What does a cyberattack look like to you the user?
- You can’t gain access to your computer
- Your computer shuts down and restarts randomly
- Your password fails, or access to applications is no longer possible
- Software applications are no longer available, or are disabled
- Your environment becomes defaced, e.g. website or social media
- Social media is sending out many messages or requests
- You have pop-ups appearing in your browser or on your screen
- You’re getting mysterious emails, many emails, or your email data is missing
- You are being prompted to change your password from unfamiliar screens
- Your IT becomes very slow
- You may receive contact from other means – phone call, texts, a visitor
- Items go missing – files, money, documents
- You receive fake correspondence – invoices, notices, requests, bank statements, tax notice
- Files you previously could get to you can no longer get to
- A demand appears on your screen telling you that you have been encrypted
- Graphics do not present as normal
- You are told or messaged that you have been attacked
Actions on recognising a cyberattack
Immediate actions
- Observe what it is that you see on the screen – take a photo of the whole screen
- If your device: Unplug the device – power and network. (Or do you leave on and monitor?)
- If on-premise solution: Segregate the IT (unplug the network) to stop the proliferation
- If software: Do not move or click any buttons (log off?)
- Note what you are doing – visiting a website, looking at email, opening an attachment
- Tell surrounding colleagues and report it to your supervisor
- Don’t contact the perpetrator – they do not yet know about you
- Don’t share any personal data or information
- Report it to IT support
- Manage your unfolding crisis
Secondary actions
- Don’t pay the ransom
- Continue not to share information
- Change your password/s if you use the same password across platforms
- Update your security questions, recovery questions, and restricted information
- Contact relevant authorities, bank staff, taxation, government officials, social media companies
- Items may be cancelled, so order new credit cards, bank cards, domain, email accounts, social media accounts, passport, phone number, etc.
- Discuss the event with your IT support, and their next actions
- Assess the damage and identify the extent of the attack
- Prepare secondary means or devices for use and access to your information, e.g. if your PC is infected use your phone for email
- Remediate your IT, run scans, restore from backups, rebuild IT
- Update your team and affected stakeholders
Tertiary actions
- Investigate the how and why of the attack
- Put in place remediation steps and stronger defences
- Consider improved security – complex passwords, multifactor authentication
- Document: detail the how, why, where and when
- Report to Police or Government officials
- Consider cybersecurity insurance
- Notify the OAIC if you need to comply with mandatory reporting and notifiable data breach after a cyberattack
- Undertake further education
- Improve your responses with IT support and third-party providers
- Revise your cybersecurity plan and responses
To mitigate a cyberattack
- Consider alternative device use (laptop, smartphone, personal computer, Cloud services, etc.) – don’t put all your eggs in one basket
- Consider a range of preventative measures – complex passwords, antivirus software, mail scanning, two-factor authentications, a layered defence
- Implement a backup to allow the remediation after an attack; keep software authorisation codes separate for a restore – mitigation steps
- Consider multiple means to access your data or accounts, e.g. phone banking, web-based bank access
- Implement a range of layered passwords and access strategies rated at:
- Simple (non-sensitive, not important, e.g. an online book reader)
- Medium (personal data but not financial, e.g. social media account)
- Complex (online purchases that contain credit card information, e.g. Amazon)
- Highly complex (financial data and significant personal data, e.g. smartwatch)
- Ultimate (close personal significant finances and data that often involve two-factor authentication – banking, taxation office, share trading, etc.)
- Keep yourself private – don’t become the target
- There is a relationship with security and cost – free can be insecure; pay to be secure. Ease of use can also indicate lesser security (Facebook, Gmail, LinkedIn, etc.)
- Mange your exposure – update software, apply patches, update devices, regularly review accounts, apply the direction from your authorities
- Set up a relationship to consult or work with a security professional or IT support
- Be naturally suspicious of people or activities that you do not know or trust