Tip: USE STRONG PASSWORDS
Yes, I intended to "yell" in the title. I'd like to pass along a link to a UU Interconnections article that talks about how to prevent having your congregation's phone system hacked (or your e-mail account or ...)
http://uua.org/interconnections/interconnections/199690.shtml This happened to a congregation in our District!
At times I think it's not a matter of whether you will get hacked, it's only a matter of when. As my partner says, "there are two kinds of sailors: those who have been seasick and those who will be." When one of the CMwD sites was hacked in 2011, it prompted us to a review of all our site passwords. We changed every single one of them to more complex combinations of letters, numbers and symbols. This is something we can't stress enough. With so many of us "living online" via our e-mail accounts, websites, blogs, and mobile devices, setting up and keeping track of strong passwords is a talent we're all going to need sooner or later.
While I was speaking with some colleagues the other day, I head someone say, "well, if you've been hacked, that means you're important." I hope that was tongue-in cheek because the reality is hackers don't need a reason or a big target. They will do things like create robots that scour the web for a particular vulnerability they can exploit, and if your site has it, you're going to get it. It's like con artists preying on the needs and concerns of the elderly: find a week spot and attack that. So, thinking you're immune because you have a small church website isn't going to keep you safe and sane.
Another password horror story: I know of a business who bought a used computer from a competitor who was having an auction. Not only did they leave accounting info on the machine, their password was, you guessed it, "password." Cute but obviously ineffective. The business wiped that hard drive prior to using it so the sensitive data went no farther than that.
In the immortal (at least on TV) words of Sheldon Cooper, "1234 is not a password!!!!" [Ed. note: and 6789 is not a pin number! LOL]