The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.
The private sector must act to protect the critical services on which all Americans rely. We urge companies to execute the following steps with urgency:
Mandate the use of multi-factor authentication (MFA) on your systems to make it harder for attackers to get onto your system.
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.
Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors.
Back up your data and ensure you have offline backups beyond the reach of malicious actors.
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.
Encrypt your data so it cannot be used if it is stolen.
Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly.