Blog

 
 

Helpful Security Tips for Church Websites and Member Databases 

As reported recently, some large organisations have been affected by security breaches. Below, I explain our security and provide some helpful tips. 

security1

While we are doing everything we can to bolster our security efforts, there are also ways you can contribute.

Spoiler Alert - Use our 2-Factor Authentication for Web Office users. Read more below.

About Hubb Security

You can always visit www.hubb.church/security to review the information we have about our setup. The highlights include:

  • All pages on your site and the web office are fully encrypted with SSL using HTTPS.
  • Passwords are encrypted and stored in the database via a one-way salted hash. Secure password links are sent using time-sensitive, single-use email authentication.
  • All personal data stored on our servers is encrypted at rest.
  • We have continuous upstream DDoS mitigation, and our servers are constantly analysing incoming traffic using automated algorithms that automatically blacklist IP addresses originating any attacks on our servers. Our servers are up-to-date with all the latest security patches and only accept connections using the latest cyphers. Firewalls block all non-essential ports. 
  • We run regular automated security scans on our servers (including the OWASP Top 10 list) and periodically engage CREST-certified penetration testers for manual testing. We are rated grade A and A+ on industry-recognised security checking providers.
  • You can use our Multi-Factor Authentication feature, which you can see below.

Tips and things to consider


security2

Regularly resetting passwords
We strongly advise everyone to update their passwords regularly, not just their Hubb passwords, but all their passwords for their online services.

Even if you haven’t been hacked, companies you use might have been. If your password is leaked and you don’t change it, hackers can log into your account or try that password on other websites. 

By changing your passwords on sites you use, you protect yourself. 

Action: Why not update your most-used passwords and set a reminder every 3 months to update some others

Having more secure passwords
We are sure you will have strong passwords, but this is a good time to remind you to keep them strong. Weak passwords are easier to guess.

Tip - If your favourite password is ‘cambridge’ Don’t just captilise the first letter, then use the number 1 at the end of a password and then add an exclamation mark. This is no way to outfox hackers.

I’m not saying this is the most secure, but you could try something like this for your Facebook login - camBridgeFB7” and for Amazon - camBridgeAM7”. You can see I have placed the letters from the service in the password. Again, I’m not saying this is the most secure, but I hope you can see it’s helpful to have different passwords for different services that cannot be easily guessed.

Changing the capitalised letter and the number every six or twelve months would be an excellent discipline. I know it takes time, but it’s time well spent in today’s world. 
 

Multi-Factor Authentication

We strongly recommend exploring and enabling our multi-factor authentication feature for enhanced security when logging in to the web office.

Users frequently reuse passwords, which means that if one site is compromised and passwords are stolen, the hacker has access to numerous other sites where the same password was used.

Multi-factor authentication significantly reduces the risks associated with this because, when logging in, we check something you know (a password) and something you have (a device). A hacker may have your password, but they cannot log in without being able to enter the 6-digit code generated by your smartphone or another device.

To enable Multi-Factor Authentication for web office logins, go to Site Settings > Site Configuration and update the setting under Login Security.

For help and questions, please email us at support@hubb.church.

security2