Churches store donor records, family data, and financial access — without the security infrastructure to protect them. Steeple Security delivers a board-ready risk assessment in under 25 minutes. Always free.
What We Protect
Faith communities hold donor giving histories, family records, and direct banking relationships — without the security teams that protect organizations of comparable data sensitivity.
Attackers impersonate senior pastors over email, directing staff to wire funds or purchase gift cards. This single attack vector costs churches millions annually — and succeeds because email is inherently trusted.
Donor giving records, family information, and financial data sit in shared folders with no access controls, no audit logs, and no defined data retention policy. Anyone with a login can export everything.
Shared passwords and absent multi-factor authentication mean one compromised account grants full access to email, cloud storage, donor platforms, and financial systems simultaneously.
Without proper network segmentation, your public guest Wi-Fi shares the same broadcast domain as staff computers, admin systems, and internal servers — an open path for any visitor with a laptop.
Security assessments are always free. When you're ready to close the gaps, we scope a remediation engagement to your environment — no packages, no pressure.
A comprehensive evaluation of your email environment, access controls, network configuration, and device management posture — delivered as a professional risk report your leadership team can act on immediately.
When your team is ready to act, we implement the fixes — deploying industry-leading third-party security tools configured specifically for your environment. Scoped engagements, transparent deliverables.
People are the most targeted attack surface in any organization. We deploy KnowBe4 and Huntress Security Awareness Training to build phishing resistance and security habits across your entire staff.
Every platform below is one we've assessed, hardened, and deployed for real churches — not theoretical knowledge.
No security background needed. No contracts, no commitments. Start free and decide how far you want to go.
Choose the platforms your church uses — Google Workspace, Microsoft 365, Planning Center, and others. You'll only see questions relevant to your exact environment.
Written for administrators and ministry leaders — not IT professionals. Straightforward yes/no and multiple-choice questions. Pause and resume anytime. Takes 15–25 minutes.
Your responses are benchmarked against NIST CSF and CIS Controls standards — the same frameworks used by enterprise security teams — translated into church-specific findings.
A professional PDF report with your security score, risk findings ranked by severity, and a prioritized 30-day action plan. Ready to share with your leadership team the moment you finish.
Book a complimentary 30-minute session with our team. We'll walk through the findings, answer questions, and help you decide what to prioritize — with no obligation to engage further.
Remediate in-house using our guides, hand the report to your existing IT team, or engage us directly for a scoped remediation. Contact us to discuss what fits your timeline and budget.
The assessment costs nothing. Remediation is scoped to your environment — not a menu of packages. Contact us and we'll build a proposal around what you actually need.
A professional risk report for every church, at no cost.
Scoped to your environment, your team, and your timeline.
Continuous coverage for churches that want a security partner, not a one-time project.
Nonprofit and ministry discounts are available and applied to all third-party tools we deploy on your behalf. Reach out — we'll work within your budget.
Straight answers — no tech-speak, no pressure.
Yes — completely free, no credit card required. Security assessments are and will always be free for every church. When your team is ready to act on the findings, we scope a remediation engagement. Contact us for pricing on that.
Smaller churches are often more vulnerable, not less. A 150-member congregation holds just as much sensitive donor data as a 2,000-member one — and attackers know that smaller organizations are far less likely to have defenses in place. Size is not a shield.
Almost certainly. Most IT providers focus on uptime — keeping email running, computers online, internet connected. That is not the same as security. "The systems are working" is not a security posture. Our assessments surface gaps that general IT routinely misses, and our reports are designed to hand directly to any IT team for implementation.
15–25 minutes, depending on the number of systems your church uses. You can pause and resume anytime. Your report generates the moment you submit — a professional PDF ready to download, share with leadership, or bring to a board meeting.
Nothing technical. Questions are written for administrators and ministry leaders, not IT professionals. It helps to know your email platform (Google or Microsoft), whether you use Planning Center, and roughly how many staff and devices you manage. Informed estimates are fine.
Yes. We never ask for donor records, bank details, or system credentials. We collect your church's name, contact information, and your responses to security policy questions. All data is encrypted in transit and at rest, and is never sold or shared with third parties.
Every major cybersecurity vendor offers nonprofit or free pricing — most churches just don't know it. Here's where to start.
Google Workspace for Nonprofits is free for eligible organizations. Microsoft 365 Nonprofit offers Business Basic at no cost and Business Premium at deep discount.
Bitwarden is free for small teams and includes nonprofit pricing. NordPass and 1Password both offer up to 50–60% off for verified nonprofits.
KnowBe4 offers security awareness training with nonprofit pricing. Huntress provides managed security awareness training for small teams at accessible rates.
Huntress MDR provides 24/7 managed detection and response for SMBs. Bitdefender, Malwarebytes, and others offer nonprofit rates via TechSoup.
Duo Security offers a free tier for up to 10 users and low-cost plans beyond that. Okta for Good provides nonprofit access to enterprise identity management.
Cloudflare Project Galileo provides free DDoS and WAF protection for civil society organizations. NordLayer offers 60% off network security for nonprofits.
25+ tools with verified nonprofit pricing — eligibility details, direct links, and setup guides all in one place.
View the Full Resource Hub →Complete the assessment in under 25 minutes and walk away with a professional security report your entire leadership team can act on today.
Start Your Free AssessmentWhether you have questions, want a scoped remediation proposal, or simply want to talk through your situation — reach out. We respond within one business day. No pressure, no obligation.