By Frank T. Ardito, CPA
Vice President & Director

Russia’s invasion of Ukraine is causing ripple effects throughout the world and in the U.S., including the potential for cyberattacks. Businesses should be on heightened alert and should communicate to all employees about the possibility of attacks on their technology infrastructure or on the interconnected systems on which they rely.

There are no specific or credible cyber threats to the U.S. at this time, according to the agency that oversees cybersecurity in the U.S., the Cybersecurity & Infrastructure Security Agency (CISA), which is a division of the Department of Homeland Security. However, cyberattacks are among Russia’s arsenal as the war on Ukraine continues, and any country that implements sanctions against Russia – like the U.S. – could be a target.

Every organization, large or small, should be prepared to respond to disruptive cyber activity.

Following are some recommendations from CISA on actions to protect your technology assets. Many of these are measures your organization already should have in place as part of cybersecurity best practices. But if you don’t currently have them in place, consider implementing them as soon as possible.

Reduce the likelihood of a cyber attack

• Inform all employees about the heightened risk of cyber incidents, urge them to be vigilant and reiterate your organization’s cybersecurity policies and best practices.
• Confirm that all remote access to your organization’s network and privileged or administrative access requires multi-factor authentication.
• Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
• Confirm that your organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
• If your organization uses cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.

Take steps to quickly detect an attack

• Ensure that cybersecurity/IT personnel can identify and quickly assess unusual network behavior.
• Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
• If working with international customers or vendors, take extra care to monitor, inspect and isolate traffic from those organizations; closely review access controls for that traffic.

Maximize the organization’s resilience

• Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
• If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

Contact us with any questions you may have about protecting your systems from potential attack.