CRITICAL1. Enable Multi-Factor Authentication on All Accounts
CISA Shields Up · Immediate
MFA prevents the vast majority of credential-based attacks. Enable on email, banking, remote access (VPN), and all cloud services. CISA calls MFA the single most effective control for any business.
CISA MFA Guidance ↗CRITICAL2. Patch All Known Vulnerabilities Within 72 Hours
CISA Shields Up · Immediate
Apply all available patches — especially for internet-facing systems (firewalls, VPNs, email servers). Check the CISA KEV catalog to see if your software has actively-exploited vulnerabilities outstanding.
CISA KEV Catalog ↗HIGH3. Test Your Backup and Recovery Process Today
CISA Shields Up · This Week
Verify that backups exist, are current, are stored offline or offsite, and can actually be restored. Most ransomware victims discover their backups were also encrypted. Actually test a restoration — don't just assume it works.
StopRansomware Backup Guide ↗HIGH4. Create or Review Your Incident Response Plan
CISA Shields Up · This Month
Know what to do before an attack happens: who do you call, how do you isolate infected systems, do you have your cyber insurance carrier's number, who is your IT contact. Andrew can help you build a simple one-page plan at no cost.
Book Free Incident Plan Review with Andrew ↗MEDIUM5. Remove Admin Rights from Standard User Accounts
CISA Shields Up · This Month
Employees should only have access to what they need for their job. Removing admin rights from day-to-day accounts limits how far an attacker can move through your network if credentials are compromised.
CISA SMB Cyber Guidance ↗MEDIUM6. Sign Up for CISA Free Vulnerability Scanning
CISA Shields Up · Free Service
CISA will scan your internet-facing systems and send you a plain-English report of vulnerabilities they find — completely free for any U.S. organization. This is one of the most underutilized free security services available.
CISA Free Cyber Hygiene Services ↗
ACTIVERussia / Ukraine Conflict — Elevated Cyber Risk
CISA · February 2022 – Present
CISA activated Shields Up in February 2022 and has maintained elevated guidance. Russian state-sponsored actors including Sandworm and APT29 continue targeting U.S. critical infrastructure and supply chains.
CISA Shields Up ↗ACTIVESalt Typhoon — U.S. Telecom Intrusions
CISA · December 2024 – Present
Chinese state-sponsored group Salt Typhoon compromised multiple U.S. telecommunications providers. CISA issued guidance for all organizations to strengthen communications security and assume potential call interception.
CISA Advisory ↗ONGOINGVolt Typhoon — Critical Infrastructure Pre-Positioning
CISA/NSA/FBI Joint Advisory · 2024 – Present
Chinese state actors have pre-positioned in U.S. critical infrastructure — including manufacturing and energy supply chains — to enable disruption in a future conflict. Small vendors serving defense or energy sectors are specifically targeted as entry points.
CISA AA24-038A ↗ACTIVEHealthcare Ransomware Surge — CISA + HHS Joint Warning
CISA + HHS · 2024 – Present
CISA and HHS issued joint guidance after a significant surge in ransomware attacks against U.S. healthcare. RansomHub, Akira, and North Korean state actors specifically target hospitals, clinics, and dental practices.
HHS HC3 Advisory ↗