March 8, 2022
The Homeland Security Cybersecurity Infrastructure Security Agency (CISA) has warned Russia’s unprovoked attack on Ukraine, which has involved cybersecurity attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. Every organization regardless of size should be prepared to respond to a cyber-attack.
Take Proactive Steps Now
There are some simple steps you can take now to reduce the likelihood of, or impact of, a cybersecurity attack:
- Validate that all remote access to the organization’s network (and privileged or administrative access) requires multi-factor authentication.
- Ensure that software is up-to-date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Conduct a tabletop exercise to ensure all participants understand their roles during an incident.
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is affected by ransomware or a destructive cyberattack. Ensure that backups are isolated from network connections.
- Conduct cybersecurity training to remind employees of cyber hygiene basics. Include fundamentals such as, “Never enter your network password for anything other than network-related logins”.
Concerned? Our Team Can Help.
Sign up for GRF’s 60-day or 365-day Cybersecurity Risk Assessment and Scorecard, including patch management visibility, to help reduce exposure to threats. Results can be provided within 24 hours.
GRF has made a tremendous investment in state-of-the-art cybersecurity audits for our clients. Learn more about our expanded cybersecurity capabilities.