Security Expectations for Personal Devices

Personal devices (phones, tablets, laptops) may occasionally be used to access Crosspoint systems. While this provides flexibility, it also introduces risk. This article outlines the minimum security expectations to protect church data, staff, and members.

Core Expectation

If a personal device is used to access Crosspoint email, files, or systems, that device must meet basic security standards equivalent to a church-managed device.

Minimum Security Requirements


  • Device Protection:
  • All devices must be secured with a passcode, PIN, password, or biometric authentication (Face ID, fingerprint).


  • Automatic Lock:
  • Devices should automatically lock after a short period of inactivity (recommended: 5 minutes or less).


  • Up-to-Date Software:
  • Operating systems and applications must be kept current with the latest security updates.


  • Multi-Factor Authentication (MFA):
  • Required for all systems that support it, especially email and Microsoft 365 access.


  • Secure Network Usage:
  • Avoid accessing sensitive information on public or unsecured Wi-Fi networks. If necessary, use a secure connection (VPN if available).


  • Approved Applications Only:
  • Access Crosspoint systems only through approved and trusted applications (e.g., Microsoft Outlook, Teams, OneDrive).

Data Handling Expectations

  • Local Storage of Sensitive Files:
  • Church documents should not be downloaded and stored permanently on personal devices. Access files through OneDrive or SharePoint whenever possible.


  • No Sharing or Syncing to Personal Accounts:
  • Do not sync Crosspoint data to personal cloud services (iCloud, Dropbox, Google Drive, etc.).


  • Immediate Reporting:
  • If a device is lost, stolen, or believed to be compromised, notify the IT team immediately.

Access Control

  • Crosspoint reserves the right to remove access to church systems from any personal device that does not meet security expectations.
  • In certain situations, IT may require additional controls (such as mobile device management or remote wipe capability) for continued access.

Separation of Personal and Church Data

  • Keep personal and church-related activities clearly separated.
  • Avoid saving church credentials in shared or unsecured environments on personal devices.

Why This Matters

Personal devices are outside of direct IT control. These expectations are in place to reduce risk, protect confidential information, and maintain the integrity of Crosspoint systems.

Support

For questions, device setup assistance, or to report a security concern, contact the IT team at it@crosspoint.church.