U.S. intelligence has confirmed there is an increasing threat of cyberattacks for organizations of all sizes and across all industries. This is far from a single attack from an independent hacker: organizations can expect to see a nonstop barrage of threats.
In response, President Biden signed the bipartisan Cyber Incident Reporting for Critical Infrastructure Act on March 15, 2022. This piece of legislation created new requirements for all organizations that manage critical infrastructure, including:
- Reporting cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) within 72 hours.
- Reporting any ransomware payments within 24 hours.
Failure to report an incident can result in a subpoena from CISA and action from the Department of Justice, so it’s clear that the U.S. government is taking these cyberattacks seriously.
5 strategies to prepare for more cyberattacks
Unfortunately, ransomware threats are increasing against critical organizations in industries such as:
- Water and wastewater
- Energy
- Oil pipelines
- Healthcare
- Chemical
- Communications
- Manufacturing
- Dams
- Emergency services
- Food and agriculture
- Information technology
- Transportation
While the government requires reporting after a cyberattack, that doesn’t prevent the attack in the first place. How can you keep your organization safe from cyberattacks? Follow CISA’s recommendations, as well as these five tips from Dice Communications, to proactively prepare your organization.
1. Data Security
How secure is your data? Whether it’s financial information, employee data, or your customers’ sensitive health information, attackers want access. This is why it’s so critical for organizations to take data security seriously.
Follow data security best practices like:
- Encryption
- Anti-virus, firewall, and anti-malware solutions
- Archiving or deleting data
… to prevent attackers from accessing personally identifiable information and sensitive organizational data.
2. Backups and Disaster Response
It’s always a good idea to have backups and a disaster response playbook in place to minimize the damage of a cyberattack.
Back up all of your data, both in online and offline formats. These backups should run on a regular basis and cover all of your data, applications, and servers. Your IT team should also practice how to restore that data, so you’re sure that your backup protocols actually work.
Beyond regular backups, it’s essential to have a disaster response plan in place. This should cover situations such as ransomware or a data breach, as well as natural disasters.
If you already have a disaster response plan, make sure it follows the new reporting requirements of the Cyber Incident Reporting for Critical Infrastructure Act.
3. Employee Cyber Awareness Training
More than 40% of all data breaches happen because of employee oversight. Even the most sophisticated security infrastructure can’t work if your employees click on a malicious link.
To prevent cyberattacks, it’s critical to train employees on IT security best practices, including:
- How to spot phishing
- How to report suspicious activity
- Mobile security and remote access protocols
- Physical security measures, like locking laptops at night
While many of these measures sound like common sense, breaches commonly happen because of employee behavior. It’s also a good idea to conduct phishing tests to keep your employees on their toes at all times.
4. Access Management
Who has access to your information? If an attacker gains access to an employee’s account, how much damage can they do?
Access management is essential for protecting your organization. This means granting access on a need-to-know basis. Only a handful of employees should have access to your organization’s critical data.
It’s also important to do proper credential management with your team. Ask employees to frequently change their passwords. You can also require them to create a unique, strong password for every login. Do a complete audit of your organization to ensure that no employees are sharing logins or passwords.
5. Updates and Patches
Every software solution will develop some type of vulnerability over time, and hackers have made it their mission to find these weaknesses.
This is why it’s so critical for organizations to regularly patch their software and check for updates. Work with a provider like Dice to automatically update your solutions so attackers can’t exploit known vulnerabilities.
6. Use the Microsoft Secure Score Tool
There are so many robust tools available to your organization for preventing cyberattacks.
Microsoft Secure Score is an effective tool that’s perfect for organizations using Office365. Keep in mind that your users will need global admin rights in Office365 to fetch results from Secure Score.
With Secure Score, you can:
- Access a high-level report on your security posture
- Set benchmarks and KPIs
- Discover potential vulnerabilities
With scoring tools, you can stay active and mitigate risks, reducing your attack surface at every turn.
Prepare for Cyberattacks Now
The best time to protect your organization from an attack is right now. Prevent data loss, identity theft, and expensive ransomware before they’re even an issue—follow these five recommendations to strengthen your organization.
How does your organization stack up against today’s threats? Check your network security now with the free Dice Network Security Assessment.