- Do not give out a churchwide directory. Our clients have options to control access to the directory should they choose to give it. But, many churches no longer give access to churchwide directories at all. If a directory is import to your church, be sure you verify the identity of everyone who has access to it. Churchteams clients should review this article related to use of a directory.
- Push out directories at the group level. In Churchteams, there is a communication option within each group that enables the leader to email directory information on their group to their group. This is the level where most nonleaders develop friendships that they want to communicate with anyway. This feature gives the right access to the right people and keeps other member information secure.
- Train staff to recognize potential scammers. Don't assume your staff and volunteers understand what phishing is. Share this blog post with them. Create a document or even a policy for sharing directory and other personal information. Requests for directory access or passwords that come by email or over the phone should raise flags for staff to verify the identity of the person making the request. Here is an example guideline to help train staff.
- Develop a "Use of Information" guide. Communicate with people how you will use their information when they give it to you. This could be a simple sentence or two in the bulletin or on a registration, or it could be a full policy that you include in your new member handouts. This is becoming a more common practice. Here is a template for creating this guide.
As a Churchteams client, you can be assured that we are paying very close attention to your cybersecurity needs. It is one of those behind the scenes things that we do to make sure system integrity is always maintained. However, if you ever have a concern, we will work with your IT person or team as much as needed to make sure you are completely confident that your data is safe.