B
Birthed of Hope
Birthed of Hope · Cybersecurity & AI Safety Series

Protect Your World: A Practical Cybersecurity Guide for Everyday Leaders

Cybersecurity is not about fear. It is about stewardship. This guide breaks the most important practices into clear, actionable steps you can implement today.

Introduction

Every account you manage, every device you use, every piece of information you store represents something entrusted to you. Protecting it is part of leading well. This guide walks through the most important practices, no technical background required.

Chapter 1 - Passwords: The First Line of Defense

Why Passwords Matter More Than You Think

The majority of account breaches happen because of weak, reused, or stolen passwords. A single compromised password can give an attacker access to your email, bank, ministry database, and donor records, especially when reused across sites.

What Makes a Strong Password

  • At least 14 characters long
  • A mix of uppercase, lowercase, numbers, and symbols
  • Not based on personal information (birthdays, names, addresses)
  • Not a real word or common phrase without modification
  • Unique to each account, never reused
A passphrase works well: string together 4 to 5 unrelated words with numbers and symbols. Example: Blue!River94Lamp$Tree. Long, memorable, strong.

Recommended Password Managers

ToolCostWhy
BitwardenFree / $10 yrOpen source, audited, works across all devices
1Password$2.99/moExcellent for teams; travel mode feature
Proton PassFree / paid tiersPrivacy-first, from the makers of ProtonMail
Apple KeychainFree (Apple)Seamless on iPhone and Mac; good starting point

Two-Factor Authentication (2FA) - Non-Negotiable

Two-factor authentication adds a second layer of verification beyond your password. Even if someone gets your password, they cannot access your account without the second factor.

  • Enable 2FA on every account that offers it. Start with email, banking, and ministry tools.
  • Use an authenticator app (Google Authenticator, Authy, Microsoft Authenticator) over SMS when possible.
  • SMS-based 2FA is better than nothing but can be intercepted through SIM swapping.
  • Store backup codes in your password manager or a secure physical location.

Chapter 2 - Scams, Spam & Social Engineering

Social engineering is the art of manipulating people into revealing information or taking actions they would not otherwise take. It does not require hacking your system. It just requires fooling you. AI is making these attacks more convincing than ever.

Spam and Phishing Calls

  • Do not answer calls from unknown numbers unless you are expecting one.
  • If something feels wrong, hang up immediately and without explanation.
  • Legitimate organizations will never demand payment by phone or ask for gift cards.
  • AI voice cloning can replicate a familiar voice. Hang up and call back on a number you already have.

Phishing Texts (Smishing)

  • Do not click links in unsolicited messages, even from known brands.
  • Verify by going directly to the official site.
  • Watch for urgency language. Report spam texts by forwarding to 7726 (SPAM).

Email Phishing

  • Check the sender's actual address, not just the display name.
  • Hover over links before clicking.
  • Legitimate services will never ask for your password by email.

Impersonation & Business Email Compromise

One of the fastest-growing threats for nonprofits and ministries. Establish a verbal confirmation protocol for any financial request received by email.

If it feels urgent, slow down. Urgency is a manipulation tool. The real thing can almost always wait 10 minutes for you to verify.

Chapter 3 - Device & Account Security

Securing Your Devices

  • Keep operating systems and apps updated.
  • Use a PIN, password, or biometric lock on every device.
  • Enable full-disk encryption.
  • Use a VPN on public Wi-Fi.
  • Enable remote wipe in case of theft.

Protecting Ministry & Organizational Data

  • Limit access on a need-to-know basis.
  • Never share credentials across team members.
  • Back up critical data regularly to a secure, encrypted location.
  • Have a simple incident response plan.

Chapter 4 - AI & Cybersecurity

How AI Is Being Used Against You

  • AI-generated phishing emails, grammatically perfect and personalized.
  • Voice cloning from as little as 3 seconds of audio.
  • Deepfake video used in high-value impersonation.
  • Automated credential stuffing across thousands of sites.

How AI Is Being Used to Protect You

  • AI-powered email filters catch phishing before it reaches you.
  • Behavioral analytics detect unusual login patterns.
  • Password managers identify weak or reused passwords.
The most sophisticated AI system in the world cannot protect you from clicking a link you should not have clicked. Human judgment remains the most important security layer.

Chapter 5 - If Something Goes Wrong

Signs You May Have Been Compromised

  • Unexpected password reset emails you did not request.
  • Friends receiving strange messages from your accounts.
  • Unfamiliar charges or login notifications from new locations.

Immediate Steps

  • Change the affected password from a secure device.
  • Review or enable two-factor authentication.
  • Check connected accounts and notify your bank if needed.
  • Run an antivirus or malware scan.
  • Report the incident to the platform.
  • Alert team or leadership for organizational accounts.
  • Document what happened and when.

In the USA, you can report cybercrime to the FBI Internet Crime Complaint Center at ic3.gov and the FTC at reportfraud.ftc.gov.

Download the ChecklistsBook a Consultation