The White House released a letter advising financial institution executives and others about malicious cyber activity related to the holidays.

“In many cases criminals plan and actually begin an intrusion before the holiday itself – they infiltrate a network and lie in wait for the optimal time to launch an attack,” the letter reads. “It is therefore essential that you convene your leadership team now to make your organization a harder target for criminals.

Best practices the White House recommends be implemented immediately:

• Updated patching. Criminals count on victims failing to patch their systems and usually take advantage of long-known and fixable vulnerabilities. Patching should be up-to-date, against all known vulnerabilities.
• Know the network: Enable logs; pay attention; investigate quickly. Intrusions can be stopped before the impact.
• Change passwords and mandate Multi-Factor Authentication (MFA). Ask IT staff how long it has been since employees changed their passwords. Confirm that your organization has implemented MFA and that it is required without exception.
• Manage schedules. Review staffing plans for IT and security teams to ensure sufficient holiday coverage. Similarly, identify those IT and security employees who are on 24/7 call in the event of a cybersecurity incident or ransomware attack.
• Employee awareness. Conduct spear phishing and other exercises to raise employee awareness of common attacks. Reinforce the imperative to report computers or phones exhibiting any unusual behavior.
• Exercise makes an organization healthy. Exercise incident response plans now.
• Back up data. Confirm that key data is being backed up. Ask IT staff to test the backup system and verify that that these backups are offline.

The document, as well as other cybersecurity resources, is available on CUNA’s Cybersecurity homepage.