Choosing the right church management software and implementing best practices to prevent cyber attacks, guard against internal fraud, and increase parishioner trust

In 2022 and 2023, we explored the unique challenges that diocesan leaders face when managing the financial operations of their parishes. In this article, we will explore the key security features to look for and best practices to implement when choosing your church management software.

Anyone familiar with the diocese structure will acknowledge that is is complex and features many individual entities and leaders. Each diocese is made up of parishes, schools, and ministries. This means that in one diocese there can be hundreds of individual parishes, schools, and ministries. Each entity has a hand in the financial management of the diocese. This can amount to thousands of financial transactions on a monthly, weekly or even daily basis, including donations, investments, and operational expenses.

The Need for a Common Finance System

The complexity of this structure calls for a high level of organization, clear best practices, a defined hierarchy, and the transmission of huge amounts of data. One person or team cannot manage all the daily functions required to ensure that operations are secure, efficient, and transparent.

This is where a common finance system comes in. By employing a single accounting platform across all entities, diocesan leadership can manage daily operations and keep the bigger picture in mind. The use of a common finance system relieves the issues of disparate systems, manual reporting, and delays in data reporting. However, choosing the wrong system could make the diocese more vulnerable to internal and external fraud which can erode the trust of parishioners. And even the best software can’t protect against all cyber-attacks, employee error, and internal fraud.

As custodians of religious communities' resources, diocesan leaders must be proactive in safeguarding financial assets from potential threats. This blog post explores the specific - and real - threats that dioceses encounter in financial management and provides effective strategies for mitigation.

When mapping out your strategy, you should consider both the technology AND the people involved in your financial operations. In addition to choosing the right software, you'll want to map out a structure of best practices to cover all your security needs.

There are three key things to consider:

• Internal fraud

• External fraud, data hacking and cyber attacks

• Parishioner trust and need for transparency

Internal Fraud

We often think of modern fraud as being perpetrated by outside “bad” actors like hackers. It's easy to imagine diocese staff falling for a clever fishing scam and opening the organization up to external players. What we often fail to think about is fraud that comes from within. Sometimes the fraud is calling from across the world, and sometimes it’s calling from inside the church.

“Often, church people can’t bring themselves to believe that their pastor, a church trustee, long-time member, or the school cook could possibly steal from the church,” says Tom Lichtenberger, assistant vice president of property claims at Brotherhood Mutual. “Normally, it’s one of the most trusted people in the church who’s pilfering from the collection plate or diverting funds from the church budget or investment accounts to feed their spending habits or pay personal debts.”

Some fraudsters are able to go unnoticed for long periods of time as they can adjust manual reports and bury data that would expose their fraudulent behavior.

Reports of internal fraud and theft tend to be low. This could mean the occurrence is lower as many believe that religious values help to protect against fraud. Or it could be underreported as these issues are often handled internally. Either way, internal fraud does happen to dioceses.

A 2023 study identified 98 cases of fraud in dioceses between 1963 and 2020. One of the primary takeaways from this study was that perpetrators didn't need to mount Oceans Eleven-scale operations to steal. The largest factor that made thief easier was a "lack of internal control procedures". *

While the incidence of reporting of thief in dioceses may be relatively low, it is a critical issue that should be protected against. Brotherhood Mutual estimated that fraud is increasing at a rate of six perfect, meaning fraud committed against the church worldwide could reach $80 by 2025.

External Fraud, Data Hacking & Cyber Attacks

News of fraud seems to only increase as more of our lives become digital. It's nice to think that bad actors wouldn't target public institutions like churches, dioceses, and nonprofits, but the reality is everyone is fair game.

In November and December of 2022, thieves stole more than $400,000 from a trust fund created on behalf of a diocese. Cyber criminals were able to divert recurring payments to unauthorized accounts. As these were monthly payments, the trust staff didn't spot the issue until one of the recipients noticed that they didn't receive their normal payment.

The trustees that manage the fund implemented new security measures including: new software, computer monitoring, scam testing, new withdrawal processes, and increased security for internal emails.

Sometimes these external attacks aren't even digital. In 2023, there were multiple reports of individuals impersonating Catholic Bishops and Priests in Texas, where a man impersonated a priest to gain access private areas of parish offices and in California, where a pair of imposters scamming parishioners out of thousands of dollars collected for blessings and sacraments.

