|Citing a “heightened threat environment,” the Nationwide Multistate Licensing System (NMLS) and Cybersecurity and Infrastructure Agency (CISA) released guidance today to help companies ensure their systems are protected from cybersecurity risks and urging them to report any unusual activity.
The Russian invasion of Ukraine and imposed economic sanctions may result in retaliation toward U.S. firms, according to NMLS and CISA.
CISA provides information about current cybersecurity threats and mitigations on its Shields-Up website (https://cisa.gov/shields-up).
The agency issued recommendations that ACA encourages its members to follow:
- CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
- In this heightened threat environment, CISA asks that organizations lower their thresholds for reporting incidents to the FBI or CISA to help the U.S. government identify issues and help protect against further attack or victims.
- Organizations should report unusual activity immediately to CISA (https://us-cert.cisa.gov/forms/report) at email@example.com or (888) 282-0870 and/or their FBI local field office (https://www.fbi.gov/contact-us/field-offices) or the FBI’s 24/7 CyWatch at (855)-292-3937 or CyWatch@fbi.gov.
Companies are encouraged to periodically check the CISA website for new advisories and resources. Cybersecurity threat and vulnerability monitoring is critical to defending against emerging threats.
It’s also critical to make sure your cyber liability insurance is current. A cyber liability insurance policy is designed to protect you from lost income and cover defense fees your business may be required to pay as a result of a data breach.
Collectors Insurance Agency (CIA), a subsidiary of ACA, provides members exclusive access to risk management products and services tailored to each members’ specific needs and is available at firstname.lastname@example.org.
When a policy is in place, you will want to reach out to your carrier as soon as you become aware a data breach or any cybersecurity issues.
In addition to helpful advice in the event of a data breach, CIA also provides a comprehensive guide from the carrier Cyber Risk Aware, with tips to avoid online phishing and internet scams.
The guide cites the major causes of security incidents involving phishing, malware and ransomware downloads, wire fraud, and weak password security, among others.
Other resources include CISA’s comprehensive library of documents covering everything from protecting against ransomware, malware and phishing attacks to dealing with cyberbullies and staying safe on social networking sites.
CISA also reports:
- Rapidly evolving cybersecurity risk reinforces the need for all organizations and their service providers to have appropriate methods for monitoring, sharing, and responding to threat and vulnerability information.
- Participating in information-sharing forums is an important element of an organization’s risk management processes and its ability to identify, respond to, and mitigate cybersecurity threats and incidents.
- In addition, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed economic and trade sanctions on individuals and entities in response to recent geopolitical events. Management should assess the applicability and impact of sanctions on their firm and customers, including on their foreign branches and overseas offices and subsidiaries. Firms are encouraged to engage with their legal counsel or contact OFAC for additional guidance related to these sanctions and any future sanctions. Financial institutions can reach OFAC through its telephone hotline at (800) 540-6322 or at OFAC_Feedback@treasury.gov.