The Vermont Intelligence Center, the federal Cybersecurity and Infrastructure Security Agency (CISA), and other state and federal departments have issued warnings for people and organizations to be more vigilant, with regard to cybersecurity. With the recent invasion of the Ukraine by Russia, these agencies are expecting an increase in the prevalence of cyber-attacks over the next several weeks, if not months. For example, the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued this warning on March 15, 2022.
CISA has advised private and public sector entities to implement the following measures, if these are not already in place:
- Patch all systems, prioritize patching known exploited vulnerabilities (reference: https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
- Implement/enforce multi-factor authentication (MFA)
- Use anti-virus software/end-point protection
- Update internal contact lists and surge support
- Review cyber incident reporting processes
In addition, since system users are a common weak point in IT system security, PACIF recommends that all members remind their email and network users to be exceptionally careful when opening links within emails and any attachments. Emails containing these elements should come from a known source and should be scrutinized in detail to look for any irregularities before clicking the link or opening the attachment. Additionally, any email that requests banking or financial information, suggests that there is fraudulent activity at an account, is related to the transfer of funds, or proposes a change to bank account information should be treated with a high level of skepticism. Finally, unexpected attachments from an unusual sender should also be suspect. In all of these cases, best practice is to verify the validity of the email using known phone numbers.
Please feel free to share this information with your system/email users. We are hopeful that heightening everyone’s awareness of this issue will go a long way to avoiding a cyber issue in your municipality.
As a final note, members are reminded that PACIF is offering to cover the costs of a KnowBe4 annual subscription for 2022. You can learn more on our PACIF KnowBe4 Reimbursement Program webpage.