Peanuts and Security

By Ross Moore, Co-Chair, Experienced InfoSec Professional | Board Member @ Secjuice | Co-chair @ FB-ISAO CTI Working Group | Sr. Security Researcher @ CSI Linux | Infosec Writer | Consultant | "Festina Lente"

Your house of worship has organized a pitch-in. You’ve got the date set, the room and kitchen reserved, tables and chairs ready, etc.

Mr. and Mrs. Ramirez come to you and say, “We wanted you to know that Julio has a peanut allergy.”

What do you do? You care about the Ramirez family, and you want them to attend. You have several questions that you need to answer.

• Do you let everyone know about the allergy?
• Do you find out who else has peanut and other allergies?
• Do you set aside different tables for those who have allergies?
• If so, are those tables on the other side of the room, or in a separate room?
• Or do you leave all the tables as usual, and have people mark “contains peanuts” on their dish as needed?

You want fellowship, not hospital trips. You want unity, not embarrassment. You want people to have a good time, not to be afraid.

There’s no right or wrong answer to how it’s handled – the point is that there’s a discussion about how to go about it. You talk with the family, talk amongst yourselves, with other leaders, maybe with other families who might have other food concerns. The goal is to bring forth a valid topic that contains many potential paths forward and to work out a solution.

Considerations for the security of houses of worship  (physical and information) are much the same. Every house of worship is different, but there are physical and cybersecurity threats that could easily affect any house of worship, while some threats may never happen. 

With the pitch-in scenario, it’s not an apples-to-apples (no pun intended!) comparison because house of worship physical and cybersecurity aren’t in the same category. Physical and cyber security involve the well-being of the entire congregation, and often don’t include accommodating one person or family (though that’s not ruled out – on the physical security side, maybe there’s one person with heart issues who warrants having an AED (Automated External Defibrillator).

The important aspect is that there are physical and information security risks out there and having an in-house discussion about what’s relevant to each house of worship is important to keeping congregations safe from relevant threats.

It’s not about being having an award-winning or newsworthy security program. And it’s not about spending a lot of money. It’s about asking pertinent questions and providing reasonable answers.

If your organization has a website, it could get defaced. If there are publicly known email addresses, they could get spammed. If someone is very busy answering the phones, that person could get scammed. Maybe you have single doors in front of your building and you’re on a small gravel parking lot, making you much less of a target for vehicle ramming. Or perhaps you operate a daycare, so the daily threat of the wrong adults picking up a kid is present.

Duke University researchers contend that while the average congregation size is approximately 70 active participants on a regular basisthat doesn’t account for the existing skill and talent (and lack thereof) in the congregation. Maybe you have a police officer or security professional as a member, so the physical and cyber security aspects have a champion. Maybe you have a grant to set up security cameras. Perhaps you’re a small congregation way out in the country – unobtrusive physically, socially, and politically, therefore having unique challenges.

Not every threat is relevant to every house of worship. What’s important is that each House of Worship considers dangers appropriate to its size, location, and people, and addresses those accordingly.

Joy in the Journey.

This post is a guest post. The community is welcome to submit guest posts. Learn more about guest posts here. Ready to share? While we can’t guarantee we’ll be able to publish your post, even if it meets our editorial guidelines, we look forward to receiving your submission. Please submit your blog post to [email protected]. If your submission meets our editorial guidelines and aligns with our mission, we will respond to let you know your post has been selected and we will work with you on any needed edits.