White House Issues Memo Urging Business Leaders to Improve Ransomware Defenses | Practical Law

White House Issues Memo Urging Business Leaders to Improve Ransomware Defenses | Practical Law

The White House has released a memo to business leaders urging them to immediately review corporate cyber defenses and follow recommended best practices for defending against ransomware attacks.

White House Issues Memo Urging Business Leaders to Improve Ransomware Defenses

Practical Law Legal Update w-031-2956 (Approx. 4 pages)

White House Issues Memo Urging Business Leaders to Improve Ransomware Defenses

by Practical Law Data Privacy Advisor
Published on 07 Jun 2021USA (National/Federal)
The White House has released a memo to business leaders urging them to immediately review corporate cyber defenses and follow recommended best practices for defending against ransomware attacks.
On June 2, 2021, the White House issued a memo addressed to corporate executives and business leaders urging the private sector to:
  • Take ransomware threats seriously.
  • Act now to shore up corporate cyber defenses.
The memo encourages business leaders to immediately hold leadership meetings to discuss ransomware threats and review business continuity plans, and urges them to follow several recommended best practices, including:
  • Adopting high-impact best practices from President Biden's recent Executive Order 14028 on Improving the Nation's Cybersecurity, including:
    • deploying multifactor authentication, endpoint detection and response, and encryption; and
    • employing and empowering a skilled security team.
    For more on the executive order, see Legal Update: President Biden Issues Cybersecurity Executive Order.
  • Backing up data, system images, and configurations, storing backups offline, and regularly testing them.
  • Timely deploying patches and updates in a risk-based manner.
  • Testing incident response plans.
  • Engaging in independent cybersecurity assessments, such as using third-party penetration testers.
  • Segmenting networks, especially separating corporate business functions and production operations, with limited internet access to operational networks.
Evolving data security laws, regulations, and typical contract obligations often apply a reasonableness standard for data security. Companies should also consider these recommendations when determining what constitutes reasonable data security measures for their particular circumstances.