While the human suffering associated with Russia’s invasion of Ukraine has deservedly taken most of the headlines, the fact remains that the conflict is taking place in a part of the world known as a hotbed for ransomware and other cyber threats. The potential threat to American businesses is very real, to the extent that the White House has taken the unusual step of issuing a blanket advisory.
The announcement from the White House Briefing Room begins: “Due to evolving intelligence that Russia may be exploring options for potential cyberattacks, the White House urges U.S. companies to prioritize strengthening their cybersecurity defense by implementing the following:”
Here are the eight steps currently recommended by the White House:
Mandate the use of MFA: Multi-factor Authentication (MFA) has been a best practice for some time, yet some businesses continue to resist due to the perceived inconvenience of a login process that requires another step, usually a one-time code delivered via SMS. It’s time to stop resisting. MFA may be the single most effective way to prevent unauthorized access to your systems.
Deploy modern security tools: This may seem obvious, but too many businesses relax into a ‘set and forget’ mode. The threat landscape has changed dramatically; if you’re still using the same solutions from a few years ago, you’re leaving yourself vulnerable.
Ensure systems are protected: That’s a vague headline, but it refers to keeping systems patched and protected, and to requiring scheduled password changes to render any previously stolen credentials useless. Needless to say, strong passwords are a must (see our post on creating great passwords here)
Back up data: More than simply backing up, this encompasses regularly checking those backups to make sure they’re viable, and using offline backups to keep data out of reach of malicious actors.
Run exercises: We would bet that this one is most often overlooked. Just as you would drill for a safe exit from your facility in the event of a physical emergency, you should have a complete response plan for a cyber breach, and should practice so your team can respond quickly and effectively.
Encrypt data: This is another step that adds a layer of inconvenience, but encrypted data is useless to thieves, and is likely to send them looking for a softer target.
Educate employees: The best way to respond to a cyberattack is not to have one in the first place, and your first line of defense is an educated team. Train your staff to recognize the common tactics used in cyberattacks, and to view any outside communications with extreme caution.
Engage with local resources: While the White House advice on this front involves ‘informational websites,’ we would suggest that you need well-qualified IT professionals in your corner. The threat landscape changes constantly, and specialized knowledge is required to stay ahead of the dangers.
Questions about current cybersecurity threats, or security in general? Contact Hill Tech Solutions.