Holiday Cyber Best Practices: CISA and FBI Guidance
Free Article Limit This Month
With the holiday season ahead, past trends indicate that threat actors will take advantage of businesses and organizations at reduced staffing levels and individuals working remotely. This alert highlights actions that can be taken proactively to defend against possible ransomware, business email compromise, or other forms of cyber threats.
The Cybersecurity & Infrastructure Security Agency and the FBI strongly urge all entities-especially critical infrastructure partners-to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:
- Identify business operations and technical security personnel for weekends and holidays that would be available to surge in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords or passphrases and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links and conduct exercises to raise awareness.
In addition to CISA and the FBI's recommended actions, preparation including reviewing, practicing, and updating incident response plans, remote work plans, and backup contact trees can help to reduce the risk of business interruption.
For more information, contact Lauren Saleh [email protected] or Jeffrey Wells [email protected].
The views and opinions expressed in the article represent the view of the author and not necessarily the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is intended to be a substitute for professional legal advice.
ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.