In an increasingly growing interconnected world, we are often unaware that some of our actions can have adverse effects and pose risks not only to us, but our families, our friends, our communities, and even our country. Cyber attacks are a growing threat, especially to the United States. Consequences as you can imagine consist of intellectual property loss, financial loss, service disruptions, reputational damage, and costs of recovery to cyber attacks and incidents. Staying informed about dangers on a resource that touches our lives in many forms every day, to protect ourselves is the first step in making the Internet a safer place for everyone. While attaining 100% security will never happen, cybersecurity is a shared responsibility, preventative measures can be taken by each of us to lessen the likeliness of an exploit or vulnerability.

Cybersecurity involves the protection the infrastructure by preventing, detecting, and responding to cyber incidents. Unlike physical threats or other threats that are easily identified; cyber events are difficult to identify and understand. Among these malicious threats that lurk about are viruses that can erase entire systems, intruders such as tojans breaking into systems, altering files and using your computer or device to attack others, or threats that steal confidential information. The magnitude of these cyber threats are limitless, some having more of an impact with differing severity than others that can have lasting effects on individuals, communities and the nation.

Before

You can take steps and preventative measures to lessen your chances of being vulnerable to cyber risks by following some best practices. The following are best practices you can do to protect yourself, your property, your family, your friends, and your country before a cyber incident occurs.

Stay Safe

• If at all possible, connect to sites and the Internet using secure protocols such as https and over password protected networks and systems
• Always exercise caution when proceeding with unfamiliar sites, URLs, links, attachments, emails or files. Many exploits result when the user opens a file or activates an element they are unfamiliar with and are unsure of the source which gives the adversary an opening.
• Exercise extreme caution concerning requests for personally identifable information. In general most entities such banks and companies will never ask for your personal informtion over the Internet. There are exceptions: such as trusted sites that have URLs that begin with https:// and make use of SSL/TLS, such as the United States Social Security Administration website.
• Always use up to date antivirus, antimalware, antispyware software.
• Use hard to guess but meaningful to you and only you passwords. If at all possible use pass phrase over passwords. For example "MyPasswordIsSuperStrong" is an example of a passphrase and is stronger than "Password" a simple password.
• Perform operating system and program updates regularly.
• Make regular backups of your files and computer data.
• Secure your network and Internet connection with a firewall.
• Enable the strongest available security for your devices: computers, routers, wireless access points, portable devices, handheld devices.

Stay Informed

Cyber incidents are impossible to predict, as are their intent and nature. There may or may not be any warning. Some cyber incidents take a long time (weeks, months or years) to be discovered and identified. Familiarize yourself with the types of threats and protective measures you can take by:

• Visiting the United States Computer Emergency Readiness Team (US-CERT) mailing list to receive the latest cybersecurity information directly to your inbox. Written for home and business users, alerts provide timely information about current security issues and vulnerabilities. You may Sign up to recieve news and information from US-CERT
• Visiting the United States Department of Homeland Security website Cybersecurity resource. U.S. DHS Cybersecurity. You may also sign up for DHSs Stop. Think. Connect. Campaign and receive a monthly newsletter with cybersecurity current events and tips.

During

Immediate Actions

• Check to make sure the software on all of your systems/devices is up to date.
• Run a virus/malware scan to make sure your system is not infected or acting suspiciously.
• If you find a problem, disconnect your device from the Internet and perform a full system restore.
  • Disconnecting the device from the Internet takes away its ability to communicate with a potential remote adversary or be used for malicious intents if the system/device has been compromised in this manner.

At Home

• Disconnect your device (computer, gaming system, tablet, etc.) from the Internet. By removing the Internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your device to attack others.
• If you have antivirus software installed on your computer, update the virus definitions if possible, and perform a manual scan of your entire system. Install all of the appropriate patches to fix known vulnerabilities.

At Work

• If you have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network.
• If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

At a Public Place (library, school, etc.)

• Immediately inform a librarian, teacher, or manager in charge. If they have access to an IT department, contact them immediately.

Immediate Actions if your Personally Identifiable Information (PII) is compromised:

PII is information that can be used to uniquely identify, contact, or locate a single person. PII includes but is not limited to:

• Full Name
• Social security number
• Address
• Date of birth
• Place of birth
• Drivers License Number
• Vehicle registration plate number
• Credit card numbers
• Physical appearance
• Gender or race

If you believe your PII is compromised:

• Immediately change all passwords; financial passwords first. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
• If you believe the compromise was caused by malicious code, disconnect your computer from the Internet.
• Restart your computer in safe mode and perform a full system restore.
• Contact companies, including banks, where you have accounts as well as credit reporting companies.
• Close any accounts that may have been compromised. Watch for any unexplainable or unauthorized charges to your accounts.

