The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a joint Alert this week, entitled “Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends” outlining “actions that executives, leaders and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families.”

Sounds like a perfect time to launch an attack against unsuspecting victims. It is a perfect time for a cyberattack, and we know this because this is the season when cyber criminals know people are most distracted.

The same is true for critical infrastructure operators. According to CISA, “As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you.” Cyber criminals don’t take the holidays off. This is their busy season. The Alert notes that there also was an up-tick in ransomware attacks during the Mother’s Day and Independence Day weekends.

CISA and FBI are urging organizations to:

  • “Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
  • Implement multi-factor authentication for remote access and administrative accounts.
  • Mandate strong passwords and ensure they are not reused across multiple accounts.
  • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness.”

CISA and the FBI have issued a comprehensive overview of steps organizations can pro-actively take to protect themselves from ransomware attacks in the resource  “Ransomware Awareness for Holidays and Weekends.”

This holiday weekend, and throughout the holiday season, remind users of the increased threat and to stay vigilant.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.