Russia's shocking incursion into Ukraine has stunned the world. In its wake, speculation runs high about a possible broader, behind-the-scenes fight—one that could potentially involve Russian cyberattacks against targets in the United States and elsewhere. How worried should your business be?

In a sense, the US may already have fired the first shots in this covert conflict. In a speech addressing Russia's Ukraine invasion, President Biden said that in addition to imposing crippling economic sanctions against Russia, he had taken steps to strengthen the US's cyber defenses and its ability to counterattack. American intelligence agencies have reportedly briefed the president on offensive options, ranging from interfering with Russia's banking systems to disrupting its power grids and even derailing trains.

If the US enacts such measures, there can be no doubt that Russia will respond in kind. Online warfare has become a key tool in the Kremlin's arsenal. The US has blamed Russia for a massive cyberattack that struck Ukraine just days before its military invasion. Even before that, it imposed economic sanctions in response to a wave of worldwide attacks, including Russia's suspected involvement in the NotPetya ransomware outbreak. There's no telling where Russia or its agents may strike next.

---

Why Would My Company Be Targeted?

It's true that small and midsized businesses, by themselves, are not high-value targets in state-sponsored digital warfare. Governments, militaries, energy, finance, and critical infrastructure organizations face the greatest risk. But that's not to say that SMBs shouldn't be concerned. The US Cybersecurity and Infrastructure Security Agency (CISA) has cautioned that "every organization—large and small—must be prepared to respond to disruptive cyber activity."

There are many reasons why even small businesses could be threatened. To give just a few examples:

Our Top Picks to Lock Out Ransomware

Bitdefender Antivirus Plus Review

5.0Exemplary Check Price

Check Point ZoneAlarm Anti-Ransomware Review

4.5OutstandingCheck Price

Kaspersky Security Cloud Free Review

4.5Outstanding$0.00 at KasperskySee It

Acronis Cyber Protect Home Office Review

4.0Excellent$49.99 at AcronisSee ItSee all (4 items)

It's also important to note that while some cyberattacks are targeted, many others spread indiscriminately. These are often launched by criminal groups, but state actors like Russia might choose to bankroll such attacks simply to cause as much economic disruption as possible. When the global threat level is high, no organization can afford to ignore the risks.

---

Circle the Wagons

Fortunately, while there is cause for alarm, there's also no need to panic. The measures businesses should take to defend against the possibility of state-sponsored cyberattacks are essentially the same ones security pros have recommended all along. Many of them should already be in place in your organization. However, there's never been a better time to make sure. If a storm is coming, here are some of the most important ways your IT staff can batten down the hatches:

Authentication and Authorization

Authentication refers to how users log in to your systems, while authorization specifies what they can do once they're in. The two are closely related. If your company uses basic password authentication, deploying a password manager can help your staff generate and use stronger passwords for better security. Even better would be to transition to multi-factor authentication (MFA) using smartphone-based authenticator apps or even hardware keys. And if your business handles a lot of sensitive data on a need-to-know basis, now might be an ideal time to invest in a proper identity management system that lets you implement security measures like single sign-on (SSO) and fine-grained authorization and access controls.

Email Security

Like it or not, email remains essential to modern business. Unfortunately, it's also a major vector for malware outbreaks and data breaches. A bad actor who gains access to your inbox can wreak all kinds of mischief. Often, however, that isn't even necessary. Carefully crafted phishing emails that look like they're from company executives are often used to fool employees into disclosing anything from credit card information to sensitive documents. Fortunately, hosted email services often include features that alert users to possible data security breaches before they click the fatal Send button. For even more protection, you might consider switching to a provider that specializes in encrypting email data.

Endpoint Security and Anti-Malware

No matter how hard you try to protect your network, some threats will eventually elude your defenses. That's where endpoint security comes in. It neutralizes breakthrough threats before they can do the damage they were created to cause. An endpoint, in this sense, generally means an end-user device like a PC or smartphone, but it could also mean an Internet of Things (IoT) device. The job of an endpoint security solution is to block spyware and other malware from running on your systems, making it an essential component of your overall security strategy.

Our Top-Rated Endpoint Security Suites

Bitdefender GravityZone Ultra Review

4.5OutstandingVisit Site for Cost Assessment at BitdefenderSee It

F-Secure Elements Review

4.5OutstandingVisit Site at F-SecureSee It

Sophos Intercept X Endpoint Protection Review

4.5OutstandingCheck Price

Data Protection

Tricking employees into violating security protocols isn't the only way for bad actors to steal your sensitive data. If they can gain access to the servers where your files and documents are stored, they can open the proverbial barnyard door. That's why there's never a wrong time to review the security policies of your hosting provider or cloud storage service. Remember, also, that one of the biggest threats to company data today is ransomware. It gives an attacker access to your sensitive data, and may cause you to lose access to that data.

Recommended by Our Editors

Who's Actually Behind the Cyberattacks Hitting Ukraine?How to Respond to Russia's Invasion of Ukraine? Break the InternetUS Warns Destructive Malware Hitting Ukraine Could 'Spill Over' to Infect Others

Business Continuity

If the COVID-19 pandemic has taught us anything, it's that every business should have a well-defined business continuity plan. Damages in a crisis could include not just data loss, but also employees' inability to do their work. The first line of defense is usually a comprehensive backup and restore process, preferably to a secondary data center or the cloud. When planning for the worst-case scenario, some vendors now offer disaster recovery-as-a-service (DRaaS). It includes not just data preservation, but also features like virtual machine (VM) mirroring and automatic failover in the event of application outages.

---

Be Confident, But Stay Careful

Doubtless, pondering the full menu of security measures can be dizzying. But as mentioned earlier, it's unlikely that any company will need to build its defenses from square one. Basic desktop antivirus applications are ubiquitous, and many of today's popular cloud-based services have built-in security safeguards. Still, businesses should take this moment to ask themselves whether their current security measures are tough enough to confront the new, heightened threat environment.

Leaving aside software solutions, another factor that businesses must not overlook is education. The unfortunate reality is that employees remain the weakest link in a company's data security chain. Bad actors are often able to extract information from them through phishing, social engineering, or other means. Now is an excellent time to review your company's security training materials and either develop or acquire new ones, if need be.

Finally, work with your customers and partners to understand what they're doing to secure their own environments and how you can present a united front. Now more than any other time in history, we're all connected. Whenever one company suffers a major security incident, it can affect many others. Only by working together can businesses in the US and beyond successfully weather the current security crisis, to say nothing of the many others that will undoubtedly arise in the coming years.

Get Our Best Stories!

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters