Speaking of targeted phishing emails, are you providing staff information on the public side of your websites?
CAHF/QCHF is, and I am trying to get that changed.
The targeted phishes are up to date and personal – and aimed at our new Accounts Payable person and the CEO and CFO.
Do you think moving the names and titles behind the member login will help, or is it already too late?
At the end of the day, I think the most important defensive measure is training.
We use Knowbe4. There's new hire training, regular intrusion testing, remedial training for those who fail the intrusion tests. There's also nonprofit pricing.
We're down to about 4% vlumerability when school is in session, and 1% when my teachers are on vacation.