After

• File a report with the local police so there is an official record of the incident.
• Report online crime or fraud to your local United States Secret Service (USSS) Electronic Crimes Task Force or the Internet Crime Complaint Center.
• Report identity theft to the Federal Trade Commission.
• If your PII was compromised, consider other information that may be at risk. Depending what information was stolen, you may need to contact other agencies; for example, if someone has gained access to your Social Security number, contact the Social Security Administration. You should also contact the Department of Motor Vehicles if your drivers license or car registration has been stolen.
• For further information on preventing and identifying threats, visit US-CERTs Alerts and Tips page.

Resources

Web Resources

 Disclaimer

• U.S. Department of Homeland Security
  
  The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. This requires the dedication of more than 230,000 employees in jobs that range from aviation and border security to emergency response, from cybersecurity analyst to chemical facility inspector. Our duties are wide-ranging, but our goal is clear: keeping America safe.
• DHS United States Computer Emergency Readiness Team
  
  US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.
• DHS Stop Think Connect Campaign
  
  The Stop.Think.Connect. Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.
• United States Secret Service Electronic Crimes Task Force
  
  On October 26, 2001, President Bush signed into law H.R. 3162, the USA PATRIOT Act. The U.S. Secret Service was mandated by this Act to establish a nationwide network of Electronic Crimes Task Forces (ECTFs). The concept of the ECTF network is to bring together not only federal, state and local law enforcement, but also prosecutors, private industry and academia. The common purpose is the prevention, detection, mitigation and aggressive investigation of attacks on the nations financial and critical infrastructures.
• Federal Bureau of Investigation
  
  We lead the national effort to investigate high-tech crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud. To stay in front of current and emerging trends, we gather and share information and intelligence with public and private sector partners worldwide.
• Department of Justice : Cybercrime
  
  The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Departments national strategies in combating computer and intellectual property crimes worldwide. CCIPS prevents, investigates, and prosecutes computer crimes by working with other government agencies, the private sector, academic institutions, and foreign counterparts. Section attorneys work to improve the domestic and international infrastructure-legal, technological, and operational-to pursue network criminals most effectively. The Sections enforcement responsibilities against intellectual property crimes are similarly multi-faceted. Intellectual Property (IP) has become one of the principal U.S. economic engines, and the nation is a target of choice for thieves of material protected by copyright, trademark, or trade-secret designation. In pursuing all these goals, CCIPS attorneys regularly run complex investigations, resolve unique legal and investigative issues raised by emerging computer and telecommunications technologies; litigate cases; provide litigation support to other prosecutors; train federal, state, and local law enforcement personnel; comment on and propose legislation; and initiate and participate in international efforts to combat computer and intellectual property crime.
• Federal Communications Commission
  
  The Federal Communications Commission regulates interstate and international communications by radio, television, wire, satellite and cable in all 50 states, the District of Columbia and U.S. territories. An independent U.S. government agency overseen by Congress, the commission is the United States primary authority for communications law, regulation and technological innovation.
• Internet Crime Complaint Center
  
  The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.
• Federal Trade Commission
  
  To prevent business practices that are anticompetitive or deceptive or unfair to consumers; to enhance informed consumer choice and public understanding of the competitive process; and to accomplish this without unduly burdening legitimate business activity.
• National Cyber Security Alliance
  
  National Cyber Security Alliance mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting the technology individuals use, the networks they connect to, and our shared digital assets.
• National Center for Missing and Exploited Children Cyber Tipline
  
  The National Center for Missing & Exploited Children provides services, resources and technical assistance to child victims of abduction and sexual exploitation, their families and the professionals who serve them. NCMEC provides the most comprehensive resources regarding missing children, child sexual exploitation, child safety and prevention, law enforcement training and victim and family support.
• Internet Crimes Against Children Taskforce
  
  The ICAC Task Force was created to help Federal, State and local law enforcement agencies enhance their investigative responses to offenders who use the Internet, online communication systems, or computer technology to sexually exploit children. The Program is funded by the United States Department of Justice, Office of Juvenile Justice and Delinquency Prevention.
• NetSmartz
  
  NetSmartz Workshop is an interactive, educational program of the National Center for Missing & Exploited Children® (NCMEC) that provides age-appropriate resources to help teach children how to be safer on- and offline. The program is designed for children ages 5-17, parents and guardians, educators, and law enforcement.

• Avast! Antivirus Home Editon - Free
  
  A full featured antivirus package designed exclusively for non commercial & home use only
• SpyBot Search and Destroy - Free
  
  Detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications
• Comodo
  
  List of Free Tools to increase the strength of your computer security
• AVG Antivirus - Free
  
  Provides a free basic antivirus and antispyware protection for Windows

• CCleaner - Free
  
  System cleaning utility
• Defraggler- Free
  
  System Defragmenter