It’s not just us – governments and security organizations also try to ensure their populations and customers stay educated and vigilant when it comes to cybersecurity.<\/p>\n\n\n\n
In this blog, we want to highlight one such initiative: the Cybersecurity & Infrastructure Security Agency (CISA’s) Cybersecurity Strengthening Campaign, Shields Up<\/strong>.<\/p>\n\n\n\n The following content is sourced from the CISA website https:\/\/www.cisa.gov\/shields-up<\/a>.<\/p>\n\n\n\n As the USA’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber attacks. CISA\u2019s Shields Up campaign web page<\/a> provides recommendations, products, and resources to increase organizational vigilance and keep stakeholders informed about cybersecurity threats and destructive exploits against critical infrastructure.<\/p>\n\n\n\n Every organization\u2014large and small\u2014should adopt a heightened posture when it comes to cybersecurity and protect their most critical assets against disruptive cyber incidents. CISA also encourages its stakeholders to voluntarily share information about cyber-related events that could help mitigate current or emerging cybersecurity threats to critical infrastructure.<\/p>\n\n\n\n Every individual can take simple steps to improve their cyber hygiene and protect themselves online. In fact, there are 4 things you can do to keep yourself cyber safe. CISA urges everyone to practice the following:<\/p>\n\n\n\n A password isn\u2019t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO<\/a> key, you\u2019re giving your bank, email provider, or any other site you\u2019re logging into the confidence that it really is you. Multi-factor authentication can make you significantly less likely to get hacked.\u202fSo enable multi-factor authentication on your email, social media, online shopping, financial services accounts. And don\u2019t forget your gaming and streaming entertainment services!<\/p>\n\n\n\n In fact, turn on automatic updates.\u202f\u202f Bad actors will exploit flaws in the system. Update the operating system on your mobile phones, tablets, and laptops. And update your applications \u2013 especially the web browsers \u2013 on all your devices too. Leverage automatic updates for all devices, applications, and operating systems.<\/p>\n\n\n\n More than 90% of successful cyber-attacks start with a phishing email.\u202f\u202fA phishing scheme is when a link or webpage looks legitimate, but it\u2019s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If it\u2019s a link you don\u2019t recognize, trust your instincts, and think before you click.<\/p>\n\n\n\n Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it\u2019s going to take all of us to really protect the systems we all rely on.<\/p>\n\n\n\n CISA recommends all organizations\u2014regardless of size\u2014adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recognizing that many organizations find it challenging to identify resources for urgent security improvements, we\u2019ve compiled free cybersecurity services and tools from government partners, and industry to assist. Recommended actions include:<\/p>\n\n\n\n By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber incidents have not been attributed to specific actors, CISA urges cybersecurity\/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.<\/p>\n\n\n\n Corporate leaders have an important role to play in ensuring that their organization adopts a heightened security posture. CISA urges all senior leaders, including CEOs, to take the following steps:<\/p>\n\n\n\n In nearly every organization, security improvements are weighed against cost and operational risks to the business. In this heightened threat environment, senior management should empower CISOs by including them in the decision-making process for risk to the company, and ensure that the entire organization understands that security investments are a top priority in the immediate term.<\/p>\n\n\n\n Every organization should have documented thresholds for reporting potential cyber incidents to senior management and to the U.S. government. In this heightened threat environment, these thresholds should be significantly lower than normal. Senior management should establish an expectation that any indications of malicious cyber activity, even if blocked by security controls, should be reported to report@cisa.gov. Lowering thresholds will ensure we are able to immediately identify an issue and help protect against further attack or victims.<\/p>\n\n\n\n Cyber incident response plans should include not only your security and IT teams, but also senior business leadership and Board members. If you\u2019ve not already done, senior management should participate in a tabletop exercise to ensure familiarity with how your organization will manage a major cyber incident, to not only your company but also companies within your supply chain.<\/p>\n\n\n\n Recognizing finite resources, investments in security and resilience should be focused on those systems supporting critical business functions. Senior management should ensure that such systems have been identified and that continuity tests have been conducted to ensure that critical business functions can remain available subsequent to a cyber intrusion.<\/p>\n\n\n\n While the U.S. government does not have credible information regarding specific threats to the U.S. homeland, organizations should plan for a worst-case scenario. Senior management should ensure that exigent measures can be taken to protect your organization\u2019s most critical assets in case of an intrusion, including disconnecting high-impact parts of the network if necessary.<\/p>\n\n\n\n We fully endorse the practices outlined by CISA. Our security analysts continually monitor recognized security websites and publications and we frequently re-post and provide commentary, drawing on our own knowledge and experience.<\/p>\n\n\n\n As well as knowing what steps to take, there are tools you can use to help keep yourself safe. One of these is Admin By Request<\/a> Privileged Access Management (PAM) software, designed to protect computer endpoints by restricting their ability to run programs and applications with elevated privileges.<\/p>\n\n\n\n Not only does Admin By Request allow you to protect your endpoints, it also provides inventory, logging, reporting, alerting and other management capability, significantly reducing your work (as IT administrators).<\/p>\n\n\n\nOverview<\/strong><\/h2>\n\n\n\n
Shields Up: Guidance for Families<\/h2>\n\n\n\n
Implement multi-factor authentication on your accounts<\/strong><\/h4>\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/MFA-1024x162.png\")
<\/figure>\n\n\n\nUpdate your software<\/strong><\/h4>\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/UpdateSoftware-1024x163.png\")
<\/figure>\n\n\n\nThink before you click<\/strong><\/h4>\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/ThinkBeforeYou-1024x164.png\")
<\/figure>\n\n\n\nUse strong passwords, and ideally a password manager to generate and store unique passwords<\/strong><\/h4>\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/UseStrongPasswords-1024x163.png\")
<\/figure>\n\n\n\nShields Up: Guidance for Organizations<\/h2>\n\n\n\n
Reduce the likelihood of a damaging cyber intrusion<\/strong><\/h4>\n\n\n\n
\n
![\"Cybersecurity](\"\/wp-content\/uploads\/2023\/06\/ReduceLikelihood.png\")
<\/figure>\n\n\n\nTake steps to quickly detect a potential intrusion<\/strong><\/h4>\n\n\n\n
\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/TakeStepsTo.png\")
<\/figure>\n\n\n\nEnsure that the organization is prepared to respond if an intrusion occurs<\/strong><\/h4>\n\n\n\n
\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/EnsureThatTheOrg.png\")
<\/figure>\n\n\n\nMaximize the organization’s resilience to a destructive cyber incident<\/strong><\/h4>\n\n\n\n
\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/MaximizeTheOrgs.png\")
<\/figure>\n\n\n\nShields Up: Guidance for Corporate Leaders and CEOs<\/h2>\n\n\n\n
Empower Chief Information Security Officers (CISO)<\/strong><\/h4>\n\n\n\n
Lower Reporting Thresholds<\/strong><\/h4>\n\n\n\n
Participate in a Test of Response Plans<\/strong><\/h4>\n\n\n\n
Focus on Continuity<\/strong><\/h4>\n\n\n\n
Plan for the Worst<\/strong><\/h4>\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2023\/06\/EmpowerCSO.png\")
<\/figure>\n\n\n\nAt Admin By Request,<\/h2>\n\n\n\n