Cyber attacks and data breaches have become a daily threat to both individuals and businesses. The different types of cyber risks are seemingly limitless and it’s all but impossible to predict exactly how and when you or your business may become a target for cyber criminals.

Adding to the uncertainty is the reality that cyber threats are often difficult to identify and comprehend. Some cyber incidents take a long time (weeks, months or years) to be discovered and identified. 

See also: 5 things every company should know about cyber breaches

Cyber risks include the following threats:

  • Individually-owned devices such as computers, tablets, mobile phones, and gaming systems that connect to the Internet are vulnerable to intrusion. Personal information may be at risk without proper security.
  • Vulnerability to data breach and loss increases if an organization’s network is compromised. Information about a company, its employees, and its customers can be at risk.
  • Transportation, power, and other services may be disrupted by large scale cyber incidents. The extent of the disruption is highly uncertain as it will be determined by many unknown factors such as the target and size of the incident.
  • Organized cybercrime, state-sponsored hackers, and cyber espionage can pose national security risks to businesses and governments

Here are 25 tips from Ready.gov for what to do to prevent and manage a cyber attack.

s

Cyber attack prevention

1. Only connect to the Internet over secure, password-protected networks.

2. Do not click on links or pop-ups, open attachments, or respond to emails from strangers.

3. Always enter a URL by hand instead of following links if you are unsure of the sender.

4. Don’t respond to online requests for personally identifiable information (PII).

5. Limit who you are sharing information with by reviewing the privacy settings on all social media accounts.

6. Trust your gut; if you think an offer is too good to be true, then it probably is.

7. Don’t use the same password twice; choose a password that means something to you and you only; change your passwords on a regular basis.

8. If you see something suspicious, report it to the proper authorities.

s

Actions to take during an online breach

9. Check to make sure the software on all of your systems is up-to-date.

10. Run a scan to make sure your system is not infected or acting suspiciously.

11. If you find a problem, disconnect your device from the Internet and perform a full system restore.

If you are at home:

12. Disconnect your device (computer, gaming system, tablet, etc.) from the Internet. 

13. If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. Install all of the appropriate patches to fix known vulnerabilities.

If you are at work:

14. If you have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network.

15. If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. 

If you believe your personally identifiable information (PII) is compromised:

16. Immediately change all passwords; financial passwords first. 

17. If you believe the compromise was caused by malicious code, disconnect your computer from the Internet.

18. Restart your computer in safe mode and perform a full system restore.

19. Contact companies, including banks, where you have accounts as well as credit reporting companies.

20. Close any accounts that may have been compromised. Watch for any unexplainable or unauthorized charges to your accounts.

s

What to do after a cyber attack

21. File a report with the local police so there is an official record of the incident.

22. Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.

23. Report identity theft to the Federal Trade Commission.

24. If your PII was compromised, consider other information that may be at risk. Depending what information was stolen, you may need to contact other agencies. For example, if someone has gained access to your Social Security number, contact the Social Security Administration. You should also contact the Department of Motor Vehicles if your driver’s license or car registration has been stolen.

25. For further information on preventing and identifying threats, visit the United States Computer Emergency Readiness Team’s (US-CERT) Alerts and Tips page.