Cybersecurity Concerns Related to Russia-Ukraine Conflict

As the Russia-Ukraine conflict continues, many people and organizations have expressed concerns about the potential for cyber-warfare and its potential impact on their organizations and/or people.

If you answer yes to any of the following questions, then your organization and/or personnel may indeed be facing greater than usual-threats as a result of this conflict:

1. You have operations in Russia or Ukraine

2. You have personnel working in Russia or Ukraine

3. You support journalism, research, or activism (especially human rights) in Russia or the Ukraine

4. You are responsible for US critical infrastructure such as power, gas, water, or hospitals

Most people and organizations will answer no to all those questions. For those of you, the situation has not meaningfully changed. Your most significant threat is from cyber criminals and criminal organizations that wish to take your money. They will attempt to do this by tricking you (e.g. business email compromise and gift card scams) or through ransomware attacks or various other means.

Your best defense is a solid foundation of cybersecurity. At the absolute minimum, you should:

• Using multi-factor authentication on ALL your business-critical applications

• Ensure all your devices and software are patched - running up-to-date versions

• Ensure you have verifiable, secure backups of all of your critical data

• Train your staff regularly on cybersecurity awareness

You may also wish to inform your staff to be extra cautious of phishing attempts (via email, text, or social media) on current news events, in this case, any communication purporting to be about Ukraine or Russia.

We do not advise trying to perform a year’s worth of security projects in a week. To paraphrase an ancient proverb,

“The best time to have started a comprehensive security program was several years ago. The next best time is today.”