By Greg Johnson, CEO Webcheck Security
Not long ago, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal
Bureau of Investigation (FBI) posted the notice that US think tank organizations were being
targeted by advanced persistent threat (APT) actors. They then recommended 6 key factors
that can be easily applied to users in an organization, yet can have immediate and far-reaching
Keep in mind however that it’s not just think tanks that are being targeted, it is any and all
businesses with unique intellectual property. That of course includes software developers and
manufacturers of all kinds but especially those with ties to the defense community or contact
with the Federal Government.
Are these factors implemented in your organization?
6 Key Factors Recommended by CISA
Log off remote connections when not in use.
Be vigilant against tailored spearphishing attacks targeting corporate and personal accounts (including both email and social media accounts).
Use different passwords for corporate and personal accounts.
Install antivirus software on personal devices to automatically scan and quarantine suspicious files.
Employ strong multi-factor authentication for personal accounts, if available.
Exercise caution when:
Opening email attachments, even if the attachment is expected and the sender appears to be known. See Using Caution with Email Attachments.
Using removable media (e.g., USB thumb drives, external drives, CDs).
Antivirus software should be defined as “strong endpoint protection” using not just old-school signature technology, but advanced heuristics such as that provided by Sophos, Sentinel One, Crowdstrike and more.
I personally use Sophos on my Mac as do many of my work-at-home employees, and in the main office we employ the Netgear Armor on our Orbi System.
Additionally, multi-factor authentication and multi-password usage is enabled on all critical
apps etc. along with whole drive encryption.
How are you doing in your organization?
To learn more about cybersecurity visit WebcheckSecurity.com