IT Threat Target: Archbishop’s Email Today; a Catholic App Tomorrow?

Verghese V Joseph –

The recent unsettling incidents involving unidentified individuals who masqueraded as Archbishop Peter Machado of India’s Bengaluru Archdiocese and a nun from the Congregation of Carmelites of Mary Immaculate, an indigenous religious congregation within the Catholic Church of India, should serve as a wake-up call for the broader Catholic Church in India.

These impostors sent emails to various individuals, soliciting funds for an organisation purportedly dedicated to supporting orphaned children, using a fake email in the name of the archbishop.

In the nun’s case, the impersonator falsely claimed that a child named Shreya had been diagnosed with congenital heart disease, emphasising the urgency of catheter procedures to correct the life-threatening defect. The impersonator asserted that Shreya’s impoverished family couldn’t afford the necessary expenses and pleaded with recipients to contribute Rs 2.4 (approximately US$ 2000) lakh to cover the procedure. Regrettably, many individuals were deceived by these ruses, highlighting the challenges faced by the church and religious institutions in India.

This act raises serious concerns about potential phishing attacks and unauthorised access to sensitive communications.

In an era dominated by technological advancements, the significance of securing IT servers and implementing robust architectures cannot be overstated, even within the sacred walls of archdioceses and religious houses. These institutions, entrusted with the spiritual well-being of their communities, haven’t embraced technology to streamline administrative processes, foster communication, and enhance outreach efforts. However, the lack of technological integration can come with potential risks, making it imperative for these institutions to prioritise the security of their IT infrastructure. It is so stark that securing IT servers and implementing a sound architectural framework are crucial for archdioceses and religious houses.

This brings me to the recently-launched CatholicConnect app. Having been closely associated with the CatholicConnect app project earlier on, I think I have the liberty to speak on its implementation. Last June, I was invited by the Conference of Catholic Bishops of India (CCBI) Media Apostolate, Fr. Cyril Victor, to present my ideas for a software application concept designed to run on a mobile device such as a phone, tablet, or watch to CCBI Media Apostolate stakeholders. Other stakeholders were the CCBI deputy secretary general, Fr. Stephen Alathara, and Mr. Nigel Fernandes of ATC Publications. I spent a whole lot of time and effort researching, designing, and developing a comprehensive Media Strategy Paper for a Digital Mobile App-Based Media Tech Platform, including wireframe, content, infrastructure, tech and human resources, besides budgeting, etc. for a three-year plan, which I submitted to them on April 4, 2022. I also presented a similar concept paper at various CCBI & SIGNIS platforms, such as the Public Relations Officers’ Meet in Bangalore, and the same was also presented by Fr Cyril Victor at the SIGNIS India AGM in Jaipur last year.

However, after I shared my ideas with the stakeholders, I received no feedback or follow-up from them. My emails and calls were ignored, and any discussion around that with me was avoided. There was a complete lack of professional courtesy and integrity. Anyway, that’s a story for another day.

Having let that pass when the beta version of the app was rolled out in October, my only gripe was that it was full of errors, glitches, and security risks. The database was inaccurate and outdated. I only hope that the app can’t be easily hacked by anyone with basic IT skills. The app shouldn’t compromise the entire Indian Catholic database or risk being misused.

Last October, I raised these serious issues through an email to the CCBI leadership. I stressed the importance of validating the database and implementing a strict IT security policy. However, there was no response from any quarter to my mail, and my suggestions were ignored, and the CCBI media apostolate appears to have rushed to launch the beta app without proper testing or quality assurance. Only time will tell the ramifications of the rollout.

Data Use of an App

Developers of an app describe the types of user data it collects, how they use this data, and whether the collection of this data is optional. Data is generally considered “collected” when the developer uses the app to retrieve data from a device.

In some cases, developers do not need to disclose data as “collected” even if the data technically leaves a device (for example, when the data is only processed ephemerally).

Data sharing: Developers describe if their app shares your data with third parties and what types of data are shared. Data is generally considered “shared” when it is accessed by the app and transferred to a third party.

In some cases, developers do not need to disclose data as “shared” even if it’s technically transferred to another party (for example, when you give your consent to transfer the data after the app explains how it will use the data, or when the data is shared with a developer’s service provider).

It’s been over seven years that I’ve been running Indian Catholic Matters. I understand content and technology well enough to know why it is important to protect sensitive information.

Securing IT and Preserving Spiritual Integrity

One of the primary reasons for securing IT servers in religious institutions is the protection of sensitive information. Archdioceses and religious houses often manage vast amounts of confidential data, including the personal information of clergy, staff, and a vast number of parishioners. This data may include addresses, contact details, and, in some cases, financial information. A breach of this sensitive information not only violates the privacy of individuals but could also have severe legal and ethical implications. By securing IT servers, these institutions can uphold their responsibility to safeguard the trust placed in them by their communities.

Religious institutions play a pivotal role in fostering spiritual growth and well-being. The trust and faith that communities place in these organisations must be preserved, and any compromise of IT security can erode this trust. Ensuring the integrity of digital platforms, such as websites, online sermons, and communication channels, is vital to maintaining the sanctity of the spiritual experience. A secure IT architecture ensures that malicious actors cannot exploit vulnerabilities to spread misinformation, tamper with sacred texts, or disrupt online religious services.

Enhancing Communication and Outreach

Most of the email communications of the diocesan and religious houses are either on gmail or legacy yahoo, rediff, outlook, zoho, etc email service providers. It’s time they invested in dedicated and secure email servers.

In an age where digital communication is ubiquitous, archdioceses and religious houses rely on various platforms to connect with their communities. Secure IT servers enable these institutions to enhance communication channels without compromising the safety of the data being shared. Whether disseminating important announcements, organising virtual events, or engaging with parishioners through social media, a robust IT architecture ensures that these interactions remain secure, fostering a sense of community while protecting against potential cyber threats.

Financial Stewardship

Religious institutions often manage significant financial resources, including donations, tithes, and contributions from the community. A secure IT infrastructure is essential for the responsible stewardship of these funds. Cybercriminals may target religious organisations in an attempt to exploit financial systems or divert donations for illicit purposes. By implementing strong security measures, such as encryption and secure payment gateways, archdioceses and religious houses can ensure that financial transactions remain transparent, accountable, and free from unauthorised access.

Mitigating Cybersecurity Risks

The threat landscape in the digital realm is constantly evolving, with cybercriminals employing increasingly sophisticated tactics. Archdioceses and religious houses are not immune to these risks, and a proactive approach to cybersecurity is crucial. Implementing firewalls, intrusion detection systems, and regular security audits can help identify vulnerabilities and fortify defenses against potential attacks. By staying ahead of emerging threats, religious institutions can minimise the risk of data breaches, ransomware attacks, and other cybersecurity incidents.

Preserving Historical and Cultural Heritage

Many religious institutions boast a rich historical and cultural heritage, often documented in archives and libraries. In the digital age, these valuable records are increasingly stored electronically. Securing IT servers is essential for preserving this heritage, protecting digital archives, and ensuring that future generations have access to the historical documents that form the foundation of religious traditions. A well-protected IT infrastructure safeguards against data loss, corruption, or unauthorised access to these invaluable resources.

As custodians of sensitive information, archdioceses and religious houses must comply with various legal and regulatory standards regarding data protection and privacy. Non-compliance not only exposes these institutions to legal consequences but also undermines the trust placed in them by their communities. Secure IT servers and architectures help ensure compliance with data protection laws, safeguarding against legal liabilities and reinforcing the ethical standing of religious organisations.

Facilitating Remote Spiritual Services

Recent global events, such as the COVID-19 pandemic, have underscored the importance of remote services and virtual engagement. Archdioceses and religious houses have adapted by offering online sermons, virtual congregations, and live-streamed events. A secure IT infrastructure is essential to support these remote services, ensuring that congregants can participate in spiritual activities without compromising their privacy or the integrity of the experience. Securing digital platforms enhances the accessibility of religious services, reaching a broader audience and fostering inclusivity.

In an era where trust in digital platforms is paramount, securing IT servers becomes a cornerstone for building and maintaining trust within religious communities. Parishioners must have confidence that their interactions with the church, whether in person or online, are secure and protected. A commitment to robust cybersecurity measures demonstrates the dedication of religious institutions to the well-being of their communities, both spiritually and digitally.

Preparing for the Future

The pace of technological innovation shows no signs of slowing down. As archdioceses and religious houses continue to embrace new technologies to fulfill their mission, they must also prepare for future challenges. Investing in secure IT servers and architectures is an investment in the longevity and resilience of these institutions. By adopting a forward-thinking approach to cybersecurity, religious organisations position themselves to adapt to emerging technologies while maintaining the trust and confidence of their communities.

The importance of securing IT servers and implementing a robust architectural framework within archdioceses and religious houses cannot be overstated. Beyond the immediate benefits of protecting sensitive information and preserving spiritual integrity, a secure IT infrastructure is crucial for maintaining trust, complying with legal standards, and adapting to the evolving digital landscape. As these institutions navigate the intersection of faith and technology, prioritising cybersecurity ensures that they can continue their sacred mission while embracing the opportunities offered by the digital age. In doing so, archdioceses and religious houses not only protect their own interests but also fulfill their duty to safeguard the spiritual well-being of the communities they serve.

2 comments

  1. A very enlightening and timely article. But I fear it will go over the heads of most in the hierarchy. Also the decisions relating to Information Technology (IT) are, in most cases, taken by non-IT person(s) in the hierarchy. He may not be able to assess the right IT safeguard measures.

Comments are closed.