The Latest Guidance from the White House Regarding Cybersecurity

Practus LLPLegal Insights

mouse clicker pointing to the word security

Authored by Janet Hallahan

mouse clicker pointing to the word security

As cyberattacks and ransomware attacks skyrocket throughout the world, many businesses are scrambling to identify best practices to protect their organizations from these attacks.  However, cybersecurity is generally not a one-size-fits all solution, and best practices are far from uniform.  In addition, many organizations that thought they were unlikely targets for cyberattacks are now suddenly realizing that they are in fact very vulnerable, and, indeed, may be legally responsible for cyberattacks that occur in their supply chain and through their third-party vendors.

So how do you to protect your company?  Companies may need to look no further than recent and strong guidance from the White House regarding cybersecurity best practices to protect not only their businesses but also the nation as well.

Top Priority of Executive Office: Protecting the Nation against Cyberattacks

The White House has recently made clear that strengthening our nation’s resilience from cyberattacks – in both the private and public sectors – is a top priority of the Executive Office.  After the recent cybersecurity incidents including the attacks against SolarWinds, Microsoft Exchange, and the Colonial Pipeline, President Biden issued the Nation’s Cybersecurity Executive Order highlighting the urgency to implement cybersecurity best practices across the Federal Government; and on June 2, 2021 Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, issued an open letter though he White House entitled  What We Urge You To  Do To Protect Against The Threat of Ransomware1 urging private industry to implement these best practices as well.  These communications highlight the critical and combined role and responsibility of both the government and privacy industry in addressing the cybersecurity crisis.

What Industries Should Implement the Cybersecurity Best Practices?  All of Them.

The June letter from the White House highlights that ransomware attacks have disrupted organizations across the world, and that these cyberattacks threaten every industry and business, ranging from hospitals to banks to pipelines.  Essentially, if your company has a connection to the Internet, it is vulnerable to cyberattacks.

What Best Practices Should Private Industry Implement Now?

The June 2 letter highlights that the private sector has a distinct and key responsibility to protect against cyberattacks, and provides a checklist of best practices that all companies in the private sector should take:

  1. Implement best practices from the President’s Executive Order, such as:
    • Multifactor Authentication
    • Endpoint Detection & Response
    • Encryption
    • Skilled, Empowered Security Team
  2. Backup your data, system images, and configurations, regularly test them, and keep the backups offline
  3. Update and patch systems promptly
  4. Test your incident response plan
  5. Check your security team’s work
  6. Segment your networks

Where can you find more information about the government’s recommendations for best practices?

Both the Executive Order and the June 2 letter contain more details on the best practices listed above.  The White House has also released a FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Network” that summarizes the priorities in the Executive Order, and also provides a link to the Ransomware Guidance and Resources” from the Cybersecurity and Infrastructure Security Agency (CISA).

Best Practices for Private Industry?  Take These Cybersecurity Best Practice Steps Now

The need for proactive and strong cybersecurity measures increases by the day, as more and more industries and companies come under attack.  By following these basic cybersecurity best practices, including taking steps to review policies and procedures as well as vendor and supply chain agreements, companies can take substantial steps to prevent a successful cyber or ransomware attack and mitigate the potentially significant financial loss and damaging reputational harm that these attacks can cause.

About the Author

janet-hallahan-headshotJanet V. Hallahan, CIPP/US has helped a wide variety of companies navigate complex corporate, technology, privacy/data security and intellectual property legal matters for over fifteen years.  She has worked as a corporate and technology attorney not only as a transactional firm attorney but also as in-house counsel in the healthcare industry, financial services, and the cloud-based technology industry, and accordingly offers a unique perspective on corporate and technology matters.

Janet focusses her practice on corporate and technology transactions, commercial agreements, cloud computing/software, privacy and data security as well as the licensing, protection and sale of intellectual property and related commercial agreements.  She is certified as a CIPP/US information privacy professional by the International Association of Privacy Professionals.

Name Phone Email
Janet V. Hallahan, Partner 609.236.3458 janet.hallahan@practus.com

 

Footnotes:

  1. The link to the text of the letter is available through various media outlets, including https://www.reuters.com/technology/white-house-warns-companies-step-up-cybersecurity-2021-06-03/ and https://cisomag.eccouncil.org/step-up-cybersecurity-white-house-warns-about-rising-ransomware-attacks/

Practus, LLP provides this information as a service to clients and others for educational purposes only. It should not be construed or relied on as legal advice or to create an attorney-client relationship. Readers should not act upon this information without seeking advice from professional advisers.