some will still get through even the best SPAM filter; those are often referred to as zero hour emails. MinistryTech.com JULY 2018
]
Zero hour emails are newly introduced methods and strategies that have not yet been identified as a pattern of dangerous email. • The FBI warns as follows: √ Do not click links in emails. I modify their warning: You can click only if you first hover your mouse over the link, which will show you where it wants to take you. If you’re not certain the destination is safe, do not click the link. √ Never reply to senders you don’t know. This gets tricky, though, because the sender can be spoofed, as in spear phishing. If you want to reply to someone—even someone you know, look at the email address in the ‘To’ field when you’re composing your response to be certain that address is what you expected to see there before clicking ‘Send.’ √ Do not fill out forms in emails. √ Do not open attachments in unsolicited email. √ Be skeptical of those representing themselves as surviving victims or friends in need. • I add one more item to the FBI’s list. Immediately delete SPAM emails, and empty your deleted items daily. 2. Via Infected Websites. I recommend two methods of protection in this area: • Use a good firewall to protect your entire system from dangerous content transmitted from websites. The better firewalls let you filter content, but for this discussion, the focus is on protecting your systems from malware. Typically there is a subscription from the firewall provider that must be kept current to protect you from newer methods and strategies. The firewalls my firm recommends are SonicWALL firewalls running their Total Secure subscription package. We find those to be the sweet spot of features, protection and cost for churches and ministries. If you’re a consumer vs. an organization, check with your Internet Service Provider (ISP) and confirm with
| 16
them that they have all of the protections turned on in the modem or router they provided. • Use a capable anti-malware solution on your computers— whether Windows or Mac (yes, Macs get infected too, regardless of what many say). The solution my firm likes most is Thirtyseven4.com; it is capable and reasonably priced. Finally, keep a history of total data backups to help you recover from an infection that somehow slips through. There are no total guarantees of protection, and having a history of backups available (we prefer a full month of daily backups to cover an infection that has an incubation period and doesn’t ‘go live’ and get noticed for awhile), you should be able to recover from any infection that happens.
A Risk-Assessment Tool: While speaking at a conference recently, a cyber security expert whose company offers email user testing and training stated that KnowBe4. com’s solution was the best they’d ever seen. Little did they know I was
MinistryTech.com JULY 2018
in negotiations on the church’s behalf with KnowBe4!
What’s The Deal?
additional 20 percent discount to any who say they were referred by MBS, and who contact a specific employee of theirs to sign up! That means you can get a 35 percent-55 percent discount just by telling Tiffany Yeager (727.877.8226 or tiffanyy@knowbe4. com) you were referred by MBS! (NOTE: As always, MBS makes nothing on your referral business, as per our by-laws.) KnowBe4 offers a few packages; we believe the best for churches and ministries is their Platinum Package. It’s July—as good a month as any to improve your system security. This is a great way to do so! Don’t become a victim of cybercrime! These are easy-to-implement strategies and disciplines that you, your staff, and your family can adopt. And there will likely come a time when you’ll be glad you did. MT
KnowBe4 offers a 10 percent discount to not-for-profit organizations, with an additional discount of 25 percent for a three-year subscription. So, they normally offer up to 35 percent in savings to charities. Through negotiations with my firm, MBS, KnowBe4 offered to add an
Nick Nicholaou is author of Church IT: Strategies and Solutions and is president of MBS, an IT consulting firm specializing in church and ministry computer networks, VoIP and private cloud hosted services. You can reach Nick at nick@ mbsinc.com, and may want to check out his firm’s website, www.mbsinc.com, and his blog at ministry-it.blogspot.com.
