b'compiled free cybersecurity services and tools from government partnersdeveloped a new, easy-to-use approach to this with the More than FOGHORN FOCUS and industry to assist. Recommended actions include: a Password campaign. This is something we would recommend you share with all your employees. Think of More than a Password like an Reduce the likelihood of a damaging cyber intrusion airbag or the seatbelt in your caran extra layer to keep you safe in the event of an accident.Validate that all remote access to the organizations network and privi-leged or administrative access requires multi-factor authentication. Two steps are harder for a hacker to compromise. Users should imple-ment more than a password on all their sensitive accountsemail, bankEnsure that software is up to date, prioritizing updates that addressaccounts, social media, online stores, gaming, and streaming entertain- known exploited vulnerabilities identified by CISA. ment services. Confirm that the organizations IT personnel have disabled all portsFOUR THINGS YOU CAN DO and protocols that are not essential for business purposes.Enable Multi-Factor Authentication (More than a Password) I f the organization is using cloud services, ensure that IT person-Use Strong Passwords nel have reviewed and implemented strong controls outlined in Recognize and Report Phishing CISAs guidance.Update Your SoftwareSign up for CISAs free cyber hygiene services, including vulnerabil- Lastly, dont be shy about getting to know your IT, OT, and cyberse- ity scanning, to help reduce exposure to threats. curity staff. Their role in your company is vital to staying safe. Learn what they do, their needs, and how to support them with technology Take steps to quickly detect a potential intrusion and training that protects your company from cyberattacks. Ensure that cybersecurity/IT personnel are focused on identifyingand quickly assessing any unexpected or unusual network behavior. Investigate all cyber issues or events.Confirm the organizations entire network is protected by antivirus/anti-malware software and that signatures in these tools are updated.Ensure the organization is prepared to respond if anintrusion occurs Designate a crisis-response team with main points of contact for asuspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal, and business continuity. Assure availability of key personnel; identify means to provide surgeAbout the Authorsupport for responding to an incident. CHRISTOPHER CALLAHANCHIEF OF CYBERSECURITY Conduct a tabletop exercise to ensure that all participants under- CYBERSECURITY AND INFRASTRUCTUREstand their roles during an incident. SECURITY AGENCYMaximize the organizations resilience to a destructive Christopher Callahan serves as the Chief of Cybersecurity of cyber incident theDepartmentofHomelandSecurityCybersecurityand Infrastructure Security Agency (CISA) Region 10 office in Test backup procedures to ensure that critical data can be rapidlySeattle where he is responsible for assisting private and public restored if the organization is impacted by ransomware or a de- sector stakeholders to enhance the security and resiliency of structive cyberattack; ensure that backups are isolated from net- critical infrastructure facilities in the states of Alaska, Idaho, work connections. Oregon, and Washington. Prior to joining CISA in 2022, he served for twenty-four years across multiple Department ofI f using industrial control systems or operational technology, con- Defense Agencies to include the U.S. Navy, U.S. Army Corps duct a test of manual controls to ensure that critical functions remainof Engineers, U.S. Army Network Command, Information operable if the organizations network is unavailable or untrusted. Security Engineering Command, and U.S. Army Europe G6 office all in Cybersecurity leadership roles. He holds several By implementing the steps above, all organizations can make near-termprofessional certifications to include: CISSP, CAP and GICSP progress toward improving cybersecurity and resilience.and has earned a B.S. in Information Technology, and an M.S. Security Management.But it doesnt even have to be that complex. It can be as simple as using more than a password to protect yourself. In fact, CISA has FOGHORN 18'