Security Checklist

  • General Password Management
  • Sierra Password Instructions
  • Website Passwords 
    • For MHLS managed sites please open a ticket with Tech support by emailing techsupport@midhudsosn.org
    • Your website password should be managed by as few people as possible and the password should be changed with staff changes and on regular intervals no more than 180 days

The first step to avoiding an attack is to understand them!

  • Storing Data: Files that are important to your organization, those that cannot be recreated, and those that you have invested time in, should be stored thoughtfully and maintained.
    • Local files, stored on your computer, are at risk.  Physical risk is always a possibility with local storage.  A fire, theft or other event could result in loss.  Malware and ransom attacks are only a threat to files that can be accessed through a direct line through a computer or network.
      • Cloud storage – using cloud-based storage is a good way to not only secure your data from physical harm, it is also a way to safely collaborate and manage backups.
      • External Storage- you could store important files on an external drive, but you must actively update and move this to a remote location.
    •  Backup: The best way to insulate yourself from malware and ransomware attacks is to have a copy of your files. 
      • Backup to the cloud or external device not on your network
      • Maintain a rolling backup.  Once you detect an attack, it may be necessary to have earlier backups to retrieve files before the attack.  Keeping a week or more of backups will provide the insurance.  Cloud storage sites, should be able to provide you with this information upfront.

RansomwareStop ramsom ware image and link
The best resource on Ransomware can be found at https://www.cisa.gov/stopransomware

Remove the device from network access (Quarantine), but do not turn it off or clean the device until you have gathered any forensic information that you or a hired investigation team may need.

  • Notify affected parties (MHLS if Sierra passwords were compromised) and update passwords.
  • Begin evaluating the network for spread
  • Secure copies of your most recent backups.  
  • Do you pay the ransom?  That is a choice you need to consider based on the prevention measures you have in place and the value of the data.  While it may be irksome,  the ransom may be less than the replacement and legal costs, depending on the nature of the data.  Paying the ransom isn’t an insurance policy against future attacks either.
  • Wipe and restore any affected hardware.  Install your backup files. Immediately run malware software to detect any further traces.  Some attacks lie dormant in your files and can exist in backups that predate your first experience with the attack.
  • Close up the security gaps that made you vulnerable.  This includes security measures and training.
  • Make an official report https://www.cisa.gov/stopransomware/report-ransomware-0

Phishing

If you have been hooked, your earliest actions are important.

  • Disconnect your device from the internet and run malware software to detect any possible security threats.
  • Identify the information that was compromised
  • Notify affected parties (MHLS if Sierra passwords were compromised) and update passwords.
  • Report the incident to the administration immediately, so that they can alert the vendor or parties affected.
  • If financial information is compromised update accounts and consider setting account blocks with credit score agencies like Expeiron.
  • Make an official report https://us-cert.cisa.gov/report

The STOP.THINK.CONNECT.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone. 

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.

CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recognizing that many organizations find it challenging to identify resources for urgent security improvements, we’ve compiled free cybersecurity services and tools from government partners, and industry to assist. Recommended actions include:

Reduce the likelihood of a damaging cyber intrusion

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.

Take steps to quickly detect a potential intrusion

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
  • Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
  • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Ensure that the organization is prepared to respond if an intrusion occurs

  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize the organization’s resilience to a destructive cyber incident

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber incidents have not been attributed to specific actors, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.