At ChurchSuite, we take the security of your church's data incredibly seriously, continuously going to great lengths to further strengthen our system's effectiveness at keeping your data safe.
A large part of this is done behind the scenes. However, there is a lot that ChurchSuite users can (and, we believe, ideally should) do in order to make best use of the tools we provide in order to secure their ChurchSuite accounts against data leaks of any kind! That is what this blog post is about - read on to find out about some simple but effective steps you can take today that will greatly enhance the security of your account.
1. Use secure passwords
If you're using "pass123" as your password, you're inviting trouble! In fact, using any word that exists in a dictionary, even when combined with other words and numbers, is far too insecure.
And what few people know: any combination of letters and numbers that is fairly predictable makes for a risky password...
So, what can be done? Our advice: only use machine-created passwords. Using a secure password manager to create your passwords will greatly enhance the security of your ChurchSuite (or any other) account!
Regardless of what password you choose to use, ChurchSuite will automatically check to make sure that your password hasn't been part of a known third-party data breach, automatically giving you a little extra protection.
2. Use a password manager
Don't worry, we're not asking you to memorise your 24-random-character password! By using a secure and high-quality password manager (such as 1Password), you can ensure that your passwords are stored as safely as possible.
You can use your browser to save passwords but make sure you set a master or primary password to protect those passwords from prying eyes, and only do this if you're not on a shared machine.
3. Use ChurchSuite's multi-factor-authentication setting
By enabling ChurchSuite's multi-factor-authentication (MFA) setting, you're effectively adding another layer of security beyond your password, greatly enhancing the security of your account. And, if you're using a good password management app (see above) then you'll barely notice this extra step when logging in.
To find out more about what MFA is and how you can get started with this in ChurchSuite, check out our support article.
4. Reset insecure user passwords
When you set a new password, ChurchSuite automatically performs a background scan to see whether this password can be found in any databases of hacked or leaked passwords, giving you peace of mind!
For additional peace of mind, watch our for any warnings your password manager gives you: most good password managers will perform regular background checks and warn you if any of your passwords appear in a database of leaked passwords.
Should that happen, there's no need to panic: simply reset your password. The ChurchSuite account's administrator is able to force a password reset on any user account through the Administrator area in ChurchSuite.
By the way: there's an extremely useful report that can be found in the Administrator module called "Password security" which lets ChurchSuite admins see how secure your users' current passwords are. Check out our support article on the Password security report.
5. Principle of least privilege
Creating users is free in ChurchSuite, which means that everyone who needs access can have their own account. This makes it easier to monitor change logs from individual accounts, and it also enables you to revoke access for single users if you need to.
In the Administrator area of ChurchSuite you can give users access on a module by module basis. For each module, you can give a user "use", "write" or "manage" privileges which determine how they are able to use the module.
Make it your policy as a church only to give your users as much access as they absolutely need in order to minimise security risk. For instance: if the members of the children's team only need "use" access to the Children's module in order to serve, then restrict them to just that. If finance people don't need access to other systems, only give access to giving.
Obviously this only works if you make sure that you don't share passwords between users!
Thinking this through and setting it up correctly can require a bit more effort initially, however it will greatly improve the security of your system!
6. Additional helpful tips
Tip 1: Check out the "Logins" report in the Administrator module. In the Administrator module from time to time. If there are lots of failed login attempts, or perhaps logins from unfamiliar IP addresses, then that would be worth taking a closer look at.
Tip 2: This is quite a basic tip, but it's always worth reiterating: never, ever leave your laptop logged in and open! (On your phone, your ChurchSuite app is secured with an additional pin code/biometrics)
Tip 3: If you ever come across a "my data has changed but I didn't do it" type situation, check out the the change logs in the Address Book by going to the person's contact card, clicking on the "More" button and selecting "View changes".
Tip 4: Minimise printing and downloading of data from ChurchSuite - wherever possible keep data safely stored within ChurchSuite rather than creating a new "risk vector" by keeping confidential data stored directly on your laptop where it can be much more easily accessed, or by printing it out.
Tip 5: Use ChurchSuite's in-built communication tools rather than email programs where possible. This is another chance of keeping data inside the secure environment ChurchSuite provides while also giving you additional advantages such as the ability to access the communication log.
We realise this blog post is longer and more detailed than our posts usually are - our hope is that, initially, you'll be inspired to think about your account's security. But then after that, our hope is that this will be a blog post that you'll be able to come back to as a really helpful resource as you start to think about implementing various suggestions.
At ChurchSuite, we're committed to coming alongside you to help you secure your church members' data in any way we can!