Federal Agency Issues ‘Shields Up’ Warning regarding Preparation for Disruptive Cyber Activity

The U.S. Cybersecurity & Infrastructure Agency (CISA) has issued a rare “shields up” warning regarding cybersecurity attacks, saying that every organization, of every size, should be prepared to respond to disruptive cyber activity. Specifically, the warning states:

“While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.” [emphasis added]

CISA goes on to recommend that “all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”

To help protect against cyberattacks and decrease the severity of their impact, businesses should take the following steps:

• Run and maintain backups of critical data offline in the cloud or on an external hard drive.
• Secure data backups so that the backup is not accessible for modification or deletion from the system where the original information is housed.
• Install and update anti-virus and anti-malware software.
• Instruct employees to only use secure networks and avoid public Wi-Fi networks.
• Use multi-factor authentication when users log in.
• Require employees to use strong passwords and ensure they are not reused across multiple accounts.
• Remind employees not to click on suspicious links and conduct regular tests and training to raise awareness.
• Identify employees who are on call for any IT security issues that arise on weekends or holidays.
• Ensure appropriate cybersecurity insurance coverage.
• Review and regularly update your company’s privacy and cybersecurity policies.

The Corporate and Litigation Groups at Levenfeld Pearlstein are available to assist with any cybersecurity issues you may have. We would be happy to review your existing Information Security Programs and assist with drafting any necessary updates as well. Please don’t hesitate to reach out.