The Biden-Harris Administration has repeatedly raised concerns about potential cyberattacks against the United States since economic sanctions were imposed on Russia following its invasion of Ukraine. On March 21, 2022, the White House issued a Fact Sheet, "Act Now to Protect Against Potential Cyberattacks," warning of evolving intelligence that Russia may be considering cyberattacks against the United States.
The Fact Sheet followed the Strengthening American Cybersecurity Act of 2022, which was signed into law by President Biden on March 15, 2022. The Act, like the Fact Sheet, aims to improve the infrastructure in the United States given the heightened risk of cyberattacks, focusing on cybersecurity threats against critical infrastructure and the federal government.
Even before Russia's invasion of Ukraine, the Administration prioritized the implementation of heightened cybersecurity risk protocols. Because much of the infrastructure in the United States is privately owned, President Biden has called on private sector businesses to implement heightened measures to address cybersecurity risks.
The Fact Sheet lists best practices for minimizing cybersecurity risk and asserts that it is important for private businesses to cooperate and collaborate with the public sector to appropriately defend against potential attacks. Private sector businesses, including family businesses of all sizes, should upgrade online system safeguards and implement protective business policies to address cybersecurity risks during this heightened state of tension between the West and Russia.
Mandate Procedures That Prevent Unauthorized Third-Party Access
Mandating the use of multi-factor authentication on your systems makes it difficult for hackers to access the information. Another form of protection involves encryption of your data so that it cannot be used even if an attacker steals it. Further, it is essential to use modern security tools on your systems that continuously detect and mitigate cyberthreats.
Update Business Policies to Account for Heightened Risk
The Fact Sheet urges companies to alert their employees to common methods that attackers will use over email or through websites to gain unauthorized access to systems. It is crucial for employees to know when and how to report an attack if their devices show unusual activity such as crashes or slow operations. Likewise, routinely running exercises and drills helps check the current business protocols and efficiency of your emergency plan.
Establish Relationships With FBI and Cybersecurity Professionals
It is best practice for your business to proactively engage with your local FBI field office or CISA Regional Office to foster a relationship in advance of any attack. A relationship with cybersecurity professionals will also help ensure that your systems are protected and up to date. If your systems are ever compromised, the cybersecurity professionals can help you change passwords across your networks to render stolen access credentials useless.
Recommendations for Tech and Software Companies
Businesses with a focus on technology or software products should build security mechanisms into their products to protect their intellectual property and the user's privacy. Also, the system that you use for developing your software must be highly secure and only accessible to employees working on a specific project. Limited access to systems makes it more difficult for attackers to move from system to system.
Technology and software businesses need to focus on using modern tools to identify vulnerabilities within their systems and products. Software developers in particular use a range of codes, such as open-source code. Developers should know the origin of components in use and have a "software bill of materials" so that if components have a vulnerability they can quickly correct it.