The White House has released a memo to business leaders urging them to immediately review corporate cyber defenses and follow recommended best practices for defending against ransomware attacks.
On June 2, 2021, the White House issued a memo addressed to corporate executives and business leaders urging the private sector to:
Take ransomware threats seriously.
Act now to shore up corporate cyber defenses.
The memo encourages business leaders to immediately hold leadership meetings to discuss ransomware threats and review business continuity plans, and urges them to follow several recommended best practices, including:
Adopting high-impact best practices from President Biden's recent Executive Order 14028 on Improving the Nation's Cybersecurity, including:
deploying multifactor authentication, endpoint detection and response, and encryption; and
Backing up data, system images, and configurations, storing backups offline, and regularly testing them.
Timely deploying patches and updates in a risk-based manner.
Testing incident response plans.
Engaging in independent cybersecurity assessments, such as using third-party penetration testers.
Segmenting networks, especially separating corporate business functions and production operations, with limited internet access to operational networks.
Evolving data security laws, regulations, and typical contract obligations often apply a reasonableness standard for data security. Companies should also consider these recommendations when determining what constitutes reasonable data security measures for their particular circumstances.