For months, federal officials have been warning of cyber incidents, including distributed denial-of-service attacks, related to Russia's invasion of Ukraine.
Cybersecurity professionals have seen an increase in intentional distribution of disinformation online. Large employers in particular are at risk of unintentionally spreading this misinformation and propaganda.
Experts say that employers may be unsure how to respond to the conflict, but a good place to start is ensuring a "baseline level of preparedness." Multi-factor authentication is often one of the first cybersecurity changes made following an attack, but it is best to implement it now, before an attack.
Other basic measures include creating a response plan and designating who will carry out the incident response, as well as training employees on using strong passwords for personal and work accounts and reporting mistakes when they occur.
Phishing scams may also "leverage current events to lure workers." Human resources employees may even receive "fabricated resume lures" as part of a spearfishing campaign targeting HR employees. Also, avoid responding to charity requests that are received through email, direct messages, or social media. Ryan Golden "How to train employees on the potential cybersecurity consequences of the Ukraine crisis" www.hrdive.com (Mar. 03, 2022).