What Is It? KnowBe4 is a subscription-based solution that allows an organization to send what looks like SPAM emails to users that include links and such. The solution tracks who clicks on the links, and when they do, adds them to a group whose members must watch a short training video online to learn what to avoid. Watching the video removes them from the group. I’m aware of organizations whose users started at an 80 percent or higher clickrate. They saw the solution to educate their team and get the percentage to fewer than 10 percent. The results are a more secure user community, and improved security and safety for the organization.
| 17
PROTECTED WITH PURPOSE
can cyber-security
software
do it all? What Responsibilities Rest With the Users? by Steven Sundermeier
I
f you’ve been following my column for some time, you know that we’re a big-time soccer family. (If you don’t like the game of soccer or don’t have children who play soccer, I encourage you to read-on and simply replace “soccer” with any other sport or activity that your kids are actively involved in). As parents of three young soccer stars (what else would you expect a proud daddy to say?), it can be an exhausting and daunting task getting the kids prepped and ready to go, and out the door to where they need to be for each practice or game. Have you ever showed up at the wrong time or location due to schedules blending together, or a last-minute change to the schedule that was only sent via email (Seriously: Are we expected to be glued to our devices every second!)? Or another fun one I like dealing with: having your son or daughter tell you that they’re starving and haven’t eaten anything all day—just minutes before getting to the field?
MinistryTech.com JULY 2018
When it comes protecting your systems and devices against all the latest malware, ransom ware and other vulnerabilities,
what responsibilities rest with the user, and what responsibilities rest with the developer? My personal favorite is when you ask your child to stay hydrated and drink plenty of water during the game and they turn to you and say, “I don’t have my water bottle, did you pack it?” (When you went through the hassle of searching out the water bottle, filling it and even putting it next to their bag for them to pack). I hope you are getting the point here. It is truly amazing that even after hundreds (and likely thousands) of practices and games, my wife and I are still dumbfounded on how often “we” fail at perfecting our pre-game/ practice ritual and adequately fulfilling the myriad of soccer needs for our children. I hope you sense the sarcasm because are “we” (as parents) always really at fault here? At what point does
(some of) the responsibility shift from us to them? As the owner of a successful antivirus/endpoint security software company (Thirtyseven4), I feel the responsibility: The who’s-to-blame game parallels my family’s soccer life in many ways. That is: When it comes protecting your systems and devices against all the latest malware, ransomware, vulnerabilities and other cyber-attacks, what responsibilities rest with the user, and what responsibilities rest with the developer?
Every security software firm has responsibilities to its clients In my professional opinion, the following responsibilities lie with an
| 18
PROTECTED WITH PURPOSE anti-virus software developer like Thirtyseven4: 1. To develop Endpoint Security (antivirus/antimalware) products with the latest cutting-edge technologies. The responsibility here is to stay ahead of cyber criminals, and to create features within our solutions that offer our customers the very best in protection. We can do this by closely analyzing the current and upcoming criminal treads in the industry and combating them. Not only must our solutions stay ahead of the curve, but we also own the responsibly of developing reliable and stable products. 2. To enhance existing features. Unlike 95 percent of the software business, the antivirus industry changes daily, and by the minute (or by the second!) at times. Cutting-edge security features developed today may already be obsolete tomorrow. Cyber criminals are relentless in their hostile pursuit against you. As an organization, we have the responsibility of continually improving our settings and features against the latest emerging threats. 3. Fixing bugs as and when they’re found. While we go to extreme lengths to put our solutions through rigorous quality control testing, software, by definition, is imperfect. We owe it to our customers to address any discovered issue in a timely manner, and we make it our business to correct and update quickly and effectively. 4. Keeping our solutions up-to-date to combat all the latest malware. To take on this responsibility, Thirtyseven4 has both domestic and international virus labs located around the world MinistryTech.com JULY 2018
where there is 24/7 monitoring and utilization of many advanced proprietary techniques to scan the Internet, quickly identifying the latest risks out there. On any given day, Thirtyseven4 is updating for 10,000-20,000 new pieces of malware on all OS platforms (Windows, MACOSX, Android, etc.). 5. Providing Next-Gen style detection procedures to combat unknown threats. In a previous article, I
detailed how Thirtyseven4 uses its own industry-leading MachineLearned/Artificial Intelligence (AI) to proactively protect its users against Zero-Day and unknown/suspicious threats. Here’s a link to that article. We work very hard to stay one technological step ahead of the bad guys. 6. Even with a 99.999 percent success rate against malware threats given our high-level malware monitoring
| 19
PROTECTED WITH PURPOSE and our AI-style technologies, there is always a possibility of something slipping past our multiple filtering systems. That being the case, the anti-virus industry must also shoulder the responsibility of providing immediate and quick resolutions to outbreaks. It is also worth noting that there is much more to simply updating for a new threat, as there is also a quality control piece to each update, including scripting and forwarding updates to all software so that the identified strain does not affect or cause vulnerabilities for anyone else.
