Having strong passwords and using multifactor authentication are easy and affordable ways for nonprofits to improve their IT security and infrastructure.
While discussions occur about maturing information security programs at organizations, basic security hygiene is often overlooked for advanced technology products. While these products certainly are beneficial in many cases, overlooking the risks associated with poor security basics could lead to a compromise of an organization’s network. In this blog, we discuss the security basics of passwords, and the use of multifactor authentication.
Passwords
User education around choosing non-basic passwords is paramount to an organization’s security posture. We as users must frequently keep up with multiple passwords, which generally leads to user laziness in the passwords we choose. We create passwords which we can easily remember, which in turn, could be easily guessable by malicious actors. We at CLA generally recommend a password minimum length of 14 characters for domain users, and 20+ characters for administrators. We also suggest implementing a password history of 12 to 24 passwords remembered, meaning users cannot use their last 12-24 passwords. We also encourage the use of passphrases versus passwords. This helps with password complexity as well as hard to guess and hard to crack passwords.
Organization’s may utilize frequent password auditing and blacklisting of known poor passwords, in combination with passphrases requiring at least 14 characters to reduce complexity or change frequency requirements. Single Sign On, enterprise password managers, and multifactor authentication (MFA) are also encouraged per guidance from the National Institute of Standards and Technology (NIST).
Multi-Factor Authentication
MFA is achieved after a user has provided two or more factors to an authenticating mechanism, such as something the user knows, has, or is (i.e., pin codes, push notifications, security questions). Multi-factor authentication should be implemented for users, especially those who are connecting remotely to log in to the network as this can significantly reduce the risk of unauthorized access to networks and systems.
For more information on passwords and multi-factor authentication, please read this blog.
How CLA Can Help?
CLA’s cybersecurity team has a deep understanding of the current threat landscape and can assist with the auditing of passwords as well as education around the creation of strong and distinctive passwords. CLA can also assist with policy development as well as help implement MFA at your organization. Don’t go at it alone. Learn more here, and reach out if you have any questions.
This content was written by Javier Young, CLA’s Cybersecurity Principal.
Keep Pace with Our Cybersecurity Education Series for Nonprofits
Cybersecurity Education Series for Nonprofits – Series Introduction
Want to learn more? Complete the form below and we'll be in touch. If you are unable to see the form below, please complete your submission here.Contact us