The U.S. government has outlined several security actions organizations are expected to follow to protect them from Russian cyberattacks.

The main security step includes enabling two-factor or multi-factor authentication (MFA). According to the U.S. government, all organizations must enable MFA.

Other security steps include deploying modern security tools on computers and devices, ensuring that systems are patched and protected against all known vulnerabilities, and changing passwords across organizations’ networks.

They are also advised to back up their data and have offline backups that are beyond the reach of attackers.

Organizations should run exercises and drill their emergency plans. This will allow them to respond quickly to any attack.

They are expected to encrypt their data, educate their employees on common tactics used by attackers, and work with the FBI and CISA to establish relationships ahead of any cyber incident.