BP 11122023 129pm - Flipbook - Page 94
Sites like Secure Password Generator Passphrase Generator= are informational,
helpful and free of charge!
3.6.2 Multifactor Authentication (MFA) provides an additional layer of security (such as a
password and a verification code sent via text) and should be required for access to critical
information, remote access, and Administrator and privileged information. Examples include
email, Office 365 accounts, bank accounts, Amazon business accounts, and on any app or
platform that deals with money for which MFA is available. MFA is often a free component
that must be set up or enabled as MFA has become a baseline of securing confidential
information as cybercrime has continued to rise.
For more information on the MFA, visit the following sites:
What is Multifactor Authentication (microsoft.com)
Multi-factor authentication (MFA) | CISA
3.7 Develop a phishing protocol, which could include:
✓ Regular training of employees about phishing scams
✓ Deleting suspected email
✓ Alerting entire organization as to phishing scheme with a pre-produced phishing notice
3.7.1 Educate employees and other church/mission/campus center/school personnel on
phishing scams. Consider subscribing to a training program like KnowBe4; Ninjio or the
like https://www.gartner.com/reviews/market/security-awareness-computer-basedtraining
3.8 Put measures in place to prevent personal email to be answered on church computers.
Consider using the functionality of your firewall to block personal email sites from their
networked PC’s or laptops as mentioned in 3.1 above.
3.9 Is there a guest network set up for visitors? This would be a separate place (segmented) on
the network from where key operational and financial data resides.
4. DISASTER RECOVERY TIPS
4.1 If data files are not backed-up in the cloud or offsite, establish a back-up plan and monitor.
DO NOT ever consider the use of USB drives to fall under best computing practices. The use of
any USB-based storage device should be prohibited on business PCs as they can introduce
malware to the environment. Contact your 3rd-party IT support group and have them block the
use of these devices on your PCs. For more information on the risks involved, please refer to the
following article: https://us-cert.cisa.gov/ncas/tips/ST08-001
94
