On a quite Monday morning, a small church in Anna, TX, discovered something wrong: their online donation portal showed transactions that they didn't recognize, and members were receiving strange confirmation emails. Over the next few hours, they realized their database had been breached through a single compromised volunteer account. It was an unnerving moment, and one that’s becoming more common across the country.
Churches today operate like any small organization: they use email, maintain websites, process online donations, and store personal information. That makes them attractive to the same criminals who target businesses, but with one big difference. Churches often have limited budgets and fewer dedicated IT resources.
Here are five of the most common cyber threats facing churches and faith-based organizations today.
Verizon DBIR 2024). Churches are prime targets because staff and volunteers routinely exchange attachments, bulletins, and donation forms.
Criminals often imitate pastors or ministry leaders, sending messages that appear legitimate, such as “Please review this budget file,” or “Can you wire a payment today?” One careless click can compromise an account or expose the network.
How to respond:
Use multi-factor authentication (MFA) on all email accounts.
Provide short, friendly training for staff and volunteers on spotting suspicious messages.
Encourage a “pause and verify” culture before opening attachments or sending sensitive information.
Ransomware attacks have increased across nonprofits and religious institutions. According to the GuidePoint Security 2025 Threat Report, ransomware accounted for 29 percent of all recorded incidents targeting small organizations. Attackers encrypt church databases and demand payment in cryptocurrency to restore access.
When a church loses access to membership lists, financial data, or media archives, the impact extends beyond operations — it disrupts community life.
How to respond:
Keep automatic backups stored securely offline or in the cloud.
Regularly patch operating systems and software.
Verify that every workstation is protected with modern, centrally managed security tools.
CRI Advisors).
How to respond:
Encrypt data at rest and in transit.
Limit access to financial and member systems to only those who need it.
Review who has administrative rights on shared drives and donation platforms.
Christian Warrior Training Report 2024).
How to respond:
Keep website software and plugins updated.
Use reputable hosting with automatic patching and monitoring.
Maintain a clean backup of your site so you can restore it quickly if it’s defaced.
Unlike corporations, churches rely on rotating volunteers. It’s common for someone to leave a role while their account remains active. According to GuideStone’s Cybersecurity White Paper, more than 60 percent of churches never formally disable former users’ credentials. Even without malicious intent, old accounts create open doors for attackers.
How to respond:
Remove or disable access immediately when volunteers or staff finish their term.
Segment sensitive systems (finance, membership, media) from general user accounts.
Require security checks or antivirus scans on personal laptops used for church work.
Cyberattacks on churches are no longer rare exceptions. They reflect a broader pattern: attackers go where defenses are weakest. The goal is not to create fear, but awareness. Faith communities depend on trust, and protecting that trust means treating digital security as part of stewardship.
With a few consistent practices, including strong authentication, regular updates, backups, and sensible monitoring — even small congregations can stay resilient. By understanding how these five threats work, churches can safeguard not just their data but their mission, ensuring technology continues to serve ministry rather than threaten it.
Ben Loveless
Co-founder and Developer
