Cybersecurity involves preventing, detecting, and responding to cyberattacks that can have wide ranging effects on an organizations. Cyberattacks are malicious attempts to access or damage a computer system. Cyberattacks can lead to loss of money, theft of business information, and damage to a your reputation.
- Can use computers, mobile phones, gaming systems, and other devices;
- Can include identity theft;
- Can block your access or delete your business documents, pictures, and files.
- Can cause problems with business services, and power.
Protect Yourself Against a Cyberattack
- Keep software and operating systems up-to-date
- Use strong passwords and two-factor authentication (two methods of verification).
- Watch for suspicious activity. When in doubt, don’t click. Do not provide personal information.
- Use encrypted (secure) internet communications.
- Create backup files.
- Protect your business WiFi network.
Before a Cyberattack
You can increase your chances of avoiding cyber risks by setting up the proper controls. The following are things you can do to protect your property before a cyberattack occurs:
- Use strong passwords that are 12 characters or longer. Use upper and lowercase letters, numbers, and special characters. Change passwords monthly. Use a password manager.
- Use a stronger authentication such as a PIN or password that only you would know. Consider using a separate device that can receive a code or uses a biometric scan (e.g., fingerprint scanner).
- Watch for suspicious activity that asks you to do something right away, offers something that sounds too good to be true, or needs your personal information. Think before you click.
- Check your account statements and credit reports regularly.
- Use secure internet communications.
- Use sites that use HTTPS if you will access or provide any personal information. Do not use sites with invalid certificates. Use a Virtual Private Network (VPN) that creates a secure connection.
- Use antivirus solutions, malware, and firewalls to block threats.
- Regularly back up your files in an encrypted file or encrypted file storage device.
- Limit the personal information you share online. Change privacy settings and do not use location features.
- Protect your business network by changing the administrative and Wi-Fi passwords regularly. When configuring your router, choose the Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES) setting, which is the strongest encryption option.
During a Cyberattack
- Immediately change passwords for all of your online accounts.
- Scan and clean your device.
- Consider turning off the device. Take it to a professional to scan and fix.
- Contact banks, credit card companies, and other financial accounts. You may need to place holds on accounts that have been attacked. Close any unauthorized credit or charge accounts. Report that someone may be using your identity.
- Check to make sure the software on all of your systems is up-to-date.
- Run a scan to make sure your system is not infected or acting suspiciously.
- If you find a problem, disconnect your device from the Internet and perform a full system restore.
After a Cyberattack
- Consult a cyber security professional and prepare to enact your Emergency Response Plan (ERP)
- File a complaint with the FBI Internet Crime Complaint Center (IC3) at www.IC3.gov. They will review the complaint and refer it to the appropriate agency.
- Learn tips, tools, and more at www.dhs.gov/stopthinkconnect.
- File a report with the local police so there is an official record of the incident.
- Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.
- For further information on preventing and identifying threats, visit US-CERT’s Alerts and Tips page.