Cybersecurity

Recently the denomination has experienced an increase in Adversary in The Middle (AiTM) cyber attacks on our churches, districts and the national ministry centre. This may indicate that we are being targeted by threat actors for financial exploits. Digital Technology at the National Ministry Centre recommends the following straightforward approaches to minimize the risk of these attacks being successful:

  1. If you have a church, district, or NMC account please read and watch these two publicly available resources:
    https://aitmawareness.com/aitm-explained#aitm-phishing    
    https://www.youtube.com/watch?v=ZDUTcokUfTQ

  2. Enable multifactor authentication for your Google or Microsoft accounts. Digital Technology strongly recommends passkeys, hardware security keys (Yubikey or the like) or authentication apps over SMS / text messaging as the second factor 
    https://support.microsoft.com/en-us/office/set-up-your-microsoft-365-sign-in-for-multi-factor-authentication-ace1d096-61e5-449b-a875-58eb3d74de14 
    https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop

  3. If you are subject to an exploit, please be sure to evaluate mail rules, reset multifactor authentication enrollment, clear and invalidate existing login sessions and reset passwords for exploited accounts. It is not enough to just reset your password, you must expire existing sessions and check no nefarious rules were inserted into your mail rules in Outlook ,Gmail, or other mail application you may use. 
    https://www.microsoft.com/en-ca/security/business/solutions/phishing  
    https://learn.microsoft.com/en-us/defender-office-365/responding-to-a-compromised-email-account

There are several other options to consider to lower risk, but they are much harder to implement. These three things are straightforward for most of us to accommodate and so are recommended as a matter of urgency. Additional resources are available from technical guidance papers at Google and Microsoft for helping to prevent this and other attack vectors, and responding:

https://www.microsoft.com/en-ca/security/business/solutions/phishing

https://learn.microsoft.com/en-us/defender-office-365/responding-to-a-compromised-email-account

Top