Nonprofit Resources


Cybersecurity Awareness Month 2023: Tips to Help Reduce Your Risk

It’s Cybersecurity Awareness Month! Throughout October, we’ve been using social media to share resources and tips focused on four key areas highlighted by the National Cybersecurity Alliance (NCA):

  • Enabling multi-factor authentication (MFA)
  • Using strong passwords
  • Updating software
  • Recognizing and reporting phishing

Below is a recap of what we’ve been sharing.


Enabling Multi-factor Authentication

MFA is an additional layer of authentication combining something you know (e.g., a user ID and password) with something you have (e.g., a token) and/or something you are (e.g., biometrics such as a fingerprint scan). This makes it hard for hackers to access an account even if they know the password.

  • Only 57% of respondents in an NCA survey said they had heard of MFA. Of those who had, however, 79% had applied it to their online accounts and 94% were still using it, demonstrating that this can be an effective ongoing cybersecurity control. You can learn more about MFA on the NCA website and check the 2FA Directory to see which websites offer MFA.
  • MFA is a very effective cybersecurity control, but hackers try to get around it. If you receive MFA authentication requests when you are NOT trying to log into an account:
    • Don’t approve the requests
    • Change your password
    • Contact your IT department or the service or platform provider
  • It’s important to use layered cybersecurity controls so that if one control fails, others are in place to help stop a breach. Download our free CapinTech e-book and follow the steps in the “Application Security” section to help balance cybersecurity with efficiency at your organization.


Using Strong Passwords

The humble password remains a key cybersecurity defense. It also continues to be a top cybersecurity risk.

  • Evaluate your organization’s current password controls and consider:
    • Adding length and complexity to password requirements, which makes it harder for a password to be compromised
    • Establishing processes to identify if a password is compromised and forcing a password reset at that time
  • Watch this recorded CapinTech webcast on-demand to learn best practices and practical steps for password management and authentication security.
  • Over a quarter (28%) of users reuse passwords for multiple work-related accounts, according to the Proofpoint “2023 State of the Phish” report. This puts all the user’s accounts at risk if just one is compromised. Follow these three steps for stronger passwords in your organization.


Updating Software

Keeping systems and software updated is an important cybersecurity control because updates provide crucial security patches.

  • Almost two in five respondents to an NCA survey said they either “sometimes,” “rarely,” or “never” install software updates. A centralized patch management solution can help. If that’s not feasible for your organization, we recommend that you develop strict guidelines and manual procedures to keep devices updated. This includes training your end-users to know which updates are legitimate and how to install them or emailing end-users when updates are needed.
  • Knowing what systems and software you need to manage is a vital step in keeping them updated. There are automated tools that can assist you with this inventorying process. You also can follow these steps to create an inventory and use and maintain it effectively.


Recognizing and Reporting Phishing

Phishing remains a significant cybersecurity threat, but fortunately, there are steps you can take to reduce your risk.

  • Among survey respondents in Proofpoint’s “2023 State of the Phish” report, 84% said their organization had experienced at least one successful email-based phishing attack in 2022, and 54% said they experienced three or more attacks. Here’s a look at how phishing attacks work, with some important takeaways to keep in mind.
  • Only 35% of organizations conduct phishing tests, according to the Proofpoint report. The report also notes that there has been a 76% increase in direct financial loss from successful phishing since the prior year. Employee training and testing can help reduce your organization’s risk. You can learn about effective employee cybersecurity training with this article.
  • CapinTech offers phishing testing to help. Learn more here.


Next Steps

Cybersecurity risks are always changing and evolving, and organizations’ cybersecurity controls need to evolve, too. Here are some additional resources to help:

  • Join us for our free “2023 Cybersecurity Year-End Review” Cyber Series webcast on November 29 at 1 p.m. EST for a look at current cybersecurity best practices, lessons learned from recent breaches, and what to watch for in 2024. You can learn more and register here.
  • Explore the cybersecurity resources available on our website. Topics include cyber insurance, critical cybersecurity controls, employee training, and much more.
  • Follow us on LinkedIn, X (formerly Twitter), Facebook, and Instagram for additional resources throughout the year!

If you have questions or would like to discuss how CapinTech can assist your organization in assessing and reducing your cyber risk, please contact us.

Allison Davis Ward

Allison Davis Ward is a Partner at CapinTech. Throughout her time as an information systems auditor and senior manager, Allison has provided information security assessment and consulting services primarily for nonprofit organizations, financial institutions, and health facilities. In addition to these services, she has provided clients with consulting services in risk assessment and policy development engagements.

Leave a Comment