The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Federal Bureau of Investigation (FBI), launched today a joint public service announcement (PSA) sharing clear actions to stay cybersecure this holiday season. While staffing is low and offices are closed during the holidays, and with the recent disclosure of severe vulnerabilities in the widely used “log4j” software library, bad actors are actively seeking to take advantage of vulnerabilities inside organizations’ networks and systems. This PSA is based on observations on the timing of high impact cyber incidents that have occurred previously rather than a reaction to specific threat reporting.
In the video announcement, CISA Director Jen Easterly and FBI Cyber Division Assistant Director Bryan Vorndran recommend IT leaders and businesses of all sizes implement the following cybersecurity best practices:
- Identify IT security employees available to surge in the event of an incident
- Require all staff use strong passwords and different passwords for each account
- Enable multi-factor authentication for all remote access and administrative accounts
- Ensure your remote desktop protocol (RDP) is secure and monitored
- Train employees to recognize phishing emails and not click suspicious links
- Review and update incident response and communications plans
- Stay alert over the holiday season and quickly report any suspicious activity
“The FBI is always committed to protecting the American people and preventing, thwarting and disrupting criminal cyber activity, the holiday season is no different,” said FBI Cyber Division Assistant Director Bryan Vorndran. “However, we cannot do this alone, we need the public to remain vigilant and take the necessary steps to incorporate good cyber hygiene practices to better defend their systems. We urge you to strengthen your personal cyber defenses to decrease any potential threat posed by malicious cyber actors, and report suspected compromises to the FBI at www.IC3.gov.”
