• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

White House Releases Recommendations to Protect Against Potential Cyberattacks

March 22, 2022 By Amy Mushahwar and Kristen Bartolotta

The potential for malicious cyber activity has been a concern for the Biden administration throughout the evolving crisis in Ukraine (including the imposition of sanctions against Russia). In response to the concern, the Biden administration, which is now facing “evolving intelligence that Russia may be exploring options for potential cyberattacks,” has released recommendations for companies to protect against cyberattacks.

The administration urges companies to do the following with urgency:

  • Mandate the use of multi-factor authentication on all systems;
  • Deploy modern security tools on all computers and devices to continuously look for and mitigate threats;
  • Check with cybersecurity professionals to make sure that all systems are patched and protected against all known vulnerabilities, and change passwords across all networks so that previously stolen credentials are useless to malicious actors;
  • Back up data and ensure that offline backups are beyond the reach of malicious actors;
  • Run exercises and drill any emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  • Encrypt data so it cannot be used if it is stolen;
  • Educate employees on common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents.

The fact sheet released by the administration further encourages U.S. companies to think long-term about cybersecurity. The administration encourages technology and software companies do the following:

  • Build security into products from the ground up to protect both your intellectual property and your customers’ privacy.
  • Develop software only on a system that is highly secure and accessible only to those working on a particular project.
  • Use modern tools to check for known and potential vulnerabilities (both patch and configuration).
  • Software developers are responsible for all code used in their products, including open-source code. Most software is built using many different components and libraries, much of which is open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials” in case one of those components is later found to have a vulnerability so you can rapidly correct it.
  • Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity, more broadly even if not expressly required. Pursuant to that EO, all software the U.S. government purchases is now required to meet security standards in how it is built and deployed.

Companies are encouraged to ask IT and Security leadership to visit the CISA and FBI websites for additional technical information and resources, including CISA’s Shield-Up campaign. In addition, agencies and regulators continue to release sector-specific guidance for protecting against cyberattacks, including the growing threat of ransomware attack against companies critical to U.S. infrastructure. We will continue to watch these issues as the ongoing crisis in Ukraine unfolds.

Filed Under: Cyber Risk, Cybercrime, Cybersecurity, Data Security, Digital Crimes, Ransomware, Russia, Uncategorized Tagged With: cybersecurity, Cybersecurity Executive Order, Data Protection, ransomware, The White House

About Amy Mushahwar

Amy Mushahwar is a partner with Alston & Bird’s Privacy, Cyber & Data Strategy Team. Amy has over 20 years of experience in the technology space and focuses her practice on data security, cyber risk, privacy, and emerging technologies. She advises clients on proactive data security practices, data breach incident response, and regulatory compliance.

[Read Bio]

About Kristen Bartolotta

Kristen Bartolotta is an associate in Alston & Bird’s Privacy, Cyber & Data Strategy Team. She advises clients on managing privacy and cyber risk, breach investigations and response, transactional diligence, and emerging technologies. Kristen also advises on privacy and security compliance at the state, federal, and international levels.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Recent Exploits of Blockchain Bridges Highlight Need for Cybersecurity in Crypto and Risk of Liability
  • Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report
  • CPPA Board Opposes American Data Privacy and Protection Act
  • SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies
  • UK Information Commissioner’s Office Issues Warning on Ransomware Payments
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.