Cybercriminals will not go away after the pandemic. In fact, they’re now more emboldened because of the recent successful breaches. Let’s remember, for example, in the UN mega-breach this year, hackers obtained employee credentials from the dark web and performed illegal activities between April and August. While the UN has yet to assess the overall damage in its network, researchers discovered that at least 100,000 employee private records were exposed.
The current COVID-19 related misinformation will continue well after the pandemic. That won’t stop, but the messaging will shift from pandemic information to post-recovery misinformation. For example, during 2021, we saw that there were numerous fake news articles related to the stimulus package. So, you can see that cyber criminals are actually changing their attacks and their phishing messages to align with the current state of the pandemic. Well, we also are seeing cybercriminals offering fraudulent products related to COVID-19, including masks and medicine as we move beyond the pandemic.
Therefore, we encourage all nonprofits to continue to stay vigilant, and for that, we have prepared the five best cybersecurity practices for nonprofits to protect their credentials:
Don’t use words that are in the dictionary as passwords.
Instead of coming up with a complex password that is hard to remember, consider using a long passphrase that involves combining words into long strings of at least 15 characters. Longer passphrases, despite relying on simpler words with special characters, are harder to crack and are easier to remember than complex passwords. Keeping passwords confidential is very important. Do not divulge your passwords, even to IT staff.
Two-factor authentication is simply a must.
By requiring a second form of identification, there is a significant increase in user security and a reduction. in the probability that cybercriminals will impersonate a user, even when they have their password for more than one program or website. This makes it harder for cybercriminals to break into multiple accounts and applications that you use.
Consider using a password management tool
Avoid public Wi-Fi and untrusted devices.
Your nonprofit’s credentials are especially at risk when you use public Wi-Fi (e.g. hotels, libraries, coffee shops, airports) and untrusted devices. The risk here is that these are already infected with malware which can easily hijack your account.
Watch out for social engineering and phishing attacks.
Phishing scams are a common way that users get their credentials compromised. It’s a form of social engineering attack that tricks users into inadvertently clicking on links or downloading files that will infect their networks and compromise their credentials.
Now that you know how nonprofits can protect their credentials, take a look at these resources that might help you step up your cybersecurity game:
Learn how this guide to cybersecurity for nonprofits can support your mission and operations.
This nonprofit cybersecurity checklist will help you understand where your organization is vulnerable. Use them as a starting point in your next cybersecurity meeting.
This whitepaper will help you understand what the main differences between IT and InfoSec professionals are.
Understand your organization’s current security posture. The knowledge gained through this assessment will help guide the decisions that will need to be made to improve your security and align your risk with acceptable tolerance levels.