On Friday (1/30), the FCC issued a Public Notice strongly urging broadcasters to implement immediate cybersecurity protections after a rise in ransomware attacks on small and mid-size communications companies. This is not a routine advisory. The FCC is making clear that stations are expected to follow recognized cybersecurity best practices and that certain incidents may trigger mandatory reporting to federal authorities.  Here is why this matters:

• Ransomware can lock you out of automation, traffic, email, and critical files.
• Attacks often begin with a single employee click or stolen credentials.
• Recovery can take days or weeks and cost far more than the ransom itself.
• If customer data or EAS systems are affected, FCC reporting may be required within 24 hours.

Here are some simple actions you can take now to protect your team:

1. Turn on Multi-Factor Authentication for email, remote access, VPN, and cloud services.
2. Verify offline backups and test that you can restore from them.
3. Update and patch operating systems, automation, and remote access tools.
4. Train staff to recognize phishing and social engineering emails.
5. Limit access privileges and segment office networks from on-air systems.

If you are hit by ransomware, you may need to report the incident:

• CPNI breach: report within 7 business days via www.cpnireporting.gov
• Network outage: FCC outage reporting rules apply
• Unauthorized EAS transmission: report to FCCOPS@fcc.gov within 24 hours

Law enforcement resources:

• FBI IC3: https://complaint.ic3.gov
• CISA: Central@cisa.gov | 1-844-729-2472

If you have experienced an incident or want help evaluating your current protections, contact us directly at casey@michmab.com or dkelley@michmab.com

The full FCC Public Notice can be downloaded here for your engineering and IT teams.

Protecting your operations protects your audience and our industry’s credibility. Please treat this as a priority. Thank you,