Ever get the feeling you’re being watched? If you’ve made any kind of electronic communication today, then it’s probably not your imagination.
The nature of our modern, resilient, distributed communication systems means that every call, message, web page, and search query passes through many waypoints on its journey. Even when active measures are taken to secure the details of these personal communiqués, it is still possible to glean morsels of information—the so-called metadata that is the subject of some public controversy.
Has the Orwellian state arrived? In our world, data is currency. Advertising companies make billion-dollar profits from it. Data is knowledge. Governments learn important social trends that shape policy. Data is power. Criminals abuse and extort the innocent, and the not-so-innocent, when caches of website user data are compromised.
Security and privacy are not just concerns for governments and corporate behemoths. The same principles apply to your phone’s address book. Have you ever been prompted by an app to access your contacts, and tapped ‘allow’ without much thought? You may have compromised not just your own data, but that of your friends, family and professional acquaintances. Yet if cybersecurity professionals in large tech companies can be defeated, what hope does the part-time IT guy for a local small business, community organisation or church have? The only thing working in their favour is that they are a comparatively low-value target. However, a motivated antagonist would have little difficulty causing harm to such a target.
Churches sit at the intersection of a few risk factors. As community organisations, they typically collect detailed contact information for members and visitors. As providers of social care, much of this data represents vulnerable people within the community, including children. As not-for-profit organisations, they often have constrained budgets and a ‘just-get-by’ approach to IT management. And as occasionally controversial entities, they can attract the attention of people who may seek to cause damage. All these factors elevate the chance that a data breach may be attempted and succeed.
Every small and seemingly inconsequential piece of data can be used to build a profile of an individual, and when multiple sources are combined, full identity theft can result. Imagine losing access to your bank accounts, email and social media, having spurious purchases made using your identity, or even more nightmarish scenarios like your identity being used to smuggle wanted persons across international borders. Any duty of care we have for those we serve must extend to mitigating the risk of these things occurring.
Even where data privacy is taken seriously, it is extremely difficult to be properly prepared for any attack. The cost of engineering a secure information system must be weighed against other things competing for available resources. However, given the potential for damage, it warrants serious thought.
Comments will be approved before showing up.