Cybersecurity involves preventing, detecting, and responding to cyberattacks that can have wide ranging effects on the individual, organizations, the community, and at the national level. Cyberattacks are malicious attempts to access or damage a computer system. Cyberattacks can lead to loss of money, theft of personal information, and damage to your reputation and safety. Cyberattacks are malicious attempts to access or damage a computer system.
- Can use computers, mobile phones, gaming systems, and other devices;
- Can include identity theft;
- Can block your access or delete your personal documents and pictures;
- Can target children; and
- Can cause problems with business services, transportation, and power.
Protect Yourself Against a Cyberattack
- Keep software and operating systems up-to-date
- Use strong passwords and two-factor authentication (two methods of verification).
- Watch for suspicious activity. When in doubt, don't click. Do not provide personal information.
- Use encrypted (secure) internet communications.
- Create backup files.
- Protect your home and/or business WiFi network.
Before a Cyberattack
You can increase your chances of avoiding cyber risks by setting up the proper controls. The following are things you can do to protect yourself, your family, and your property before a cyberattack occurs:
- Use strong passwords that are 12 characters or longer. Use upper and lowercase letters, numbers, and special characters. Change passwords monthly. Use a password manager.
- Use a stronger authentication such as a PIN or password that only you would know. Consider using a separate device that can receive a code or uses a biometric scan (e.g., fingerprint scanner).
- Watch for suspicious activity that asks you to do something right away, offers something that sounds too good to be true, or needs your personal information. Think before you click.
- Check your account statements and credit reports regularly.
- Use secure internet communications.
- Use sites that use HTTPS if you will access or provide any personal information. Do not use sites with invalid certificates. Use a Virtual Private Network (VPN) that creates a secure connection.
- Use antivirus solutions, malware, and firewalls to block threats.
- Regularly back up your files in an encrypted file or encrypted file storage device.
- Limit the personal information you share online. Change privacy settings and do not use location features.
- Protect your home network by changing the administrative and Wi-Fi passwords regularly. When configuring your router, choose the Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES) setting, which is the strongest encryption option.
During a Cyberattack
- Limit the damage. Look for unexplained charges, strange accounts on your credit report, unexpected denial of your credit card, posts you did not make showing up on your social networks and people receiving emails you never sent.
- Immediately change passwords for all of your online accounts.
- Scan and clean your device.
- Consider turning off the device. Take it to a professional to scan and fix.
- Let work, school, or other system owners know. Information
- Contact banks, credit card companies, and other financial accounts. You may need to place holds on accounts that have been attacked. Close any unauthorized credit or charge accounts. Report that someone may be using your identity.
- Check to make sure the software on all of your systems is up-to-date.
- Run a scan to make sure your system is not infected or acting suspiciously.
- If you find a problem, disconnect your device from the Internet and perform a full system restore.
- If in a public setting immediately inform a librarian, teacher, or manager in charge to contact their IT department.
After a Cyberattack
- File a report with the Office of the Inspector General (OIG) if you think someone is illegally using your Social Security number. OIG reviews cases of waste, fraud, and abuse.
- File a complaint with the FBI Internet Crime Complaint Center (IC3). They will review the complaint and refer it to the appropriate agency.
- File a report with the local police so there is an official record of the incident.
- Report identity theft to the Federal Trade Commission.
- Contact additional agencies depending on what information was stolen. Examples include contacting the Social Security Administration (1-800-269- 0271) if you social security number was compromised, or the Department of Motor Vehicles if your driver's license or car registration has been stolen.
- Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.
- For further information on preventing and identifying threats, visit US-CERT’s Alerts and Tips page.
- Department of Homeland Security (DHS) (link)
- Cyberattack Information Sheet (PDF)
- DHS United States Computer Emergency Readiness Team (US-CERT) (link)
- DHS Stop.Think.Connect.™ Campaign (link)
- United States Secret Service Electronic Crimes Task Force (link)
- Federal Bureau of Investigation (link)
- Department of Justice (link)
- Federal Communications Commission (link)
- Internet Crime Complaint Center (link)
- Federal Trade Commission (link)
- National Cyber Security Alliance (link)
- National Center for Missing & Exploited Children’s CyberTipline (link)
- Internet Crimes Against Children Taskforce (link)
- NetSmartz (link)
- iKeepSafe (link)
- iSafe (link)