To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Community IT Innovators Nonprofit Nonprofit Technology Nonprofit Management Fundraising Charity Non-Profit Business Communities Nonprofit Leadership NGO MSP Managed IT Services Outsourcing
Content provided by Community IT Innovators. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Community IT Innovators or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Similar to Community IT Innovators Nonprofit Technology Topics

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Community IT Innovators Nonprofit Technology Topics »
Cybersecurity, Viruses, Phish-Resistant MFA with Matt Eshleman

19:49
 
Play
Playing
Share
 

MP3Episode home
Manage episode 510443625 series 2810457
Content provided by Community IT Innovators. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Community IT Innovators or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman offered his take on these trends. Listen for expert advice on avoiding new computer viruses and making sure your organization is protected from Attacker-in-the-Middle attacks on MFA (Multi-Factor Authentication), particularly for important accounts like your Executive Director and CFO.

Fighting Viruses

  • Virus attacks have been increasing. These computer viruses are no longer just malware that “infects” your network through an email link or website.
  • Bad actors know we are suspicious of links in our email and that these days most malicious emails are stopped from reaching our inboxes. As a work around, they have started sending a document with instructions to open the document with a “secure code” – actually a malicious code. In this way, they trick the victim into running the attack against themselves.
  • To resist this attack, always think – if the document you need to open is legitimate, and the person emailing it to you is genuine, they can send you a pdf. You should be very suspicious of any attachment that requires another set of steps to open, particularly executing code on your computer.
  • Other ways you may pick up a computer virus: downloading something malicious online. Be careful to double check you are on a legitimate site before downloading anything. Better yet, use the App Store where possible.
  • We are also seeing an increase in malicious pop-ups. If a window opens on your computer saying you have a virus, it can be scary. Always contact your own IT provider. Do not follow the directions the pop up is giving you to get “support,” or you will be calling the scammer.

Using Phish-Resistant MFA

  • Community IT continues to recommend that all users use a Multi-Factor Authentication method on all accounts.
  • Because MFA is so effective, it is not surprising that attackers are trying to work around it. In the past few years Attacker-in-the-Middle attacks have been on the rise. In this attack, the bad guys trick a user into “logging in” in a way that exposes their secure token for the attacker to steal. The attacker can then login as the user from a different device and gain access to anything the user has access to.
  • Phish-Resistant MFA, like using a passkey or Microsoft Hello, will only allow the MFA to be authenticated from the device where you are. You can also use a physical key like Ubikey or FIDO, which must be present to allow the login.
  • Community IT is recommending at a minimum that all accounts with access to sensitive data such as Executive Director, CFO, maybe Board members, the executive team, should use Phish-Resistant MFA to best protect the organization. Of course, any access to your network is a risk, so where possible, investing in Phish-Resistant MFA for all staff is a good investment.
  • Training on Phish-Resistant MFA can lessen the friction or feeling that an extra step is required. Most Phish-Resistant MFA is quick to use and easy to learn. Peace of mind is worth it.

Community IT hopes that building this culture of care at your organization makes it easier for you to update your staff on new threats and scams through your regular training program.

_______________________________
Start a conversation :)

Thanks for listening.

  continue reading

247 episodes

#Tech #Community IT Innovators #Nonprofit #Nonprofit Technology #Nonprofit Management #Fundraising #Charity #Non-Profit #Business #Communities #Nonprofit Leadership #NGO #MSP #Managed IT Services #Outsourcing
Artwork

Cybersecurity, Viruses, Phish-Resistant MFA with Matt Eshleman

Community IT Innovators Nonprofit Technology Topics

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 510443625 series 2810457
Content provided by Community IT Innovators. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Community IT Innovators or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman offered his take on these trends. Listen for expert advice on avoiding new computer viruses and making sure your organization is protected from Attacker-in-the-Middle attacks on MFA (Multi-Factor Authentication), particularly for important accounts like your Executive Director and CFO.

Fighting Viruses

  • Virus attacks have been increasing. These computer viruses are no longer just malware that “infects” your network through an email link or website.
  • Bad actors know we are suspicious of links in our email and that these days most malicious emails are stopped from reaching our inboxes. As a work around, they have started sending a document with instructions to open the document with a “secure code” – actually a malicious code. In this way, they trick the victim into running the attack against themselves.
  • To resist this attack, always think – if the document you need to open is legitimate, and the person emailing it to you is genuine, they can send you a pdf. You should be very suspicious of any attachment that requires another set of steps to open, particularly executing code on your computer.
  • Other ways you may pick up a computer virus: downloading something malicious online. Be careful to double check you are on a legitimate site before downloading anything. Better yet, use the App Store where possible.
  • We are also seeing an increase in malicious pop-ups. If a window opens on your computer saying you have a virus, it can be scary. Always contact your own IT provider. Do not follow the directions the pop up is giving you to get “support,” or you will be calling the scammer.

Using Phish-Resistant MFA

  • Community IT continues to recommend that all users use a Multi-Factor Authentication method on all accounts.
  • Because MFA is so effective, it is not surprising that attackers are trying to work around it. In the past few years Attacker-in-the-Middle attacks have been on the rise. In this attack, the bad guys trick a user into “logging in” in a way that exposes their secure token for the attacker to steal. The attacker can then login as the user from a different device and gain access to anything the user has access to.
  • Phish-Resistant MFA, like using a passkey or Microsoft Hello, will only allow the MFA to be authenticated from the device where you are. You can also use a physical key like Ubikey or FIDO, which must be present to allow the login.
  • Community IT is recommending at a minimum that all accounts with access to sensitive data such as Executive Director, CFO, maybe Board members, the executive team, should use Phish-Resistant MFA to best protect the organization. Of course, any access to your network is a risk, so where possible, investing in Phish-Resistant MFA for all staff is a good investment.
  • Training on Phish-Resistant MFA can lessen the friction or feeling that an extra step is required. Most Phish-Resistant MFA is quick to use and easy to learn. Peace of mind is worth it.

Community IT hopes that building this culture of care at your organization makes it easier for you to update your staff on new threats and scams through your regular training program.

_______________________________
Start a conversation :)

Thanks for listening.

  continue reading

247 episodes

#Tech #Community IT Innovators #Nonprofit #Nonprofit Technology #Nonprofit Management #Fundraising #Charity #Non-Profit #Business #Communities #Nonprofit Leadership #NGO #MSP #Managed IT Services #Outsourcing

כל הפרקים

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to Community IT Innovators Nonprofit Technology Topics

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play