Strengthening Your Online Security Ahead of Possible Russian Cyberattacks
The White House Issued a Warning to All US Organizations Recommending, among Others, Multi-factor Authentication.
We know that users are constantly advised by cybersecurity firms to enable two- or multi-factor authentication and we finally started to learn the importance of doing so. But now, even the White House is urging all US organizations to take this measure in order to avoid potential cyber threats coming from Russia.
What Is Two-factor or Multi-factor Authentication (2FAMFA)?
As explained by my colleague Dora, two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism used to double-check that your identity is legitimate.
According to previously reported data from Microsoft, many organizations don’t use it, even when it’s readily available, because they value quick access to data over safety. However, in light of Russia’s invasion of Ukraine, the US government has advised all organizations to enable this essential approach to cybersecurity.
Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system.
The warning comes after the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced last week that they were aware of potential threats to satellite communication (SATCOM) networks in the United States and around the world.
In light of the current geopolitical situation, CISA’s Shields Up initiative requires all companies to lower their threshold for reporting and sharing signs of cybercrime.
President Biden stated that the security warnings were “based on evolving intelligence that the Russian government is exploring options for potential cyberattacks.”
All Organizations Must Take Measures!
As explained by ZDNet, CISA has led the majority of the United States’ initiatives, and it has the power to ask critical infrastructure owners and operators to report ransomware and other incidents within 24 hours.
The White House, on the other hand, has now prompted all organizations, including those that are not classified as critical infrastructure, to strengthen their defenses.
We accelerated our work in November of last year as Russian President Vladimir Putin escalated his aggression ahead of his further invasion of Ukraine. The US government will continue our efforts to provide resources and tools to the private sector, including via CISA’s Shields-Up campaign.
It’s unusual for a country’s leader to call for everyone to strengthen their cybersecurity defenses. Biden has used executive orders to coerce federal agencies to update software, but his new message also encourages the private sector to do so.
In addition to using multi-factor authentication, the White House advised organizations to take the following measures with urgency:
- Install advanced cybersecurity tools on your computers and devices to detect and mitigate threats regularly.
- Check with your cybersecurity experts to ensure that your systems are patched and secured against all known vulnerabilities, and change passwords across your networks to render previously stolen credentials useless to cybercriminals.
- Back up your data and make sure you have offline backups that cannot be accessed by hackers.
- Run exercises and drill your emergency plans so that you are ready to respond fast to minimize the impact of any attack.
- Encrypt your data so it cannot be used if it is stolen.
- Educate your employees on common tactics used by hackers via email or websites, and encourage them to report any unusual behavior on their computers or phones, such as unexpected crashes or slow operation.
- Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.