As technology advances, it has become necessary for churches to invest in protecting their data and usage. Cybersecurity management, an emerging area in the technological space, remains largely unexplored by many churches, including The Church of Pentecost, one of the largest Pentecostal churches in Ghana, Africa, and the world.
This discussion aims to inform and engage key stakeholders in the protection of church data about their roles in ensuring a safe place for all.
According to the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence, “data security maintains the confidentiality, integrity, and availability of an organization’s data in a way that it works with its risk strategies.”
Cybersecurity, then, is defined as “the prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.”
Every organisation, whether faith-based or “secular,” as far as it engages with the receipt, storage, and processing of data, must have information risk management strategies to be on the safer side of its servers on-premises or in the cloud.
With over 170 branches globally, protection of data by involving the stakeholders such as Executive Council, Pastors and Members, is key to the growth of The Church of Pentecost as we explore the theme, “Unleashed To Live A Life Worthy Of Your Calling” – Ephesians 4:1, Galatians 1:24, 1 Thessalonians 4:7.
As a budding Cybersecurity Management professional unleashed to live a life worthy of my calling, I encourage churches to begin inculcating the sense of protection online and physically into members. With over millions of data being processed every day, one would agree that as we possess the nations through our careers, direct actors (pastors and members) have a part to play.
I recall an incident that happened in the church a couple of years ago, when delicate and sensitive data or documents of the church leaked, thereby spiking a national security concern since it became nationally talked about. While hearing and reading the comments of Ghanaians on the issue, I became motivated as I yearned to go back to my passion for information security analysis. However, I felt helpless because I did not have much skill, access and capacity then to address or help solve the situation as a member. Such incidents could have been avoided if the stakeholders involved understood the repercussions of the action legally and morally through intentional awareness.
The Role of Leadership
Building a strong framework for cybersecurity activities in the church involves the adaptation of the NIST Cybersecurity Framework as its bedrock. The framework uses a five-step approach in addressing issues: Identify, Protect, Detect, Respond and Recover. Leadership’s role involves thorough and intentional engagement with experts, professionals and industries to draft strong Cybersecurity and Data policies that stakeholders can adapt in their interactions with information.
Also, special cyber units can be established within the church, beginning in the headquarters, who will liaise with the Audit and IT departments, respectively. This can be replicated in the various areas, external nations, districts, and locals.
Moreover, Vision 2028 affirms the positive role of leadership in the Digital Transformation agenda by the expansion of IT infrastructure and equipping ministers with the needed information and skills to align IT best practices with the ministry.
The Role of Pastors, Pastors’ Wives & Lay Leaders
Our revered ministers and their wives have a greater part to play in the success of this security awareness and implementation. As key stakeholders, they have direct access to church information, which at times is termed as “classified,” and without proper education and management of such high-priority data, the church could be at a high-risk index.
Regular cybersecurity awareness should be created at various levels, coupled with training on the spiritual, legal, and moral implications as stewards of the church’s data. They have the mandate to relay the same knowledge to their lay leaders/administrative staff and members. Lay leadership (Elders, Deaconesses and Deacons) also interact with sensitive data at their level, as the pastor relays, therefore, they should be willing to accept regular training and the implementation of information security policies too.
The Role of Members
Members of the church are the basic implementors of the church’s policies and themes. They are always in search of information when it is not readily available to them, thus, they may go the extra mile to acquire such information. The instincts of the members seek more regardless of the available information given during services and meetings.
Members should not be left out of the awareness creation process and education. They should engage in training programmes organised for them by the leadership of the church. They should know how to protect themselves from cyberfraudsters and hackers who forcefully access their data, hence gaining access to The Church’s data.
Conclusion
To conclude, this is a clarion call on all faith-based organisations, churches, and individuals to adapt the sense of cybersecurity consciousness as we deliberate on these upcoming topics in cyberspace. I humbly indulge leadership to help create more cybersecurity information sessions on our various physical, print, and online platforms to further build engagement in all churches and denominations across Ghana and globally.
Remember, to “Possess the Nations” and live a life worthy of your calling in the unleashed spirit, Cybersecurity management is a good investment to consider globally.
Written by Emmanuel Otchere Somuah (Cybersecurity Management Graduate Student, East Tennessee State University, US)
