In light of increased malicious cyber activity and the common tactic of actors deploying attacks when staffing is thin, the White House and CISA are offering tips for critical infrastructure and other businesses during the holiday season.

A December 16, 2021 White House memo to the business community offered several recommendations:

• Update patching,
• Know your network and quickly investigate possible intrusions,
• Change passwords and mandate multi-factor authentication,
• Manage schedules to ensure holiday coverage,
• Educate employees about phishing,
• Conduct exercises, and
• Back up your data offline.

See more from the White House.

A December 15, 2021 CISA alert recommended:

• Increased organizational vigilance by ensuring no gaps in IT or OT coverage,
• Prepare your organization for rapid response by updating incident response plans,
• Ensure your network defenders implement cybersecurity best practices,
• Stay informed about current cybersecurity threats and malicious techniques, such as those provided by WaterISAC and other sector’s ISACs, and
• Immediately report threats incidents to federal partners. Confidentially share the same with WaterISAC to inform sector-wide awareness.

See more from CISA.

These best practices are among those listed in WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities.

WaterISAC encourages members to confidentially share incident and attempted compromises with its analysts, to identify trends, and provide assistance. WaterISAC can share your incident information with CISA and FBI if you request this option.

Report incidents online or by email analyst@waterisac.org, or call 866-H2O-ISAC.