It seems every month, another huge hack lights up the Internet. From the complete compromise of every file at a major motion picture studio to private celebrity photos to countless credit-card numbers stolen from retailers, it seems that every area of our life is vulnerable.
All of that raises questions for churches, pastors and parishioners. What is private online? How do I ensure my privacy?
Social engineering
Many online attacks start with the "discovery" of someone's password, but this almost never happens by any technical means. Most hacks begin with someone guessing the security questions related to an email or other account. Whether online or over the phone, the additional security questions you provide are crucial.
Most security experts encourage you to create standard fake responses to these sorts of questions that are much harder for someone to guess than truth. For example, when asked for the name of your best friend, you might decide to put "reindeer."
Creating different passwords is EASY with FREE password managers
If someone discovers your password, it's likely they can access other websites you use. Protect yourself. Create different passwords for EVERY site. Make it easy on yourself and use a password manager such as LastPass (free) or 1Password (paid). You will only have to remember one password. After you enter the master password, the manager's browser extension will give you access to all sites you have saved.
Create a strong master password and don't write it down. Keep in mind, these password managers have security and encryption standards that match or surpass the standards of major banks, so rest assured, knowing your password vault is safe.
As you make changes to all your websites with matching passwords, the password manager's browser extension will detect these changes and prompt you to save the site into your password vault. It may take you an hour to go through all the sites you regularly use, but when you're done, the process of logging into a website will be lightning fast. Just give the password manager permission to autofill your login information.
Password managers also allow you to make form fill profiles that allow the browser extension automatically to complete routine online forms so you don't have to type your address, email and credit card information. It save a lot time.
How to "secure delete" files on your computer
One of the most misunderstood parts of technology is how things are deleted. When a file is stored on your computer's drive, the file itself is stored on the drive and a record of its location is added to a master list. The list is what the computer sees and is how files are accessed. When you delete a file on your drive, your computer simply removes the name of the file from the list. In order to delete a file completely, you must "secure delete" or "secure empty trash" on your Mac or PC, which will effectively delete both the file and the record of the file.
Nothing is truly deleted on the Internet
The Internet is a different matter altogether. In order to make things run smoothly, most cloud services (Gmail, Facebook, Google Search, Twitter, etc.) have many copies of all their data on computers around the world.
Again, once a file is deleted, the record of the file is deleted so the public cannot see it, however the actual file will often reside on many machines for a long time (sometimes forever) so companies can continue to use data for statistical analysis.
On top of that, many websites specialize in scanning, storing and helping users find deleted social media entries. You can do little about this besides unplugging your life from the Internet, which is neither easy nor practical. The best way to deal with this reality is to assume that anything you ever put online will be online forever.
Your browsing history is stored
People can hide Internet activity using the browser's private mode so that their browsing history and passwords are not stored when they are using a friend's computer or a computer at an Internet cafe. However, most Internet service providers keep a record of your browsing history so they can do data analysis and assist in investigations when served with a subpoena.
That means you should be aware that your browsing habits and the habits of anyone using your network are not anonymous even if no records are kept on local machines. This means that at the most basic level of your browsing history, nothing you do can be considered truly private and confidential.
Privacy settings
Every service you have online has security or privacy settings where you can designate exactly who can see what information. Unfortunately, a quick Google search can pull up many articles detailing how these companies arbitrarily change or sometimes simply don't honor the settings in general. That is why it is important periodically to revisit the privacy settings for sites that you regularly use. You might even do an advanced search in Google specifying a short date range to pull up the most recent advice or instructions for a particular service's privacy settings. Here are search results within the last month for Facebook privacy settings.
Implications for ministry
All of this has significant implications for how you use technology in ministry. It is important for church leaders to create a social media policy that sets clear expectations around how leaders use the Internet and social media. Setting a policy is important, but having ongoing conversations about how to minister and live in this digitally connected world is vital for any modern church.
Though it is easy to say you should merely live your life online with holiness, the issue is much more nuanced. You may have nothing to hide, but there are moments where you are legally (and morally) bound to confidentiality. If you do need to record sensitive data on your computer, learn how to encrypt your files.
Making strong passwords and being careful about your privacy settings is an important place to begin. However, knowing how deleted files linger on and how your activity is stored, it is important to carefully and consciously decide what information is appropriate to trust to that environment, and what is best kept to the analog world.