THE REVERE ADVOCATE – FRIDAY, DECEMBER 31, 2021 Page 9 AG Healey urges businesses and organizations to remain on guard against cyberattacks this holiday season I n light of persistent and ongoing cyber threats this holiday season, Attorney General Maura Healey is urging organizations, especially critical infrastructure owners and operators, to adopt a heightened state of vigilance against cyberattacks and to proactively assess existing data security practices. “Cybercrime is a prominent and persistent threat against both our public infrastructure and our private enterprises,” said Healey. “We urge all Massachusetts businesses and government organizations to take action to strengthen their cyber defenses, and we will continue to work alongside our federal law enforcement partners to address evolving security threats.” The federal Cybersecurity and Infrastructure Security Agency (CISA) urged business leaders and operators of critical infrastructure, such as public utilities, government organizations and agencies, logistics and transportation fi rms, and healthcare providers, to take immediate steps to strengthen their organization’s operational resiliency against cyber threats. Healey joins CISA in off ering the following actions to reinforce their defenses: • Increase organizational vigilance by ensuring there are no gaps in Information Technology (IT)/Operational Technology (OT) security personnel coverage and that staff provides continual monitoring for all types of anomalous behavior. Security coverage is particularly important during the winter holiday season when organizations typically have lower staffi ng. • Prepare your organization for rapid response by adopting a state of heightened awareness. Create, update, or review your cyber incident response procedures and ensure your personnel are familiar with the key steps they need to take during and following an incident. Have staff check reporting processes and exercise continuity of operations plans to test your ability to operate key functions in an IT-constrained or otherwise degraded environment. Consider your organization’s cross-sector dependencies and the impact that a potential incident at your organization may have on other sectors, as well as how an incident at those sectors could aff ect your organization. • Ensure your network defenders implement cybersecurity best practices. Enforce multi-factor authentication and strong passwords, install software updates (prioritizing known exploited vulnerabilities), and secure accounts and credentials. • Stay informed about current cybersecurity threats and malicious Better Business Bureau offers five resolutions for a fraud-free New Year T he loss of money and personal information and the perseverance of criminals continues with online purchases having the greatest risk of being a scam. The Better Business Bureau (BBB) recommends adding a few precautionary steps to the New Year's resolution list, along with the weight loss and financial goals, to help make the upcoming days and months fraud-free. • Be cautious with email. Be wary of unsolicited emails from a person or a company. Remember, scammers can make emails look like they are from a legitimate business, government agency, or reputable organization (even BBB). Never click on links or open attachments in unsolicited emails. • Never send money to strangers. If you haven’t met a person face-to-face, don’t send them money. This is especially true if the person asks you to transfer funds using a prepaid debit card or Cash App. Money sent to strangers in this way is untraceable, and once it is sent, there’s no getting it back. Scammers will try to trick you into panicking – so before making a move, think the situation through. Don’t fall for it! • Do research before making online payments and purchases. When shopping online, or if asked to make a payment online, research the retailer before entering payment information. Ask: Is this a person or business I know and trust? Do they have a working customer service number? Where is the company physically located? Would I be making payments through a secure server (https://....com)? Have I checked to see if others have complained? • Use your best judgment when sharing personal information. Sharing sensitive personal information with scammers opens the door to identity theft. Never share fi nancial CAUTIOUS | SEE Page 17 techniques. Encourage your IT/OT security staff to subscribe to CISA’s mailing list and feeds to receive notifi cations when CISA releases information about a security topic or threat. CISA regularly announces emerging security threats to organizations, such as security vulnerabilities with ApacheLog4j, a commonly used open-source application. • Lower the threshold for threat and information sharing. Immediately report cybersecurity incidents and anomalous activity to CISA and/or the FBI. Cyberattacks can cause substantial disruptions to businesses, government agencies and other targets. Earlier this year, a widely-reported cybersecurity breach at Colonial Pipeline led to fuel shortages across the East Coast. In April 2021, the city of Lawrence, Massachusetts faced ransomware attacks against systems at City Hall, the Lawrence Police Department and the Lawrence Fire Department. A similar ransomware attack targeted the Brockton, Massachusetts police department in July 2021. The Massachusetts Data Security Regulations, which the AG’s Offi ce regularly enforces, also require entities to employ many of the above safeguards with respect to personal information about Massachusetts residents that an entity maintains, stores, transmits, or processes electronically. All organizations, regardless of sector, size, or location, must recognize that no company is safe from being targeted by ransomware and other cyber threats. Detailed guidance and resources from the U.S. Cybersecurity & Infrastructure Security Agency can be found at CISA Insights: Preparing For and Mitigating Potential Cyber Threats. The National Institute of Standards and Technology also provide guidelines and practices for organizations to better manage and reduce cybersecurity risk. Attorneys at Law 14 Norwood St., Everett, MA 02149 Phone: (617) 387-4900 Fax: (617) 381-1755 John Mackey, Esq. * Katherine M. Brown, Esq. Patricia Ridge, Esq.
10 Publizr Home