Cyber Crime Prevention

While the Internet allows us to stay connected, informed, and involved with co-workers, family and friends, any public environment requires awareness and caution. Just as you use locks to keep criminals out of your home, you also need safeguards to secure your computer.

• Think Before You Click: Recognize and Report Phishing -- If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
• Update Your Software: Don't delay -- act promptly if you see a software update notification. Better yet, turn on automatic updates.
• Use Strong Passwords: Use passwords or passphrases that are long, unique, and randomly generated.
• Use password managers to generate and remember different, complex passwords for each account. A password manager will encrypt passwords, so you only need to remember one password!
• Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked. 
• Safeguard your phone. Always keep your mobile devices in your possession and be aware of your surroundings.
• Confirm before sharing. If you use social networking sites such as Facebook, limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
• Beware of any requests to update or confirm your personal information. Most businesses or organizations don’t ask for your personal information over email.
• Add only people you know on social media sites and programs like Skype; adding strangers could expose you and your personal information to scammers.
• Avoid opening attachments, clicking links, or responding to email messages from unknown senders or companies that ask for personal information.
• Beware of “free” gifts or prizes. If something is too good to be true, then it probably is.

Report a Cyber Incident

CISA provides a secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities.
Report a Cybersecurity Incident: Report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.

• Report an Incident
• Report Phishing
• Report a Vulnerability

Report incidents as defined by NIST Special Publication 800-61 Rev 2, to include

• Attempts to gain unauthorized access to a system or its data,
• Unwanted disruption or denial of service, or
• Abuse or misuse of a system or data in violation of policy.

Federal incident notification guidelines, including definitions and reporting timeframes, can be found  here.
Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to Central@CISA.dhs.gov

References:

• Cybersecurity & Infrastructure Security Agency (CISA) More than a Password. 
• Federal Trade Commission.  How To Recognize, Remove, and Avoid Malware | Consumer Advice (ftc.gov)
• Federal Trade Commission.  IdentityTheft.gov - When Information is Lost or Exposed
• Get Cyber Safe, National Cybersecurity Alliance, & CybSafe. (2022). Oh, Behave! The annual cybersecurity attitudes and behaviors report. 
• National Cybersecurity Alliance Manage Your Privacy Settings (staysafeonline.org)
• Office of the Privacy Commissioner of Canada  Tips for using privacy settings.
• SANS Security Awareness. (2024). OUCH! Security Awareness Newsletter. Retrieved from  https://www.sans.org/newsletters/ouch/
• SANS Institute. (2023). Power of Password Managers. OUCH! Security Awareness Newsletter. Retrieved from  https://www.sans.org/newsletters/ouch/power-password-managers
• SANS Institute. (2021). One Simple Step to Securing Your Accounts. OUCH! Security Awareness Newsletter. Retrieved from https://www.sans.org/newsletters/ouch/one-simple-step-to-securing-your-accounts/.
• "Theft, Fraud + Cybercrime," National Cybersecurity Alliance, https://staysafeonline.org/resources/theft-fraud-cybercrime/

1. Medical Devices - Be sure to find out who provides the information and know where you’re going online. Many pharmaceutical companies create websites with information to sell products; criminals will mimic these websites. Look for sites ending in .edu (for education) or .gov (for the government).
2. Banking - Avoid accessing your personal or bank accounts from a public computer or kiosk, such as the public library. Don’t reveal personally identifiable information such as your bank account number, social security number, or date of birth to unknown sources. When paying a bill or making an online donation, type the website URL into your browser instead of clicking on a link or cutting and pasting it from the email.
3. Shopping - Make sure the website address starts with “HTTPS,” s stands for secure. Look for the padlock icon at the bottom of your browser, indicating the site uses encryption. Type new website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.