Use of the Internet and electronic devices are essential tools for conducting business. Increased cyber security threats, actual intrusions, hacks and attacks on private, commercial and government individuals and entities, threaten you and your business.

On December 29th, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) issued a joint report providing evidence of foreign attempts to obtain and use information obtained through improper cyber means during the US election season. See DHS-FBI Joint Analysis Report, “Grizzly Steppe – Russian Malicious Cyber Activity “, JAR-16-20296 (December 29, 2016).

Companies, including their personnel, customers and supply chain, need to be proactive in ensuring the security of personal and professional communications and systems. The DHS-FBI Report provides a number of useful tips for protecting against unauthorized access and use of your data and systems. Some of these include:

• Network administrators should review and monitor the IP addresses, file hashes and Yara signatures that were identified as being used in the intrusions reported in the DHS-FBI report.

• Ensure passwords to systems are secure. Don’t give out information about your company systems or security to unauthorized individuals or entities. For example, if you receive an electronic message to change your password, confirm that it is from a legitimate source.

Commit to cybersecurity best practices, including:

1. Conducting a risk analysis of your organization’s cyber security, and address identified weaknesses or vulnerabilities; the National Institute of Standards and Testing (NIST) Cybersecurity Framework provides a good starting point for companies seeking to establish more secure systems.
2. Establishing secure firewalls.
3. Backing up critical information.
4. Regularly scanning your network and systems for known vulnerabilities; updating your scanning as new vulnerabilities are identified.
5. Using only approved programs on your networks and systems.
6. Establishing a cyber security team, policies and reporting chain for expeditious reporting and response to actual or suspected cyber incidents.
7. Training your staff on your cyber security policies and procedures.

If you are a government contractor, you are already subject to federal rules on cyber security and reporting. If you have questions about what you are required to do under your government contracts and cyber security resources that may be available to you, contact Susan Warshaw Ebner or your FortneyScott counsel. Avoid traps for the unwary and take steps now to secure your systems and supply chain.