With the holiday season ahead, past trends indicate that threat actors will take advantage of businesses and organizations at reduced staffing levels and individuals working remotely. This alert highlights actions that can be taken proactively to defend against possible ransomware, business email compromise, or other forms of cyber threats.
The Cybersecurity & Infrastructure Security Agency and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:
- Identify business operations and technical security personnel for weekends and holidays that would be available to surge in the event of an incident or ransomware attack.
- Implement multi-factor authentication for remote access and administrative accounts.
- Mandate strong passwords or passphrases and ensure they are not reused across multiple accounts.
- If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
- Remind employees not to click on suspicious links and conduct exercises to raise awareness.
In addition to CISA and the FBI’s recommended actions, preparation including reviewing, practicing, and updating incident response plans, remote work plans, and backup contact trees can help to reduce the risk of business interruption.