Cyber Security and Cyber Crimes
Cyber attacks can happen at any time. Hackers want access to personal and organizations’ computers and networks to acquire financial and personal records. In addition to lone hackers, nation-states are also likely to attack using cyber tactics. While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on the Ukraine which has involved cyber attacks on the Ukrainian government and critical infrastructure, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the U.S. and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.
Personal Preparedness:
- Implement multi-factor authentication on your accounts. A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO key, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Enable multi-factor authentication on your email, social media, online shopping, financial services accounts. And don’t forget your gaming and streaming entertainment services!
- Update your software. In fact, turn on automatic updates. Bad actors will exploit flaws in the system. Update the operating system on your mobile phones, tablets, and laptops. And update your applications — especially the web browsers — on all your devices too. Leverage automatic updates for all devices, applications, and operating systems.
- Think before you click. More than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware.
- Use strong passwords, and ideally a password manager to generate and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on.
Business Preparedness:
- Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls.
- Take steps to quickly detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
- Confirm that the organization's entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with outside organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
- Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
- Maximize the organization's resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.