At Block Insurance, we are looking forward to this year’s Christmas and New Year holiday season. Time with family…and the time away from the office…is always necessary to reconnect and recharge heading into the new year.

However, the FBI and CISA have noticed a disturbing trend associated with time away from work. In 2021 cyber crime has spiked on holidays, as cyber-criminals see the time away from the office as primetime for an attack. With network defenders and local IT support taking breaks as well, hackers use the holidays as a time to ramp up attempts at network exploitation. 2021 has seen major attacks to the energy, food, and agricultural sector around Mother’s Day, Memorial Day, and 4^th of July…and the feds expect late December/ early January to be no different.

So how can we best protect our businesses while we are with family?

Make an offline backup of your data.

• Make and maintain offline, encrypted backups of data and regularly test your backups. Backup procedures should be conducted on a regular basis. It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups.
• Review your organization's backup schedule to take into account the risk of possible disruption to backup processes during weekends or holidays.

Do not click on suspicious links.

• Implement a user training program and phishing exercises to raise awareness among users about the risks involved in visiting malicious websites or opening malicious attachments and to reinforce the appropriate user response to phishing and spearphishing emails.

Use strong passwords.

• Ensure strong passwords and challenge responses. Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access.

Use multi-factor authentication.

• Require multifactor authentication (MFA) for all services to the extent possible, particularly for remote access, virtual private networks, and accounts that access critical systems.

Have an incident response plan.

• Create, maintain, and exercise a basic cyber incident response plan that:
• Includes procedures for response and notification in a ransomware incident and
• Plans for the possibility of critical systems being inaccessible for a period of time.

Note: for help with developing your plan, review available incident response guidance, such as the Public Power Cyber Incident Response Playbook and the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide.

Use the Ransomware Response Checklist in case of infection.

If your organization is impacted by a ransomware incident, the FBI and CISA recommend the following actions.

• Follow the Ransomware Response Checklist on p. 11 of the CISA-MS-ISAC Joint Ransomware Guide.
• Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.

As always, the more you know about your coverage, the better off you are! Merry Christmas!

Andy Runyan