Nonprofit Resources
Cybersecurity Awareness Month 2024: How to Reduce Your Organization’s Risk
It’s Cybersecurity Awareness Month! Throughout October, we’ve been sharing resources, tips, and best practices on social media. We focused on four key areas recommended by the National Cybersecurity Alliance (NCA) to help keep you and your organization secure:
- Enabling multi-factor authentication (MFA)
- Using strong passwords
- Updating software
- Recognizing and reporting phishing
Here’s a summary of our recommendations.
Enabling Multi-factor Authentication
MFA adds an extra layer of protection and makes it difficult for hackers to access accounts even if they have the password.
- Awareness and use of MFA is increasing: 81% of respondents in the NCA 2024 “Oh, Behave!” report said they know how to use MFA, and of those, 66% use it regularly, indicating its effectiveness as a cybersecurity measure. We encourage you to enable MFA on your organization’s accounts whenever possible. You can learn more about MFA on the NCA website and use the 2FA Directory to see which websites offer MFA.
- MFA is a highly effective cybersecurity measure, but hackers will still attempt to bypass it. If you receive MFA requests when you are not trying to access an account:
- Do not approve the requests.
- Update your password.
- Reach out to your IT department or the relevant service provider.
- Using layered cybersecurity controls is crucial; if one fails, others can still help prevent a breach. Download our free CapinTech e-book and follow the steps in the “Application Security” section to help improve cybersecurity in your organization.
Using Strong Passwords
Passwords can serve as a major defense against cybersecurity threats — but they also can become a vulnerability.
- Assess your organization’s existing password policies and consider:
- Adding length and complexity to password requirements, which makes it harder for a password to be compromised.
- Establishing processes to identify if a password is compromised and forcing a password reset at that time.
- Learn more about best practices and steps for password management and authentication security on the Cybersecurity & Infrastructure Security Agency website.
- Over a third (35%) of respondents in the NCA report admitted they reuse passwords for multiple accounts. This puts all the user’s accounts at risk if just one is compromised. Where feasible, use unique passwords across all systems and consider these recommendations to help make passwords stronger at your organization.
Updating Software
Software updates provide important security patches. Keeping systems and software up to date is a crucial cybersecurity measure, and understanding what needs to be managed is essential.
- Among U.S. respondents in the NCA report, 43% said they “sometimes,” “rarely,” or “never” install software updates. Understand what systems you have that need to be updated and establish procedures to identify and apply patches.
- Centralized patch management solutions can be beneficial. If that’s not an option for your organization, we suggest creating strict guidelines and manual procedures to ensure devices remain updated. This should include training your end users to recognize legitimate updates and understand how to install them, or notifying them via email when updates are required.
- You can follow these three steps to create, use, and maintain an effective application and software inventory.
Recognizing and Reporting Phishing
Phishing continues to be a significant cybersecurity concern, but there are ways you can reduce your risk.
- While 67% of participants in the NCA report are confident that they can successfully recognize phishing attacks, phishing remains a prevalent danger. There are measures you can take to mitigate your risk. Here’s an overview of how phishing attacks operate and some key points to keep in mind.
- More than half (52%) of respondents in the NCA report said they felt more confident in their ability to identify and report phishing attacks after completing a cybersecurity training course, and employee training and testing can help minimize your organization’s risk. Check out this article to learn more about effective cybersecurity training for employees.
- If you’d like help deploying a phishing test within your organization, CapinTech can help. Learn more here!
Next Steps
As cybersecurity risks evolve, your organization’s cybersecurity controls must evolve with them. Here are resources to help:
- Join us for our free “Cybersecurity Year-End Review” Cyber Series webcast on Wednesday, December 4 at 1 p.m. EST to learn about current best practices, what to look out for as we approach 2025, and lessons from recent breaches. You can learn more and register here.
- Explore resources on cyber insurance, critical controls, employee training, and more on our website.
- Follow us on LinkedIn, X (formerly Twitter), Facebook, and Instagram for additional resources throughout the year!
If you have questions or would like to explore how CapinTech can assist your organization in minimizing your cyber risk, please contact us.

Allison Davis Ward
Allison Davis Ward is a Partner at CapinTech. Throughout her time as an information systems auditor and senior manager, Allison has provided information security assessment and consulting services primarily for nonprofit organizations, financial institutions, and health facilities. In addition to these services, she has provided clients with consulting services in risk assessment and policy development engagements.