The White House issued an announcement on March 21st that evolving intelligence has shown that Russia may be exploring options for potential cyberattacks on American businesses.
Who does the announcement impact?
All private and public sector companies are urged to act with urgency to ensure that critical infrastructure is secured and prepared against threat in the midst of the escalating geopolitical tension. The US administration is collaborating domestically and internationally with G7 nations to shore up cyber defenses for critical public and private sector infrastructure.
However, much of the private sector’s lack of preparedness could leave critical infrastructure and information at risk to cyber attacks. The White House called upon private companies to take urgent action and execute immediate steps.
What should my business do?
Your business should have a confident understanding of the security of your external posture (the virtual “doors and windows” of your business). If you are not the person in a position to evaluate this, consider forwarding this article to your company Information Security and/or IT department. The intent of this article is to summarize White House recommendations in order to take action toward basic security maturity and understand if any aspect of your organization is currently vulnerable to threat.
Shields up: 8 steps to take urgent action
The following steps are a summarized overview of recommendations by the White House, to ensure basic security and defenses are in place for your business.
- Mandate the use of multi-factor authentication (MFA)
- Deploy modern security tools on all devices to look for and mitigate threat
- Ensure systems are patched and protected against known vulnerabilities, and change passwords across networks
- Back up data and ensure offline backups are in place
- Run exercises and drill emergency plans to prepare to respond quickly to minimize the impact of any incident
- Encrypt data so it cannot be used if it is stolen
- Educate employees to common tactics attackers use over email or websites, and encourage employees to report if computers or phones exhibit unusual behavior (crashes or slow operation)
- Engage proactively with local FBI field office or CISA Regional Office to establish relationships in advance of any incidents. Encourage your IT and Security leadership to stay up-to-date with CISA and FBI websites to find technical information and other useful resources.
What if my business needs help?
If your business is not equipped to take urgent action, or you are unsure if your business is secure, contact us below for information on our rapid assessment services to help get these in place.
How does my business remain secure in the future?
Defending against known vulnerabilities and implementing the basics are a good first step. Next, it’s important to plan for how your business can continue to exercise best practices for information security health.
Shields up: 5 steps for long-term security planning
The White House encouraged 5 steps for longterm business security planning.
- Build security into your products from the ground up — “bake it in, don’t bolt it on¨
- Develop software only on a system that is highly secure and accessible only to those actually working on a particular project.
- Use modern tools to check for known and potential vulnerabilities. Developers can fix most software vulnerabilities — if they know about them.
- Ensure developers know the origin of software components (open-source or otherwise) and document these in the event one of those components is later found to have a vulnerability.
- Implement security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity. Pursuant to that EO, all software the U.S. government purchases is now required to meet security standards in how it is built and deployed.
How to maintain ongoing information security hygiene
Much like personal hygiene and routine medical exams are important for our personal, physical health, these practices are important for longterm, ongoing information security health. We all know that brushing your teeth, regular flossing, and visiting the dentist are vital for oral hygiene. Routine care and attention can prevent undesirable things from happening and gives you insight into where the bigger problem areas reside.
If it’s time for your business to get a checkup on your security health, there’s several ways Kalles Group can provide help. Contact us below.