It starts with an email
A church office manager in Ohio opened an email that looked like it came from their denomination's headquarters. It asked her to verify her login credentials for a software update. She clicked the link, entered her password, and went back to preparing the bulletin.
Two weeks later, the church discovered that their entire member database -- names, addresses, phone numbers, giving history, and pastoral care notes -- had been downloaded by an unknown party. The phishing email wasn't from the denomination. It was from an attacker who had researched the church's affiliations and crafted a convincing fake.
This isn't a hypothetical scenario. Variations of this story play out at churches every month. And most of them are preventable with basic security practices that any church can implement without an IT department.
Why churches are targets
Churches store an unusual combination of data. Financial information (giving records, bank details for ACH donations), personal information (addresses, phone numbers, family relationships), and deeply sensitive pastoral data (marriage counseling notes, addiction recovery status, mental health concerns). Few other organizations hold this breadth of personal information with this little security infrastructure.
Attackers know this. They also know that most churches run on small teams, that volunteer turnover creates access management gaps, and that security training is rarely part of staff onboarding. Churches are soft targets with valuable data.
churches reported data breaches in 2024 -- and many more went unreported
The most common attack isn't sophisticated hacking. It's phishing -- fake emails that trick someone into entering their credentials on a convincing-looking login page. The second most common: reused passwords. When a staff member uses the same password for the church database and a personal shopping site, a breach at the shopping site becomes a breach at the church.
There's also a category of risk that gets less attention: insider data mishandling. A well-meaning volunteer exports the member directory to their personal laptop to work on a mailing from home. A staff member emails giving data to a board member without encryption. A former intern still has access to the database six months after their internship ended. None of these people have malicious intent, but each scenario creates a vulnerability.
The good news: you don't need a full-time IT team to protect your congregation's data. You need good habits, the right tools, and a culture that treats data protection as a form of pastoral care.
Start with password hygiene
Use unique, strong passwords for every system. This is the single most impactful security measure you can take. A password manager like 1Password or Bitwarden makes this practical even for volunteer teams --no one has to remember dozens of complex passwords.
Enable two-factor authentication (2FA) everywhere it's offered. 2FA means even if someone steals a password, they can't log in without a second verification step --usually a code from an app on your phone.
Start here today
Relius supports 2FA out of the box. Turn it on for every admin and staff account today --it takes less than five minutes and blocks 99% of credential-based attacks.
Common password mistakes churches make
- Sharing one login across the entire office (if one person is compromised, everyone is)
- Using the church name or address as a password (hackers try these first)
- Never changing passwords when staff or volunteers leave
- Storing passwords in a shared Google Doc or sticky notes on monitors
Audit who has access
When a volunteer steps down, do they still have database access? When an intern finishes their summer, is their account deactivated? Many churches never revoke permissions. Over time, dozens of former staff and volunteers retain access to sensitive data.
Run quarterly access reviews. Pull up your user list, check each name, and ask: does this person still need access? If not, deactivate their account. This takes 30 minutes per quarter and dramatically reduces your risk surface.
The principle of least privilege
Every person should have access to only the data they need for their role. Nursery volunteers see check-in screens. They don't see giving records. Youth leaders see their group roster. They don't see pastoral care notes for adults.
Relius role-based permissions make this practical. You can create custom roles with granular access controls -- no IT degree required. When someone's role changes, updating their permissions takes seconds.
Build access changes into your HR process
Make permission updates part of your staff and volunteer onboarding and offboarding checklists. When someone joins the team, they get the minimum access their role requires. When they leave, their access is revoked the same day -- not the following week, not 'when someone remembers.' This isn't about distrust. It's about discipline. A clear process prevents the slow accumulation of unnecessary access that creates risk over time.
Encrypt everything
Encryption converts your data into unreadable code that can only be unlocked with the right key. There are two types you need to care about:
- Data at rest: Information stored in databases. If someone steals a hard drive or gains unauthorized database access, encryption means they get gibberish, not member records.
- Data in transit: Information moving between your browser and the server. TLS encryption (the padlock in your browser) prevents anyone from intercepting data as it travels.
If your church management software doesn't mention encryption in their security documentation, ask hard questions. This is table stakes for any platform handling personal information.
Relius uses AES-256 encryption for data at rest and TLS 1.3 for all data transfers. These are the same standards used by banks and healthcare systems.
Beyond your church management platform, think about other places member data lives: email attachments, shared drives, printed directories, volunteer phones. Every copy of sensitive data is a potential leak point.
The printed directory problem
Many churches still produce printed member directories with names, addresses, and phone numbers. These documents are impossible to recall once distributed. If a directory ends up at a garage sale or in a recycling bin, every member's personal information is exposed. Consider keeping directories digital-only with access controls, or at minimum, ask members to opt in before including their information in any printed material.
Plan for incidents
No security system is perfect. Having an incident response plan means the difference between a contained problem and a catastrophe. Your plan doesn't need to be complex --it needs to be written down and accessible.
Your incident response checklist
- Identify: Who noticed the issue? What systems are affected? When did it start?
- Contain: Immediately disable compromised accounts. Change passwords for affected systems.
- Assess: What data was potentially exposed? How many people are affected?
- Notify: Inform affected individuals honestly and promptly. Consult legal counsel if required by your state's breach notification laws.
- Recover: Restore from backups if needed. Patch the vulnerability that was exploited.
- Review: What failed? How do you prevent this from happening again?
Store this plan somewhere accessible --not just on the computer that might be compromised. Print a copy. Save it to a cloud drive. Make sure at least three people know where it is.
Review the plan annually. Practice it if you can. A tabletop exercise -- walking through a hypothetical breach scenario with your staff -- takes an hour and reveals gaps you'd never find on paper. The worst time to figure out your response process is during an actual incident.
Data security isn't glamorous work. It doesn't fill seats on Sunday. But it protects the trust that does. Every family who shares their address, every giver who connects their bank account, every person who shares a prayer request -- they're trusting you with information that could harm them if mishandled. That trust is a pastoral responsibility, and it deserves the same care you bring to every other area of ministry.
See how Relius protects your data
Enterprise-grade security built for churches --without the enterprise price tag.
Start a conversation