White House Urges ‘Immediate’ Action to Protect Against Cyber Attacks; A Guide for Business Leaders
March 23, 2022
By Kate M. Siegrist
On Monday, March 21st, an important statement and guidance was delivered for all companies and organizations to bolster their cyber defenses immediately by implementing cyber security best practices. As widely reported in the media and directly from the administration, there is evolving intelligence that Russia may be exploring options for potential cyberattacks.
“Protecting data isn’t just reserved for financial institutions and healthcare companies anymore,” says Kate Siegrist, Partner and Technology Assurance Leader. “Intellectual property is just as great a target for bad actors. Firewalls and antivirus aren’t enough. Every organization, great or small, should be following these cybersecurity best-practices.” Lurie’s team advises clients, from startups to Fortune 100 companies, on best practices to boost their IT security systems.
Cybersecurity best practices
The White House has published a fact sheet outlining the steps companies should take, including mandatory multi-factor authentication, data backups and encryption, employee education, system patches, and proactive engagement with local federal law-enforcement offices.
Here is a summary of those best practices that the administration urges companies to execute immediately or verify cyber defense measures are in place:
- Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
- Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
- Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
- Back up your data and ensure you have offline backups beyond the reach of malicious actors;
- Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
- Encrypt your data so it cannot be used if it is stolen;
- Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI, where they will find technical information and other useful resources.
Source: Full details are contained in the White House Statement and Release FACT SHEET: Act Now to Protect Against Potential Cyber Attacks, dated March 21, 2022.
How EisnerAmper's Cybersecurity & Technology Assurance Team can help
From startups to Fortune 100 companies, Lurie advises clients on best practices to boost their IT security systems. The White House memo provides a good starting point, and Lurie can help you with risk assessment services that uncover specific threats, impacts, and vulnerabilities and recommend appropriate corrective action.
If you have any questions on this guidance, best practices or want to learn more about how our Technology Consulting team can help you improve your security, compliance, and controls, please contact us.