The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI), launched a joint public service announcement (PSA) sharing clear actions to stay cybersecure this holiday season. While staffing is low and offices are closed during the holidays, and with the recent disclosure of severe vulnerabilities in the widely used “log4j” software library, bad actors are actively seeking to take advantage of vulnerabilities inside organizations’ networks and systems. This PSA is based on observations on the timing of high impact cyber incidents that have occurred previously rather than a reaction to specific threat reporting.
In the video announcement, CISA Director Jen Easterly and FBI Cyber Division Assistant Director Bryan Vorndran recommend IT leaders and businesses of all sizes implement the following cybersecurity best practices:
- Identify IT security employees available to surge in the event of an incident
- Require all staff use strong passwords and different passwords for each account
- Enable multi-factor authentication for all remote access and administrative accounts
- Ensure your remote desktop protocol (RDP) is secure and monitored
- Train employees to recognize phishing emails and not click suspicious links
- Review and update incident response and communications plans
- Stay alert over the holiday season and quickly report any suspicious activity
“In the heightened threat environment that we see during holidays, proactively strengthening your cyber defenses can help ensure your friends, family, and staff can enjoy some well-deserved time off,” said CISA Director Jen Easterly. “Ultimately, good cybersecurity is not only about technology – it's about people. It’s important to take the appropriate steps to protect ourselves so we can all enjoy some piece of mind (and eggnog!) this holiday season.”
“The FBI is always committed to protecting the American people and preventing, thwarting and disrupting criminal cyber activity, the holiday season is no different,” said FBI Cyber Division Assistant Director Bryan Vorndran. “However, we cannot do this alone, we need the public to remain vigilant and take the necessary steps to incorporate good cyber hygiene practices to better defend their systems. We urge you to strengthen your personal cyber defenses to decrease any potential threat posed by malicious cyber actors, and report suspected compromises to the FBI at www.IC3.gov.”
In light of persistent and ongoing cyber threats, CISA also released an Insights publication urging critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyberattacks. The CISA Insights and resources are available on CISA.gov. Follow CISA on Twitter, Facebook, LinkedIn and Instagram for more helpful information.