Urgent Cyber Alert: Shields Up
What’s Happening
The Russian invasion of Ukraine has created an increased risk of cyberattacks across organizations of all sizes. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint Cybersecurity Advisory to help protect organizations from destructive malware used in Ukraine.
What It Means
We must all remain vigilant in our daily interactions with technology, email, and web browsing, and pay special attention to any unsolicited communications from both known and unknown contacts.
Operation “Shields Up” has been announced by CISA in direct response to the Russian invasion of Ukraine. While we have all seen the horrific bloodshed and acts of war laid out before us in near real-time, what is less visible is the tremendous battle brewing behind the scenes in “Cyber Space.”
Many security vendors and public/private partnerships are sounding the alarm to be prepared for potential disruptions in everyday life, including banking, oil, transportation, and other targeted areas of critical infrastructure. Further economic strain throughout the region and beyond is a real possibility.
Actions to Take
It is now more important than ever for each of us to take a deep breath and slow down when we are interacting with others over the internet. TikTok, Instagram, Facebook, or “old school” email make it easy to become the victim of a cybercriminal. Phishing still reigns supreme in how cybercriminals gain a foothold into an organization’s network, initiate ransomware attacks, and steal your data for all to see. In fact, more than 62% of all cyber incidents last year were “malware” free. This means the attack was not started by a computer virus; rather, the criminal was simply able to gain access by interacting with an employee and effectively “walk in the front door.”
Best Practices:
- 2-Factor Authentication: If your organization does not use 2-factor authentication to protect access to your critical resources, please reach out immediately to your tech providers to get that enabled. On a personal level, it is equally important to turn on 2-factor authentication wherever possible throughout the course of your daily interactions on the internet. Make sure 2-factor authentication is turned on for your email, bank accounts, and social media platforms.
- Backups: Backup your data on a frequent basis. If you are hit with a ransomware event and your data becomes encrypted, you need a means to quickly recover your data without having to pay a ransom to a criminal. Just as important as backing up your data is restoring your data. When is the last time you verified you can recover data from your backups? Test your data restoration capabilities on a regular basis to make sure, in time of need, you can quickly recover and get back to work.
- Passphrases: Use a passphrase instead of a password. What is a passphrase? Simply put, it is a short sentence, including spaces and punctuation. Instead of TryingT@BeCLEVER! you can just make that into a sentence, such as I am trying to be clever! The passphrase is more secure than the “old school” password and has the added benefit of being much easier to remember. If anything, stop using the most common hacked passwords of 2022, including the favorite password123!
- Email Phishing: Be on the lookout for unsolicited communications from known and unknown contacts. Often you may receive an email from a business associate you have worked with recently or years ago. They may be a trusted close contact who has had their email hacked, and unbeknownst to you, you are now communicating with a criminal instead of the trusted person. They may be asking you to review a document or click on a random web link. Proceed with great caution if this occurs. If you ever open a link and it asks for your personal or organization password, immediately stop and contact your go-to tech resource to see if the site is legitimate. When in doubt, always ask.
- Password Manager: Use a password management system to help manage your passwords. These services can help alert you to weak or reused passwords, which are estimated to cause 81% of data security incidents. Be sure to stop using the same password across multiple websites. This is one of the easiest ways to allow a criminal access to your data.
- Cyber Insurance: In 2021, the average cost of a data breach reached a staggering $4.24 million. In the event of a cyber incident, you will want to have access to the right resources in helping your organization get back on track as quickly as possible. Cyber insurance can help offset the cost of a data breach and provide a host of resources to help enhance your organization’s cyber security posture.
In Conclusion
The concept of cyber best practices is nothing new. However, in light of recent global threats, cyber best practices are now a must for all Americans. Please take these recommendations seriously and help in the collective effort to raise our nation’s security posture in the ever-increasing cyber world in which we live.
Bernstein Shur’s Cybersecurity and Data Security Service team offers a comprehensive approach to help protect your sensitive information and data from intentional or accidental exposure and theft, as well as ensuring your organization is following best practices to comply with ever-changing privacy and data security regulations.
In today’s fast paced digital landscape, it is critical to stay up to date with technology that supports your business objectives and provides a competitive advantage. Our unique offering addresses both the technical and legal aspects surrounding your data and technology needs.
Bernstein Shur’s Chief Information Officer Matthew Kramer was a contributor to this client alert.