White House Urges Employers to Provide Cybersecurity Training in Light of Possible Russian Cyberattacks

March 28, 2022

The White House has issued a “Statement by President Biden on our Nation’s Cybersecurity” calling on the private sector to “harden [their] cyber defenses immediately.” Among other things, the March 21, 2022, Statement and accompanying fact sheet urge employers to "train and educate employees" on cybersecurity awareness, given the increased risk of Russian cyberattacks.

The White House Statement notes that "evolving intelligence [indicates] that the Russian Government is exploring options for potential cyberattacks." While indicating that the federal government is taking action to protect the nation from cyberattacks, the White House Fact Sheet acknowledges that "much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely."

The fact sheet states that companies should urgently "educate [their] employees on common tactics that attackers will use over email or through websites." Companies should also encourage their employees "to report if their computers or phones have shown unusual behavior, such as unusual crashes or slow operation."

In addition to providing training, the fact sheet asks companies to execute the following steps "with urgency”:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
  • Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors;
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  • Encrypt your data so it cannot be used if it is stolen; and
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents, encouraging your IT and Security leadership to visit the websites of CISA and the FBI, where they will find technical information and other useful resources.

How Clear Law Institute Can Help

Cybersecurity Awareness and Data Privacy Training

Clear Law Institute’s customized Cybersecurity Awareness and Data Privacy Training course educates employees and helps protect businesses from costly attacks. This course teaches employees the knowledge they need to understand and avoid cyber threats through practical examples.

By educating employees on security threats and how to report data breaches, employers are reducing the risk of such attacks and the crippling impact they can have on the workplace. That makes this type of training vital for every employer.

Learn more about Clear Law Institute’s online training, Cybersecurity Awareness and Data Privacy Training.

Quarterly Cybersecurity Micro-Learning Modules

In addition to our cybersecurity awareness course, Clear Law also provides quarterly cybersecurity micro-learning modules to keep employees up to date with new and evolving threats. Each 3-5 minute module teaches employees about a recent cyberattack and the steps they could take to stop such attacks from happening to them.

Simulated Phishing Tests

Clear Law also provides clients with quarterly Simulated Phishing Tests. These harmless simulated phishing emails test whether employees fall for phishing schemes, as we track who opens and clicks on links in these emails. Employees who fall for such attacks are provided remedial instruction.

About the Author

Michael Johnson, CEO of Clear Law Institute, is a former U.S. Department of Justice attorney. Michael has provided compliance and diversity training and consulting for organizations around the world such as Google, FedEx, the United Nations, and the World Bank. He is a graduate of Duke University and Harvard Law School.

Additional Related Resources

Cybersecurity Awareness & Data Privacy Training

Interactive, online training for employees on information security and data privacy

Learn More
Cybersecurity Awareness & Data Privacy Training

Interactive, online training for employees on information security and data privacy

Learn More
envelope