Russia has invaded Ukraine. It’s a naked act of aggression that cannot stand. Certainly my thoughts and prayers go out to those in Ukraine and their loved ones wherever they may be. If I find a way to directly support the Ukrainian people, I’ll do so. In the meantime, however, I believe I can help the rest of us prepare for potential ripple effects of this conflict. As the rest of the world unites to impose sanctions on Russia, it’s possible that Russia will retaliate with cyber attacks. Think Colonial Pipeline or something similar with the financial system. Therefore, it behooves us to take a few minutes to consider the potential threats and prepare where we can. As they would say on the Starship Enterprise (and apparently at CISA), shields up!
First and foremost, DON’T PANIC. I’m not saying there will be an attack – I’m just saying that the risk is higher now than usual. I’ve always admired the old WWII Keep Calm and Carry On campaign in Britain. Terrorist acts require that the victims feel terrorized. While we can’t control what bad guys do to us, we can control how we respond. Successful terrorism isn’t about the act, it’s about the response to the act – or even the response to the threat of the act.
Panicking is never a helpful response in any situation. So… while I’m going to make several suggestions here, let me be clear that I am not advocating any sort of run on gas and groceries, hoarding of supplies, building of bunkers, selling all your stock, or any form of freaking out. This is Boy Scout stuff: be prepared.
Loose Lips Sink Ships
In the age of social media, mis- and disinformation can have devastating real-world impacts. For these campaigns to be successful, they require some portion of the populace to reflect and amplify the false and misleading information. Fake and “bot” accounts only account for a small portion of the overall campaign. They rely on riling up a bunch of real people and getting them to repost the messaging.
Therefore, again, it’s crucial that we don’t enable these campaigns by repeating the misleading and inflammatory messaging. Chain letters die when people stop forwarding them. Nasty rumors fail when good people refuse to repeat them. While this is always true, it’s particularly important at times like these. Be skeptical. Check sources and verify facts before you even let yourself get mad or scared, but definitely before you share with others.
Don’t Be the Weak Link
Unlike mis-/disinformation campaigns that require mass participation, cyber attacks only require a single person to fail – one weak link in the chain. Again, this is always the case, but right now we all need to be especially careful to avoid being the victim of a ransomware or similar hacking attack. If you work in the financial, transportation, utility, food processing, energy, medical, or military industries, you need to be on high alert.
Don’t open any email attachments that you didn’t ask for or otherwise expect to receive – no matter who sent them or how official they look. If you get a phone call or email asking you to bend the rules just this once, be very suspicious. Social engineering is a key vector for high profile attacks, probably followed by phishing. Now is the time to review your security procedures and follow them to the letter. If something makes you suspicious, report it to your security or IT department. CISA has an excellent site to help here – check it out.
Prepare for a Possible Storm
On a personal level, you might want to think about taking some basic precautions, like you might do before hurricane season. Again, don’t panic – we’re not looking at a zombie apocalypse – just be prepared. Make sure you have refills for your prescriptions. Top off your cars with gas. Have some non-perishable foods and water on hand. Invest in a battery-powered TV, or at least a weather radio that can get AM and FM stations. Have some physical cash on hand. That sort of thing.
While you’re not likely to be specifically targeted by Russian cyber attacks, it can’t hurt to review best practices and get your house in order. Obviously, my book has a ton of ideas, but you can also get my Top 5 Tips free by signing up for my newsletter. There are a ton of articles here to read and even more on my Resources page. And if you have your own house in order, then your next step is to help your loved ones to do the same.
Again… don’t panic here. Like, specifically make a point to keep calm and carry on. Just be prepared. The act of doing so will help you feel better.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!