# Church Cyber Security Starter Checklist

This short checklist is a practical starting point for churches, ministries and volunteer-led organisations. It is not a full security assessment, legal advice or incident response plan.

## 1. Think Before Clicking

- Pause on urgent, surprising or out-of-character messages.
- Confirm payment, gift card, bank account and password requests through a second channel.
- Encourage staff and volunteers to ask before clicking.

## 2. Passwords And MFA

- Use long, unique passwords for every account.
- Use a password manager where practical.
- Turn on multi-factor authentication for email, finance, website, social media, cloud storage and administrator accounts.

## 3. Access And Permissions

- Give access by role, not convenience.
- Keep administrator access limited.
- Separate staff, volunteer, finance, pastoral, youth and website responsibilities where possible.
- Remove access immediately when someone leaves a role.

## 4. Backups

- Back up important documents, rosters, giving records, website content and configuration notes.
- Keep at least one backup copy separate from the main system.
- Test restores occasionally.

## 5. Devices And Updates

- Keep computers, phones, tablets and shared devices updated.
- Use screen locks, device encryption and anti-malware where suitable.
- Avoid shared passwords on shared devices.

## 6. Policies And Practice

- Include cyber safety in staff and volunteer onboarding.
- Run a short annual refresh for leaders and ministry teams.
- Document who owns each system and who can approve access changes.

## 7. If Something Looks Wrong

- Disconnect affected devices from the network where safe to do so.
- Preserve emails, screenshots and logs.
- Change passwords from a trusted device.
- Seek advice before deleting evidence or paying a ransom.

Suburban Secure can help turn this starter checklist into a practical review, roadmap and implementation plan for your church or charity.