Skip to content

Holiday Cyber Best Practices: CISA and FBI Guidance

November 24, 2021

With the holiday season ahead, past trends indicate that threat actors will take advantage of businesses and organizations at reduced staffing levels and individuals working remotely. This alert highlights actions that can be taken proactively to defend against possible ransomware, business email compromise, or other forms of cyber threats.

The Cybersecurity & Infrastructure Security Agency and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:

  • Identify business operations and technical security personnel for weekends and holidays that would be available to surge in the event of an incident or ransomware attack.
  • Implement multi-factor authentication for remote access and administrative accounts.
  • Mandate strong passwords or passphrases and ensure they are not reused across multiple accounts.
  • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
  • Remind employees not to click on suspicious links and conduct exercises to raise awareness.

In addition to CISA and the FBI’s recommended actions, preparation including reviewing, practicing, and updating incident response plans, remote work plans, and backup contact trees can help to reduce the risk of business interruption.

For more information, contact Lauren Saleh lsaleh@clarkhill.com or Jeffrey Wells jwells@clarkhill.com.

The views and opinions expressed in the article represent the view of the author and not necessarily the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is intended to be a substitute for professional legal advice. 

Subscribe for the latest

Subscribe

Related

Event

Webinar: Special Education Bootcamp - Compliance Foundations Under IDEA

Whether you are new to special education leadership or looking to reinforce your foundational knowledge, this interactive webinar will provide a comprehensive overview of the core compliance requirements under the Individuals with Disabilities Education Act (IDEA). Designed for school leaders who are responsible for ensuring legally sound practices, this session will offer practical tools and strategies to help participants navigate common procedural and substantive pitfalls, support sound decision-making, and build a compliant and student-centered special education program.

Explore more
Event

Telehealth Week Webinar 2025: Navigating Legal Changes and Future Trends for Healthcare Providers

Join Paul Schmeltzer, Carrie Foote, and John Howard for our one-hour annual Telehealth Week webinar, focused on the evolving legal landscape of telehealth. This session will cover key topics, including the upcoming DEA final rule on prescribing controlled substances via telehealth, federal reimbursement concerns for telehealth, and what healthcare providers need to prepare for other upcoming changes.

Explore more
Event

Webinar: The Transatlantic Tightrope: AI, ESG and the Evolving Duty of Care for Multinational Companies

Join Mariah Leffingwell and Sam Saarsteiner for a conversation, moderated by co-chair of Clark Hill’s ESG & Sustainability advisory practice, Maram Salaheldin,  that bridges the Atlantic—and the gap between innovation and accountability—as they explore how today’s duty of care must adapt to tomorrow’s technologies.

Explore more