Use of the Internet and electronic devices are essential tools for conducting business. Increased cyber security threats, actual intrusions, hacks and attacks on private, commercial and government individuals and entities, threaten you and your business.
On December 29th, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) issued a joint report providing evidence of foreign attempts to obtain and use information obtained through improper cyber means during the US election season. See DHS-FBI Joint Analysis Report, “Grizzly Steppe – Russian Malicious Cyber Activity “, JAR-16-20296 (December 29, 2016).
Companies, including their personnel, customers and supply chain, need
to be proactive in ensuring the security of personal and professional
communications and systems. The DHS-FBI Report provides a number of
useful tips for protecting against unauthorized access and use of your
data and systems. Some of these include:
- Network administrators
should review and monitor the IP addresses, file hashes and Yara
signatures that were identified as being used in the intrusions reported
in the DHS-FBI report.
- Ensure passwords to systems are secure.
Don’t give out information about your company systems or security to
unauthorized individuals or entities. For example, if you receive an
electronic message to change your password, confirm that it is from a
- Commit to cybersecurity best practices, including:
- Conducting a risk analysis of your organization’s cyber security, and
address identified weaknesses or vulnerabilities; the National Institute
of Standards and Testing (NIST) Cybersecurity Framework provides a good
starting point for companies seeking to establish more secure systems.
- Establishing secure firewalls.
- Backing up critical information.
- Regularly scanning your network and systems for known vulnerabilities;
updating your scanning as new vulnerabilities are identified.
- Using only approved programs on your networks and systems.
- Establishing a cyber security team, policies and reporting chain for
expeditious reporting and response to actual or suspected cyber
- Training your staff on your cyber security policies and procedures.
If you are a government contractor, you are already subject to federal rules on cyber security and reporting. If you have questions about what you are required to do under your government contracts and cyber security resources that may be available to you, contact Susan Warshaw Ebner or your FortneyScott counsel. Avoid traps for the unwary and take steps now to secure your systems and supply chain.