CISA Issues Guidance on Ransomware Attacks

Robinson+Cole Data Privacy + Security Insider
Contact

On August 25, the Cybersecurity and Infrastructure Security Agency (CISA) issued a fact sheet offering suggestions to government agencies and private companies on how to prevent and respond to a ransomware attack.

The fact sheet, entitled Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches provides organizations with tips to prevent and respond to ransomware. CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations listed in this fact sheet to reduce their risk to ransomware and protect sensitive and personal information. Review StopRansomware.gov for additional resources.”

The fact sheet includes tips such as maintaining an offline, encrypted back-up of data, develop an incident response plan, implement auditing, regular scans and software updates, block phishing attempts, and practice “good cyber hygiene.”

The guidance sets forth some examples of good cyber hygiene, including:

  1. Ensuring antivirus and anti-malware software and signatures are up to date.
  2. Implementing application allowlisting.
  3. Ensuring user and privileged accounts are limited through account use policies, user account control, and privileged account management.
  4. Employing MFA for all services to the extent possible, particularly for webmail, virtual private networks (VPNs), and accounts that access critical systems.
  5. Implementing cybersecurity best practices from CISA’s Cyber Essentials and the CISA-MS-ISAC Joint Ransomware Guide.

The fact sheet also offers suggestions on the topics “Protecting Sensitive and Personal Information” and “Responding to Ransomware-Caused Data Breaches.”

Finally, it provides additional resources listed on the StopRansomware.gov website. This is a free and valuable roadmap for organizations to read and consider using to prepare for and respond to a ransomware attack.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Robinson+Cole Data Privacy + Security Insider

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide