Security is an issue that has been very difficult to address due to institutional culture and the changes that would be required. So for the time being, security is addressed on the system administration side.

A critical early task is to start user security training. Other training will follow in the form of youtube videos, things I write, small group sessions, one on one sessions. The point is to help better equip staff to make the most use of digital tech, safely and effectively. 

Points to cover

. Password strength

https://www.zdnet.com/article/ransomware-attacks-weak-passwords-are-now-your-biggest-risk/

. Social engineering. what to look for, how to respond.

. email attacks

. web browsing

. software updates

. smartphone issues. this is a bit different from the rest because you own it and it interacts with the church systems differently. Pin numbers, installing apps, physical protection, connecting to public wifi (don't do anything confidential).

. misc. found usb drives/CDs, people (including repair people, kids, members) leaving hardware, leaving bags or boxes, hardware you do not recognize, unusual system behavior.

. be suspicious. you have already encountered people intending to hack you, and that will just continue. if you are not sure, suspect anything, your spider sense goes off. anything, bring it to someone's attention. do not try to deal with anything yourself.

This cannot cover everything. So consider this the start of an ongoing discussion. I will be sharing things, and you can share things and ask questions.