Nonprofit Resources
Cybersecurity Awareness Month 2022: Resources and Tips
October is Cybersecurity Awareness Month, and each week we’ve shared tips, articles, and other resources on social media to help organizations reduce their cyber risks.
This year, we focused on four key behaviors highlighted by the National Cybersecurity Alliance: enabling multi-factor authentication (MFA), using strong passwords, recognizing and reporting phishing, and updating software. Below is a look at what we shared.
Enable Multi-factor Authentication
MFA is an additional layer of authentication that combines something you know (e.g., a user ID and password) with something you have (e.g., a token), and/or something you are (e.g., biometrics such as a fingerprint scan). MFA provides a layer of control to prevent unauthorized access if login credentials are stolen or successfully guessed.
- Almost all — 99.9% — of account hacks could have been blocked by MFA, according to the National Cybersecurity Alliance. Check out the Lock Down Your Login site for information on how to turn on strong authentication controls for popular websites and servers.
- The need for complex and layered password, account lockout, and MFA controls is increasing. Download our free CapinTech e-book and follow the steps in the “Application Security” section to help balance cybersecurity with efficiency at your organization.
Use Strong Passwords
Passwords are one of the top cybersecurity risks, which means that strong passwords are a key cybersecurity defense.
- 81% of cyber breaches used stolen or weak passwords, according to LastPass. And 61% of employees say they use the same passwords for multiple accounts. Follow these three steps for stronger passwords at your organization.
- Learn best practices and practical steps for authentication and password security with this recorded CapinTech webcast.
Recognize and Report Phishing
Phishing is one of the most common cybersecurity threats, so it’s important to understand how phishing attempts work and how to recognize them.
- One click is all it takes to fall victim to a phishing attack. Learn how to protect your organization.
- Nearly three out of four companies experienced a phishing attack in 2020, according to Symantec. Cybersecurity training can help your employees understand the risk and how to avoid it. These tips can help you develop an effective cybersecurity training program for your organization.
Keep Software Updated
Unpatched or outdated systems increase the likelihood of vulnerability exploitation by hackers and increase the impact of malware. We recommend that organizations develop strict guidelines for ensuring their systems are regularly updated.
- Software updates fix issues and provide important security patches. Yet nearly one-third of individuals surveyed by the National Cybersecurity Alliance said they sometimes, rarely, or never install software updates. Here are some quick tips to help.
- Creating an inventory is an important step in keeping your software and applications updated. Follow these three steps to get started.
Additional Resources
Cyber threats are constantly evolving. Here are some additional resources to help keep cybersecurity a top priority at your organization:
- Don’t miss our free Cyber Series webcast on “Cybersecurity Training and Best Practices” on November 30, 2022, at 1 p.m. EST. Learn more and register here. If you can’t make it, you can sign up to receive the recording.
- Check out the cybersecurity resources on our website. We cover a range of topics, including ransomware, recent breaches, vendor management, and much more.
- Follow us on LinkedIn, Twitter, Facebook, and Instagram for ongoing insight and resources year-round!
If you have questions about any of these resources or would like to discuss how CapinTech can assist your organization in assessing and reducing your cyber risk, please contact us at [email protected].
Allison Davis Ward
Allison Davis Ward is a Partner at CapinTech. Throughout her time as an information systems auditor and senior manager, Allison has provided information security assessment and consulting services primarily for nonprofit organizations, financial institutions, and health facilities. In addition to these services, she has provided clients with consulting services in risk assessment and policy development engagements.