CISA reminds organizations to remain vigilant during the holidays

Featured image

Share this article

CISA logo

The Cybersecurity & Infrastructure Security Agency (CISA) reminds organizations in a recent statement to stay alert over the holidays.

The statement, released with the Federal Bureau of Investigation (FBI), advises critical infrastructures that “malicious cyber actors aren’t making the same holiday plans.”

The reminder comes amid an increase in cyberattacks, especially ransomware attacks, against organizations that work with sensitive or critical information. This includes covered entities that must maintain HIPAA compliance and demonstrate due diligence when safeguarding protected health information (PHI).

SEE ALSOHIPAA compliant email

Threat actors typically intensify cyberattacks during the holidays so this CISA alert provides specific techniques that organizations can utilize during these times.

Don’t let your guard down

CISA recommends that organizations continue to care for their cyber health “during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families.”

CISA states that there is no specific threat. But the agency does point out that several 2021 serious cyberattacks occurred during a holiday weekend. This includes the ransomware attack on Colonial Pipeline over Mother’s Day weekend as well as the Kaseya VSA “ransomware tsunami” over Independence Day weekend.

Such cyberattacks cause much disruption and chaos; some researchers even call the current uptick in attacks a ransomware epidemic.

And for healthcare providers, seen as juicy targets by cyberattackers, the costs of such attacks is distressing.

RELATED: Ransomware is more common in healthcare than you think

This is why CISA and the FBI urge organizations “to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats.”

What it means to be vigilant

The alert focuses on proactive actions that stop organizations from becoming victims during the holiday season, concentrating on a few techniques:

SEE ALSO: A tired, stressed staff raises cybersecurity risks

The agencies then list several techniques hackers utilize to cause data breaches including phishing, website spoofing, and unencrypted transactions.

Finally, the statement provides a directive should an organization become a victim: review and update incident and business recovery plans. And these plans must include a set of actions or steps to take after a breach as well as a list of contacts to reach out to.

Vigilance beyond holidays—always employ strong cybersecurity

This reminder should prompt organizations to always remain attentive.

RELATED: Catching ransomware before it catches you

In general, a strong, consistent cybersecurity program must use layers of protection including CISA’s recommendations above.

Organizations must keep up-to-date policies and procedures, including recovery and backup plans so that everyone knows what to do. But access controls may need to go beyond MFA and password security with privileged access management. Finally, while employee training is a critical step it is not enough on its own.

Other security procedures to consider include separate/offline backups, patched and updated legacy systems, encryption at rest and in transit, and antivirus software.

And, given the nature of most ransomware attacks, email security (i.e., HIPAA compliant email).

Protect the most vulnerable threat vector: email

Email is the most accessible threat vector (or entry point) into any system, which is why email security is vital. Employing HIPAA compliant email with strong inbound and outbound email security is crucial to safeguarding PHI.

RELATEDWhy healthcare providers should use HIPAA compliant email

Paubox Email Suite Plus protects email from threats like phishing and domain name spoofing.

In fact, our HITRUST CSF certified solution comes with Zero Trust Email, which adds a layer of verification even before an email gets delivered.

Paubox Email Suite Plus requires no change in email behavior and is operational from any existing email platform (e.g., Microsoft 365 and Google Workspace). This means complete peace of mind since any possible back door is kept locked and safe.

Ultimately, organizations must find their own combination of cybersecurity methods but that doesn’t mean they should not always be attentive. Cyberattacks can halt an organization’s operations and cause a ripple effect of problems throughout. This is why vigilance is always necessary, even during a holiday.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022