In this episode of Reboot IT, host Dave Coriale, President of DelCor, is joined by Andrew Leggett, Director of Cybersecurity, and Chris Ecker, CTO, to explore the evolving cybersecurity landscape for associations and nonprofits. They discuss the shift toward phishing-resistant MFA, the impact of AI on cyberattacks, and the importance of layered security strategies. The conversation emphasizes how organizational culture, user training, and smart technology choices work together to protect sensitive data and systems. 

Themes and Topics: 

Phishing-Resistant MFA 

• Traditional MFA tokens are vulnerable to interception during phishing attacks. 
• Passkeys and QR codes offer encrypted, device-specific authentication. 
• User experience improves with passwordless logins and fewer steps. 

AI-Enabled Cyber Threats 

• AI lowers the barrier to entry for attackers by automating phishing and scripting. 
• Tools like Copilot can be used maliciously to locate sensitive data quickly. 
• Organizations must train users to monitor prompt history and unusual activity. 

Layered Security Strategy 

• Effective cybersecurity requires training, monitoring, and prevention tools working together. 
• Threat detection systems vary in effectiveness depending on configuration and attacker location. 
• Layering includes phishing-resistant MFA, identity monitoring, and user education. 

Cybersecurity Culture & Training 

• A top-down approach is essential; executives must model secure behavior. 
• Encouraging users to report suspicious activity without fear of blame is key. 
• Training must be ongoing and integrated into organizational culture. 

Copilot and Oversharing Risks 

• Copilot indexes all tenant data and honors existing permissions, but overshared files are vulnerable. 
• Organizations must audit and remediate permissions in SharePoint, OneDrive, and email. 
• Misconfigured access can expose sensitive data like salary or ACH info. 

Cyber Insurance & Compliance 

• MFA is already a requirement for most cyber insurance policies. 
• Phishing-resistant MFA may soon become a standard requirement. 
• Organizations without it may face higher premiums or denial of coverage.