Reading time: 2 minutes 30 seconds
President Joe Biden issued new warnings this week, urging U.S. companies to ensure their digital doors are locked tight because of potential cyberattacks by Russia. While the fighting in Ukraine is worlds away for many California and Texas organizations, the potential for cyberattacks against U.S. businesses has significantly increased. Ransomware attacks, distributed denial-of-service (DDoS) attacks, malware, and other malicious activity have been widely reported. While there have not been many attacks specifically targeting American companies, the Cybersecurity & Infrastructure Security Agency (CISA) strongly encourage management to review, update, and reinforce existing measures. Those with foreign operations in the affected region should prepare for potential intrusions, as well as business in high-profile industries. The agency has outlined several action steps that companies should take now to protect essential digital assets. To help clients, prospects, and others, JLK Rosenberger has provided a summary of the key details below.
CISA Cybersecurity Recommendations
- Reduce the likelihood of a cybersecurity incident. At a minimum, organizations should be using multi-factor authentication to access files or restricted websites. All software and website plug-ins should be up to date. Executives will want to work with IT or cybersecurity consultants to confirm all online ports and protocols that aren’t essential are disabled, and use of cloud services is closely monitored according to approved cybersecurity guidance.
- Identify a potential event quickly. When a cyberattack happens or one is suspected, time is critical. Organizations must have processes and tools already in place to promptly detect potential threats and either limit the damage or shut the incident down altogether. Focus on tools that can detect unusual network behavior and antivirus/antimalware software that’s up to date. Organizations working with Ukrainian organizations need to take extra precautions right now. Be sure to monitor, inspect, and isolate web traffic from Ukrainian sources and carefully review access controls.
- Prepare a coordinated cybersecurity response if an attack happens. It is often not a question of if but when a cyber incident will occur. Executives can get ahead of potential threats early by designating a crisis response team. Main points of contact, roles/responsibilities, and protocol for different scenarios and business continuity should be included. Organizations should also verify that surge support would be available should an incident occur. Know how to reach key personnel off-hours and conduct training exercises with crisis response team members to define roles before something happens.
- Increase cybersecurity resilience. It is important to test backup capabilities to determine how quickly data can be restored and how far back data backups are available. All backups should be on a different server if possible – in the event of a malware attack; hackers would be prevented from having immediate access to these essential files. Industrial or manufacturing companies need to go a step further by ensuring that control systems, operational technology, and critical functions will still work if the network is compromised.
Recommendations for Individuals
CISA stressed the importance of individual multi-factor authentication on all online accounts; running automatic updates on software, applications, and devices; avoiding clicking on unknown or suspicious links in emails or texts; and reviewing/updating passwords.
We’re here to help
During these uncertain times, it is essential to review the company’s cybersecurity protections to ensure effectiveness. A policy of prevention not only ensures critical data is protected but also offers the peace of mind the organization is prepared should something happen.
If you have questions about the information outlined above or need assistance with an accounting or tax issue, JLK Rosenberger can help. For additional information, call us at 818-334-8645 or click here to contact us. We look forward to speaking with you soon.