Diocesan databases containing sensitive information, such as donor details and financial records, are prime targets for hackers seeking to exploit vulnerabilities. Ransomware attacks, phishing schemes, and data breaches pose significant risks to the confidentiality and integrity of financial information.

Transparency & Parishioner Trust

Whether fraud is internal or external, any occurrence can begin to erode trust amongst members of the church. While full transparency isn't always possible, increasing the level of information leadership shares with parishioners can only help to increase trust.

It's not easy to be transparent when you don't have accurate and timely data and are stuck pulling manual reports that are already out of date by the time you publish them. Implementing a common finance system is the first step to centralizing your operations.

A common finance system allows you to:

1. Manage multiple entities, with isolation of fund sources, budgets, and expenses by program or parish.

2. Achieve true fund accounting and improve efficiency of financial management processes.

3. Manage and provide a high level of visibility for parish deposits and loans.

4. Increase financial transparency and accountability.

Church Management Software

There are many options for church management software, but they're not all created equal. When choosing a system to implement across your diocese, you need to look for features that are built into the daily functions that help to protect your information and assets.

One key aspect to look for is the ability to view real-time data at all levels of the diocese, seamlessly pull reports to analyze that data, and access that data and reports in whatever format you need. Look for a system that gives you flexibility by allowing for reporting and data analysis within the system and easy exports to Excel, PDFs, or integrations with other software.

As we're talking about security, another necessity is a system that is backed by the resources of a large multi-national company. This gives you access to cloud-based data that you know is secure and only accessible by your authorized users.

SylogistMission ERP for Dioceses

When it comes to choosing a diocese management solution, SylogistMission emerges as an outstanding option that dioceses should seriously consider.

SylogistMission has a deep understanding of the unique needs and challenges dioceses face. By opting for SylogistMission as their Diocese management solution, dioceses can expect a reliable and integrated platform, built on Microsoft Dynamics 365, that simplifies processes, enhances engagement, and boosts overall operational efficiency. What's more, their user-friendly interface, robust features, and dedicated support make SylogistMission a trusted partner that can empower dioceses to thrive in today's ever-evolving landscape.

Selecting church management software is a crucial decision that requires careful consideration of the specific needs and goals of your diocese. By choosing the right software partner, dioceses can embark on a transformative journey that will empower them to fulfill their mission effectively and provide support to their schools, missions, and parishes.

Best Practices to Guard Against Fraud

After you've chosen your software and deployed it across your diocese, you'll want to implement a system of best practices that ensures your authorized users can handle your parishioners data with intelligence and integrity.

A few mitigation strategies to get you started include:

1. Robust Cybersecurity Measures: Dioceses must invest in cutting-edge cybersecurity technologies to create a robust defense against cyber threats. This includes firewalls, antivirus software, and regular security audits to identify and rectify potential vulnerabilities.

2. Employee Training Programs: Internal threats are equally concerning. Implementing comprehensive training programs for staff members can raise awareness about potential risks, teaching them to recognize phishing attempts and adopt secure digital practices.

3. Secure Financial Platforms: Choose financial management platforms with robust security features. Encryption, multi-factor authentication, and regular software updates are crucial elements in maintaining secure financial systems.

4. Regular Audits and Assessments: Conducting regular financial audits and security assessments helps dioceses identify and rectify potential weaknesses. This proactive approach ensures that security measures evolve alongside emerging threats.

5. Collaboration with Financial Institutions: Forge strong partnerships with financial institutions that prioritize security. Regular communication and collaboration can lead to the adoption of additional security measures and early detection of suspicious activities.

In a time where trust is paramount, dioceses can build credibility by implementing a common finance system, adopting transparent financial practices, and implementing a set of robust best practices to ensure accountability and integrity. Regularly communicating financial reports and updates to the community fosters trust and accountability. Transparency not only deters internal fraud but also showcases a commitment to ethical financial management.

About Sylogist & SylogistMission ERP

SylogistMission ERP is a SaaS solution available in the Microsoft Cloud. Features include: fund accounting, financial management, grant and award management, payroll and HR, and reporting and analytics.

Learn more about SylogistMission ERP for Dioceses

Additional Resources

Download our infographic on the common finance system for dioceses and archdioceses.

Ebooks from the Evangelical Council for Financial Accountability

Fraud Prevention Quiz from Brotherhood Mutual