You may not know that your actions online might put you, your family, and even your country at risk. Learning about the dangers online and taking action to protect yourself is the first step in making the Internet safer for everyone. Cyber security is a shared responsibility. We each have a role to play.
Cyber threats are often hard to figure out and understand. These are not like physical threats that need immediate action. Cyber dangers can be viruses erasing entire systems, people breaking into systems and changing files, people using your computer or device to attack others, or people stealing confidential information. The range of cyber risks has no limit. Some threats are more serious and advance than others. Some of these threats can have wide-ranging effects on the person, area, group and nation. These risks include:
- Organized cybercrime, state-sponsored hackers and cyber espionage can pose national security risks to our country.
- Transportation, power and other services may be messed up by large scale cyber events.
- Openness to data breach and loss grows if a group’s or company’s network is compromised. Information about a company, its employees and customers can be at risk.
- Individually-owned devices such as computers, tablets, mobile phones and gaming systems that connect to the Internet are open to intrusion. Personal information may be at risk without proper security.
Before a Cyber Attack
You can stay away from cyber risks by setting up the right controls. Below are things you can do to protect yourself and property before a cyber event.
- Only connect to the Internet over secure, password-protected networks.
- Do not click on links or pop-ups, open attachments or respond to emails from people you don’t know.
- Always enter a URL by hand instead of following links if you don’t know the sender.
- Do not reply to online requests for Personally Identifiable Information (PII). Most businesses/groups – banks, universities, companies, etc. – do not ask for your personal information over the Internet.
- Limit who you are sharing information with by checking the privacy settings on your social media accounts.
- Trust your gut. If you think an offer is too good to be true, then it probably is.
- Protect all devices by putting a password on all devices that connect to the Internet and user accounts.
- Don’t use the same password twice. Choose a password that means something to you and you only. Change your passwords on a regular basis.
- If you see something unusual, report it to the police.
It is hard to know the extent, nature and timing of cyber incidents. There may or may not be any warning. Some cyber incidents take a long time (weeks, months or years) to be found out. It may take just as long to find out who started it. Learn the types of threats and protective things you can do.
- Sign up for the United States Computer Emergency Readiness Team (US-CERT) mailing list to get the latest cyber-security news by email. Written for home and business users, alerts give timely information about current security issues and weaknesses. Sign up here.
- Becoming a Friend of the Department of Homeland Security’s Stop.Think.Connect. Campaign. Get a monthly newsletter with cyber security current events and tips. Sign up here.
During a Cyber Attack
- Check to make sure the software on all of your systems is up-to-date.
- Run a scan to make sure your system is not infected or acting odd.
- If you find a problem, disconnect your device from the Internet and carry out a full system restore.
- Disconnect your device (computer, gaming system, tablet, etc.) from the Internet. By removing the Internet connection, you stop an attacker or virus from being able to access your computer. This means the virus or hacker can’t find your personal data, delete files, or use your device to attack others.
- If you have anti-virus software installed on your computer, update the virus definitions if possible. Perform a manual scan of your entire system. Put in all of the appropriate patches to fix known weaknesses.
- If you have access to an IT department, contact them quickly. The sooner they can check and clean your computer, the less damage to your computer and other computers on the network.
- If you feel you might have shown sensitive information about your organization, tell it to the right people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
At a Public Place (library, school, etc.)
- Inform a librarian, teacher or manager in charge. If they have access to an IT department, contact them immediately.
Immediate Actions if your Personally Identifiable Information (PII) is compromised:
PII is information that can be used to uniquely identify, contact or locate a single person. PII includes but is not limited to:
- Full Name
- Social security number
- Date of birth
- Place of birth
- Driver’s License Number
- Vehicle registration plate number
- Credit card numbers
- Physical appearance
- Gender or race
If you believe your PII is compromised:
- Immediately change all passwords. Start with your financial passwords. If you used the same password for multiple things, make sure to change it for each account. Do not use that password in the future.
- If you feel the compromise was caused by malicious code, disconnect your computer from the Internet.
- Restart your computer in safe mode and perform a full system restore.
- Contact companies, including banks, where you have accounts as well as credit reporting companies.
- Close any accounts that may have been compromised. Watch for any unexplainable or unauthorized charges to your accounts.
After a Cyber Attack
- File a report with the local police, so there is an official record of the event.
- Report online crime or fraud to your local United States Secret Service (USSS) Field Office or the Internet Crime Complaint Center.
- Report identity theft to the Federal Trade Commission.
- If your PII was found, think about any other information that may be at risk. Depending what information was stolen, you may need to contact other agencies. For example, if someone has gained access to your Social Security number, contact the Social Security Administration. You should also contact the Department of Motor Vehicles if your driver's license or car registration has been stolen.
- For further information on preventing and identifying threats, visit US-CERT’s Alerts and Tips page.
More information on cyber security can be found at:
- Department of Homeland Security (DHS)
- DHS United States Computer Emergency Readiness Team (US-CERT)
- DHS Stop.Think.Connect.™Campaign
- United States Secret Service Field Offices
- Federal Bureau of Investigation
- Department of Justice
- Federal Communications Commission
- Internet Crime Complaint Center
- Federal Trade Commission
- National Cyber Security Alliance
- National Center for Missing & Exploited Children’s CyberTipline
- Internet Crimes Against Children Taskforce