Recommendations from CISA's Recent “Shields Up” Warning

On February 26th, 2022, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued immediate Shields Up actions for organizations to take in response to the ongoing conflict with Russia. The basic guidelines are as follows:

• Patch vulnerabilities
• Use multi-factor authentication (MFA)
• Run antivirus
• Enable strong spam filters to prevent phishing emails from reaching end users
• Disable ports and protocols that are not essential
• Strengthen controls for cloud service

The Compass IT Compliance team has evaluated these guidelines and has provided the following supplemental information on how to achieve CISA’s recommendations. Our cybersecurity experts are available as a sounding board, should you have desire to chat about any of the challenges or concerns your organization is facing.

Patch vulnerabilities – Conduct vulnerability scanning on externally accessible end points and web applications. Prioritize patching and code updates for vulnerabilities that have publicly known exploits. Once the perimeter is secured, conduct an internal vulnerability assessment and patch based on an internal risk assessment.

Multi-factor authentication (MFA) – Turn on MFA for services that require authentication and are publicly exposed (Microsoft 365, VPN, Google cloud suite, exposed SSH and RDP endpoints). Train your users on the proper use of MFA and authenticator applications.

Run antivirus – Compass IT Compliance recommends an endpoint detection and response (EDR) system over traditional antivirus. EDR has capabilities to detect malicious actors and take actions. Some examples of an EDR system include Cynet, Microsoft ATP, Sentinel One, Crowd Strike, etc.

Enable strong spam filters to prevent phishing emails from reaching end users – While this will help, there is always the potential that a phishing email gets through. Compass IT Compliance recommends (in addition to spam filtering) that users participate in training that will teach them how to avoid falling victim to a phishing email. The training should be short and to the point, no longer than five minutes in length total.

Disable ports and protocols that are not essential – These can be identified via a vulnerability scan. Also, the use of the secure protocol suite (SMTPS, HTTPS, SSH) is always preferred.

Strengthen controls for cloud services – Access control review (control panel), validate secure storage of SSH keys, GEO block access to cloud services where applicable.