The end user has responsibilities, too These are a few things that I see as our responsibility as security software developers. With all that, what responsibilities would I say lie with the end user? 1. Use genuine applications & operating systems. If you are downloading and installing hacked or cracked pieces of software because they’re free, you are playing with fire. 2. Keep all applications and operating systems up-to-date. There are thousands of security vulnerabilities and exploits out there involving Windows, Apple, Java, Adobe, etc., and most Zero-Day style threats capitalize on available software vulnerabilities. You can look to the WannaCry ransomware scare one year ago as a great example (over 250,000 systems infected!). A properly patched system would have avoided it. 3. Install strong and genuine antivirus software and keep its virus definitions up-to-date all the time. At Thirtyseven4, we can develop the most secure solution on the market and be on top of all the latest threats, but if the antivirus gets disabled or removed for any reason or a user isn’t making sure it is receiving the daily updates, it means nothing. 4. Keep strong passwords to system & application. Many of the recent cyber attacks now target systems directly via brute style force attacks cracking weak or easily guessed passwords. Once an attacker has access to a system, they can disable the antivirus software, etc. This leads to another point. Keep your security software settings password protected (with strong passwords!) as well. 5. Avoid installing applications downloaded through unknown sources. Instead visit legitimate websites directly (instead of through search engines searches due to SEO poisoning possibilities).
MinistryTech.com JULY 2018
6. Use caution when opening and downloading attachments originating from unknown sources. 7. Avoid clicking on any unknown URL arriving in your inbox. This is a big one, and it lies with the end user. 8. When Thirtyseven4 (or your AV software of choice), successfully detects an unknown threat, do not exclude or allow that suspicious activity because you feel it is harmless. Things aren’t always what they appear to be. Contact your vendor first. 9. Disable Remote Desktop if it is not in use. (see #4). Instead of cracking weak passwords, brute style force attacks also seek open or available RDP ports. 10. Arguably the most important: Keep regular backups of all your important data. There are black and white areas of responsibility for AV developers for sure. There are things only we can do, and we are called to do to keep the public safe. Using the metaphor of preparing for a community soccer game, parents have responsibility roles that are clear as well. These responsibilities may shift as kids grow and mature: We empower them to assume their own responsibilities. But keeping children safe, fed and loved—these responsibilities never change. Thirtyseven4 can be a responsible “parent” but we also need responsible “children.” We can do our best to prepare you and combat these threats, but we need user intervention at times to make sure everything is carried out. If your system gets infected because weak passwords were configured, or you felt it was too big of a hassle to maintain Windows updates, who is at fault? The parent or the end user (child)? We share the burden placed on us by cyber thugs, but only together can we be successful. We have “prepped the soccer bag,” so to speak. We’ve laid out what needs to be used to be kept safe. But we need your help as end-users. Don’t forget to use all the tools in the bag! We are on the same team! Let’s work together to play hard against our cyber opponents! Steven Sundermeier is the owner of Thirtyseven4, LLC, a leading provider of antivirus/security software. With 17 years of experience in the cybersecurity field, he is one of the nation’s leading experts in virus, malware and other threats. Before founding Thirtyseven4 in 2009, Steven worked in a number of roles in the antivirus industry dating back to 1999.
| 20
FREE DOWNLOAD
How to Grow a Lasting Church Legacy
DOWNLOAD YOUR FREE COPY AT echurch.com/legacy
THE LAST WORD
But just as he who called you is holy, so be holy in all you do; for it is written: “Be holy, because I am holy.” 1 PETER 1:15