What does a cyberattack look like to you the user?

  1. You can’t gain access to your computer
  2. Your computer shuts down and restarts randomly
  3. Your password fails, or access to applications is no longer possible
  4. Software applications are no longer available, or are disabled
  5. Your environment becomes defaced, e.g. website or social media
  6. Social media is sending out many messages or requests
  7. You have pop-ups appearing in your browser or on your screen
  8. You’re getting mysterious emails, many emails, or your email data is missing
  9. You are being prompted to change your password from unfamiliar screens
  10. Your IT becomes very slow
  11. You may receive contact from other means – phone call, texts, a visitor
  12. Items go missing – files, money, documents
  13. You receive fake correspondence – invoices, notices, requests, bank statements, tax notice
  14. Files you previously could get to you can no longer get to
  15. A demand appears on your screen telling you that you have been encrypted
  16. Graphics do not present as normal
  17. You are told or messaged that you have been attacked



Actions on recognising a cyberattack

Immediate actions
  1. Observe what it is that you see on the screen – take a photo of the whole screen
  2. If your device: Unplug the device – power and network. (Or do you leave on and monitor?)
  3. If on-premise solution: Segregate the IT (unplug the network) to stop the proliferation
  4. If software: Do not move or click any buttons (log off?)
  5. Note what you are doing – visiting a website, looking at email, opening an attachment
  6. Tell surrounding colleagues and report it to your supervisor
  7. Don’t contact the perpetrator – they do not yet know about you
  8. Don’t share any personal data or information
  9. Report it to IT support
  10. Manage your unfolding crisis
Secondary actions
  1. Don’t pay the ransom
  2. Continue not to share information
  3. Change your password/s if you use the same password across platforms
  4. Update your security questions, recovery questions, and restricted information
  5. Contact relevant authorities, bank staff, taxation, government officials, social media companies
  6. Items may be cancelled, so order new credit cards, bank cards, domain, email accounts, social media accounts, passport, phone number, etc.
  7. Discuss the event with your IT support, and their next actions
  8. Assess the damage and identify the extent of the attack
  9. Prepare secondary means or devices for use and access to your information, e.g. if your PC is infected use your phone for email
  10. Remediate your IT, run scans, restore from backups, rebuild IT
  11. Update your team and affected stakeholders
Tertiary actions
  1. Investigate the how and why of the attack
  2. Put in place remediation steps and stronger defences
  3. Consider improved security – complex passwords, multifactor authentication
  4. Document: detail the how, why, where and when
  5. Report to Police or Government officials
  6. Consider cybersecurity insurance
  7. Notify the OAIC if you need to comply with mandatory reporting and notifiable data breach after a cyberattack
  8. Undertake further education
  9. Improve your responses with IT support and third-party providers
  10. Revise your cybersecurity plan and responses



To mitigate a cyberattack

  1. Consider alternative device use (laptop, smartphone, personal computer, Cloud services, etc.) – don’t put all your eggs in one basket
  2. Consider a range of preventative measures – complex passwords, antivirus software, mail scanning, two-factor authentications, a layered defence
  3. Implement a backup to allow the remediation after an attack; keep software authorisation codes separate for a restore – mitigation steps
  4. Consider multiple means to access your data or accounts, e.g. phone banking, web-based bank access
  5. Implement a range of layered passwords and access strategies rated at:
    • Simple (non-sensitive, not important, e.g. an online book reader)
    • Medium (personal data but not financial, e.g. social media account)
    • Complex (online purchases that contain credit card information, e.g. Amazon)
    • Highly complex (financial data and significant personal data, e.g. smartwatch)
    • Ultimate (close personal significant finances and data that often involve two-factor authentication – banking, taxation office, share trading, etc.)
  6. Keep yourself private – don’t become the target
  7. There is a relationship with security and cost – free can be insecure; pay to be secure. Ease of use can also indicate lesser security (Facebook, Gmail, LinkedIn, etc.)
  8. Mange your exposure – update software, apply patches, update devices, regularly review accounts, apply the direction from your authorities
  9. Set up a relationship to consult or work with a security professional or IT support
  10. Be naturally suspicious of people or activities that you do not know or trust