Cybersecurity, Viruses, Phish-Resistant MFA with Matt Eshleman episode artwork

EPISODE · Oct 3, 2025 · 19 MIN

Cybersecurity, Viruses, Phish-Resistant MFA with Matt Eshleman

from Community IT Innovators Nonprofit Technology Topics · host Community IT Innovators

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman offered his take on these trends. Listen for expert advice on avoiding new computer viruses and making sure your organization is protected from Attacker-in-the-Middle attacks on MFA (Multi-Factor Authentication), particularly for important accounts like your Executive Director and CFO.Fighting VirusesVirus attacks have been increasing. These computer viruses are no longer just malware that “infects” your network through an email link or website. Bad actors know we are suspicious of links in our email and that these days most malicious emails are stopped from reaching our inboxes. As a work around, they have started sending a document with instructions to open the document with a “secure code” – actually a malicious code. In this way, they trick the victim into running the attack against themselves. To resist this attack, always think – if the document you need to open is legitimate, and the person emailing it to you is genuine, they can send you a pdf. You should be very suspicious of any attachment that requires another set of steps to open, particularly executing code on your computer.Other ways you may pick up a computer virus: downloading something malicious online. Be careful to double check you are on a legitimate site before downloading anything. Better yet, use the App Store where possible. We are also seeing an increase in malicious pop-ups. If a window opens on your computer saying you have a virus, it can be scary. Always contact your own IT provider. Do not follow the directions the pop up is giving you to get “support,” or you will be calling the scammer. Using Phish-Resistant MFACommunity IT continues to recommend that all users use a Multi-Factor Authentication method on all accounts.Because MFA is so effective, it is not surprising that attackers are trying to work around it. In the past few years Attacker-in-the-Middle attacks have been on the rise. In this attack, the bad guys trick a user into “logging in” in a way that exposes their secure token for the attacker to steal. The attacker can then login as the user from a different device and gain access to anything the user has access to.Phish-Resistant MFA, like using a passkey or Microsoft Hello, will only allow the MFA to be authenticated from the device where you are. You can also use a physical key like Ubikey or FIDO, which must be present to allow the login.Community IT is recommending at a minimum that all accounts with access to sensitive data such as Executive Director, CFO, maybe Board members, the executive team, should use Phish-Resistant MFA to best protect the organization. Of course, any access to your network is a risk, so where possible, investing in Phish-Resistant MFA for all staff is a good investment.Training on Phish-Resistant MFA can lessen the friction or feeling that an extra step is required. Most Phish-Resistant MFA is quick to use and easy to learn. Peace of mind is worth it. Community IT hopes that building this culture of care at your organization makes it easier for you to update your staff on new threats and scams through your regular training program.  _______________________________Start a conversation :)Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/email Carolyn at [email protected] LinkedIn on reddit/r/nonprofitITmanagementon the Community IT websiteThanks for listening. 

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman offered his take on these trends. Listen for expert advice on avoiding new computer viruses and making sure your organization is protected from Attacker-in-the-Middle attacks on MFA (Multi-Factor Authentication), particularly for important accounts like your Executive Director and CFO. Fighting Viruses Virus attacks have been increasing. These computer viruses are no longer just malware that “infects” your network through an em...

NOW PLAYING

Cybersecurity, Viruses, Phish-Resistant MFA with Matt Eshleman

0:00 19:49

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Community IT Innovators Nonprofit Technology Topics?

This episode is 19 minutes long.

When was this Community IT Innovators Nonprofit Technology Topics episode published?

This episode was published on October 3, 2025.

What is this episode about?

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman offered his take on these trends. Listen for expert advice on avoiding new computer viruses and making sure your organization is protected from Attacker-in-the-Middle attacks on MFA...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Community IT Innovators Nonprofit Technology Topics episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!