- Use strong, unique passwords and enable MFA for all accounts where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Keep systems up to date and apply patches after appropriate testing.
- Implement cybersecurity best practices to reduce risk and increase resiliency to cyber threats.
- Avoid clicking links, responding to, or otherwise acting on unsolicited text messages or emails.
- Utilize monitoring and detection solutions to identify suspicious login attempts and user behavior.
- Enforce the principle of least privilege, disable unused ports and services, and use web application firewalls (WAFs).
- Employ a comprehensive data backup plan and ensure operational technology (OT) environments are segmented from information technology (IT) environments.
- Perform scheduled backups regularly, keeping an updated copy offline in a separate and secure location and testing it regularly.
- Critical infrastructure administrators are encouraged to review analyses of recent state- sponsored cyber threat activity and apply recommendations provided in CISA’s joint fact sheet to prevent victimization.
