Published: October 24, 2025
Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.
Featured Cyber News — CIS Emergency Directive: Cisco Firewall Devices
On September 25, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 25-03, ordering all U.S. federal government agencies to identify and secure Cisco firewall devices that may have been compromised. The directive is legally binding only on the federal government organizations, not on government contractors or private businesses. However, CISA strongly urged all types of businesses to review their systems and take similar protective steps.
What the Emergency Directive Is About
CISA and its international partners reported an ongoing espionage campaign targeting Cisco firewalls used to protect business and government networks. Attackers have found ways to exploit weaknesses in older or unpatched devices, install hidden programs, and secretly view data passing through them. Cisco has since released security updates and detailed guidance on how to confirm whether systems have been affected before applying patches.
Although these firewalls are not used solely for remote work, many are configured with virtual private network (VPN) features that let employees connect securely from home or other locations. If compromised, attackers could potentially monitor those remote connections and steal sensitive data.
Why It Matters for Small Businesses
Most small businesses don’t manage Cisco equipment directly, but their IT service providers might. Professional services—such as law, accounting, or consulting practices—often rely on managed firewalls and VPNs to support remote access. If those systems are outdated or unsupported, they can become the weak link that attackers exploit.
Even if your business doesn’t use Cisco products, this threat highlights an important point—the devices that guard your network need oversight just like any other business asset. Cybercriminals increasingly target smaller organizations with unpatched systems because they can serve as an easy entry point into larger networks.
What Your Business Can Do If Cisco Devices Are in Use
Small businesses can take these practical steps to reduce potential risk.
- Ask Your IT Provider About Firewall Updates: A simple question, “Are the security systems that protect our network fully updated and supported?,” can reveal whether your equipment needs attention.
- Confirm the Patching Process: Cisco has released fixed versions that remove the vulnerabilities. Your IT provider should confirm the update and check for any signs of compromise before and after applying it.
- Review Remote Access Settings: Ensure that only current employees have access to remote connections, with multi-factor authentication (MFA) enabled, and that your IT provider monitors for unusual login times or locations.
- Plan for Replacement of Aging Devices: Some older Cisco models are now out of support. Unsupported hardware cannot be updated and should be replaced with newer, secure equipment.
- Pause and Escalate If Compromise Is Suspected: Don’t attempt to fix issues by yourself. Your IT provider should isolate the affected system and, if necessary, contact Cisco or CISA for official guidance.
If Your Business Is Not Using Cisco Devices
Your business can still take valuable lessons from this threat by applying the following practices:
- Keep your firewall or router firmware updated and supported
- Use MFA for all remote access
- Regularly review and remove unused accounts or credentials
- Ask your IT provider how they monitor for suspicious activity on VPNs or remote-desktop connections
Conclusion
This CISA Emergency Directive highlights critical security issues. Even though the order applies only to government networks, small businesses should take it as a timely reminder to verify that IT providers are following best practices to keep systems up-to-date and secure. Staying proactive about IT oversight is one of the most effective ways to prevent data loss, service disruption, or reputational damage.
The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving threats. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.
About the NCSS
The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.
The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.