Russian Invasion of Ukraine: SANS Institute Explains What to Communicate to Your Workforce

Focusing on cybersecurity fundamentals is key to protecting both yourself and your workforce at home and at work during these unprecedented times.

BETHESDA, MD — March 2, 2022 — As your organization’s security awareness officer or as part of your security team, you may be asked what your organization should be communicating to your workforce during these unprecedented times. SANS Institute (SANS), the global leader in cyber security training and certifications, explains that our job as security professionals is to keep our communications calm, simple, and actionable.

With recent events in the news, we know you have questions and concerns, particularly about cybersecurity. Questions may include: Am I, or is our company, more likely to come under attack? Am I at greater risk?

We don’t have all the answers, nor do we know what will happen next. But we do know from a cybersecurity perspective that the key to protecting both yourself at home and at work is to continue to focus on the fundamentals. The sense of urgency may have changed, but how cyber attackers target us has not. By fundamentals, we mean focus on these three key points.

  1. Phishing: Phishing and related scams are when cyber attackers attempt to trick or fool you into doing something you should not do. Often these scams are sent as emails, but they can also try to trick with you text messaging, phone calls or on social media. Anytime someone is creating a tremendous sense of urgency and rushing you to take an action, or someone is promoting an offer that is too good to be true, this is most likely an attack.
  2. Passwords: Strong passwords are the key to protecting your online, digital life. Make sure each of your accounts is protected by a unique, long password. The longer your password the better. To keep it simple, use passphrases, a type of password made up multiple words like “honey-butter-happy.” Can’t remember all your passwords? Neither can we. That is why we also recommend you use a Password Manager to securely store all your passwords. Finally, whenever possible, enable Multi-Factor Authentication (MFA) on your important accounts.
  3. Updating: Keep your computers, devices and apps updated and current by enabling automatic updating on all your devices. Cyber attackers are constantly looking for new vulnerabilities in the devices and software you use. Keeping them automatically updated makes sure these known weaknesses are fixed and your devices have the latest security features.
  4. False Information: There is going to be a tremendous amount of false information spread on the Internet. This is being done by the Russian government on purpose to confuse people. Do not trust or rely on information from new, unknown, or random social media accounts, such as posts on LinkedIn, Instagram, Facebook, or Twitter, because many accounts on these sites were created for the sole purpose of putting out fake information. Instead, follow only well-known trusted news sources who verify the authenticity of information before they broadcast it
  5. Donations: If you wish to donate to any causes in support of recent events, make sure you are donating to a well-known, trusted charity. There will be many scams attempting to trick people into donating to fake charities run by cyber criminals.

Savvy threat actors are going to try their best to capitalize upon the anxiety, fear, and emotion many of us will be dealing with during uncertain times. Prompt and clear communication is a key first step to navigating through these situations safely.

“We know that times like these can feel a bit scary, but remember that you will be fine,” said Lance Spitzner, Director of Research and Community and a Senior Instructor at SANS Institute. “Continue to focus on the fundamentals, and you will go a long way to protecting yourself, no matter who the cyber attacker is.”

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s and bachelor’s degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to manage their “human” cybersecurity risk easily and effectively. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community.