Cyberattacks can come in the form of viruses, malware, email phishing, social media fraud - the spectrum of cyber threats is limitless. We are more interconnected than ever before, but for all of the advantages, that connectivity leaves us vulnerable to the risks of fraud, theft, abuse, and attack. Cybercrime can have wide-ranging impacts, at the individual, local, state, and national levels.
- Organized cybercrime, state-sponsored hackers, and cyber espionage can pose national security risks to our country and our critical infrastructure.
- Transportation, power, and other services may be disrupted by large scale cyber incidents. The extent of the disruption is highly uncertain as it will be determined by many unknown factors such as the target and size of the incident.
- Vulnerability to data breach and loss increases if an organization's network is compromised. Information about a company, its employees, and its customers can be at risk.
- Individually-owned devices such as computers, tablets, mobile phones, and gaming systems that connect to the Internet are vulnerable to intrusion. Personal information may be at risk without proper security.
You can find more detailed information about current concerns through the U.S. Department of Homeland Security - Cybersecurity and Infrastructure Security Agency's website (CISA). Your personal computer anti-virus/security software provider will also have more information to properly protect your computer and devices.
Take Action Before Cybercrime and Cyber Terrorism
You can increase your chances of avoiding cyber risks by setting up the proper controls and sharing information with your friends and family when known risks exist.
Lock or log-off your computer when you are away from it. This prevents another person from waiting for you to leave and then sitting down at your computer and accessing all of your information.
Look for signals that you are using a secure webpage. A secure site encrypts or scrambles personal information so it cannot be easily intercepted. Signals include a screen notice that says you are on a secure site, a closed lock or unbroken key in the bottom corner of your screen, or the first letters of the Internet address you are viewing changes from "http" to "https."
Look for a privacy policy statement or seal that indicates the site abides by privacy standards. Take time to read how your privacy is protected.
Take Action on Your Computer and Handheld Devices
- Stay protected while connected. Only connect to the Internet over secure, password-protected networks. Avoid free internet with no encryption. If you do use an unsecure public access point, avoid sensitive activities that require passwords or credit cards.
- If you are unsure of who an email is from, do not respond and do not click on any links or attachments.
- Do not respond to online requests for Personally Identifiable Information (PII); most organizations – banks, universities, companies, etc. – do not ask for your personal information over the Internet. PII includes, but is not limited to, your full name, social security number, address, date of birth, place of birth, driver's license number, vehicle registration plate number, credit card numbers, and physical appearance.
- Limit who you are sharing information with by reviewing the privacy settings on your social media accounts. Disable geotagging, which allows anyone to see where you are – and where you are not.
- Password-protect all devices that connect to the Internet and user accounts. Create a strong password that contains multiple characters, numbers, capitalized letters, and symbols.
- Do not use the same password twice. Choose a password that means something to you and you only and change your passwords on a regular basis.
- Enable multi-factor authentication to ensure that the only person with access to your accounts is you.
- Apps can be a source for identity theft and malicious activity. Only download apps from trusted sources. Check your app permissions and only allow what is necessary. Delete apps that you no longer use or need.
- If you see something suspicious, report it to the proper authorities.
Be Safe During Cybercrime or Cyber Terrorism
If you know that you are the victim of a cyber-attack, or if you know that an attack has occurred, you should take actions to ensure that your personal data is protected. Check to make sure the software on all of your systems is up-to-date. Run a scan to make sure your system is not infected or acting suspiciously. If you find a problem, disconnect your device from the Internet and perform a full system restore.
Be Safe At Home
- Disconnect your device (computer, gaming system, tablet, etc.) from the Internet. By removing the Internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your device to attack others.
- If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. Install all of the appropriate patches to fix known vulnerabilities.
Be Safe At Work
- If you have access to an information technology department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network.
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
Be Safe if Your PII is Compromised
- Immediately change all passwords, beginning with your financial passwords. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- If you believe the compromise was caused by malicious code, disconnect your computer from the Internet.
- Restart your computer in safe mode and perform a full system restore.
- Contact companies, including banks, where you have accounts as well as credit reporting companies.
- Close any accounts that may have been compromised. Watch for any unexplainable or unauthorized charges to your accounts.
Take Action After Cybercrime or Cyber Terrorism
After a cyber-attack that personally impacts your information or your organization's information, you should take actions to ensure that your data is protected and that appropriate reports are made to local law enforcement. You can also report online crime or fraud to your local United States Secret Service Electronic Crimes Task Force or the Internet Crime Complaint Center. Report identity theft to the Federal Trade Commission. Report phishing scams to the National Cybersecurity Communications and Integration Center.
If your Personally Identifiable Information (for example your social security number) was compromised, consider other information that may be at risk. Depending on what information was stolen, you may need to contact other agencies; for example, if someone has gained access to your Social Security number, contact the Social Security Administration. You should also contact the Division of Motor Vehicles if your driver's license or car registration has been stolen.