According to ready.gov, cybersecurity involves preventing, detecting and responding to cyberattacks. With many more people working remotely and/or from home with the COVID-19 pandemic, here are several guidelines to help before, during and after a cyber attack.

In addition to the bullet-points below, here is a printable guide that could help remind co-workers to be on the lookout for suspicious activity.

Cyberattacks can occur in many ways, including:

  • Accessing your personal computers, mobile phones, gaming systems and other internet and Bluetooth connected devices.
  • Damaging your financial security, including identity theft.
  • Blocking your access or deleting your personal information and accounts.
  • Targeting children and adults.
  • Complicating your employment, business services, transportation and power grid.

Protect Yourself Against Cyberattacks

  • Watch for suspicious activity that asks you to do something right away, offers something that sounds too good to be true or needs your personal information. Think before you click, and when in doubt, do NOT click. Do not provide personal information.
  • Limit the personal information you share online. Change privacy settings and do not use location features.
  • Keep software applications and operating systems up-to-date.
  • Using a password manager, use upper and lowercase letters, numbers and special characters, as well as, two-factor authentication (two methods of verification). Several password managers can be used for free, including Zoho Vault.
  • Use encrypted (secure) Internet communications.
  • Protect your home and/or business by using a secure Internet connection and Wi-Fi network.
  • Use a stronger authentication such as a personal identification number (PIN) or password that only you would know.
  • Check your account statements and credit reports regularly.
  • Only share personal information on secure sites (e.g. “https://”). Do not use sites with invalid certificates.
  • Use a Virtual Private Network (VPN) that creates a more secure connection.
  • Use antivirus solutions, malware and firewalls to block threats.
  • Regularly back up your files in an encrypted file or encrypted file storage device.
  • Protect your home network by changing the administrative and Wi-Fi passwords regularly. When configuring your router, use either the instruction manual or speak to your internet-cable provider, to setup the Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES) setting, which is the strongest encryption option.

During a Cyberattack

  • Let work, school or other system owners know.
  • Check your credit statement for unrecognizable charges.
  • Check your credit reports to be aware of open accounts and/or loans you did not open.
  • Be alert for soliciting emails and social media users asking for private information.
  • If you notice strange activity, (e.g. inappropriate pop-up windows), limit the damage by immediately changing all of your internet account passwords.
  • Consider turning off the device. Take it to a professional to scan for potential viruses and fix.
  • Contact banks, credit card companies and other financial services companies where you hold accounts. You may need to place holds on accounts that have been attacked. Close any unauthorized credit or charge accounts. Report that someone may be using your identity.
  • Check to make sure the software on all of your systems is up-to-date.
  • Run a security scan on your computer/device to make sure your system is not infected or acting more slowly or inefficiently.
  • If you find a problem, disconnect your device from the Internet and perform a full system restore.

After a Cyberattack

  • Change your passwords for your online accounts
  • File a report with the Office of the Inspector General (OIG) if you think someone is illegally using your Social Security number.
  • File a complaint with the FBI Internet Crime Complaint Center (IC3). They will review the complaint and refer it to the appropriate agency.
  • File a report with the local police so there is an official record of the incident.
  • Report identity theft to the Federal Trade Commission.
  • Contact the Federal Trade Commission (FTC) at ftc.gov/complaint if you receive messages from anyone claiming to be a government agent.
  • Contact additional agencies depending on what information was stolen. Examples include contacting:
    • the Social Security Administration (800-269- 0271) if your social security number was compromised, or
    • the Department of Motor Vehicles if your driver’s license or car registration has been stolen.
  • Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.
  • Engage virtually with your community through video and phone calls. Know that it’s normal to feel anxious or stressed. Take care of your body and talk to someone if you are feeling upset. Many people may already feel fear and anxiety about the coronavirus 2019 (COVID-19). The threat of a cyber attack can add additional stress. Follow CDC guidance for managing stress during a traumatic event and managing stress during COVID-19.

More on what to do after a cyber attack can be found here.