Secure After Malicious Action

See Incident Response Guide for a comprehensive overview.

Secure Your Devices and Accounts

Minimizing the damage caused by a cyber incident requires prompt action to secure your devices and accounts. Below are general guidelines and detailed steps to strengthen your security posture.

General Guidelines

• Change All Passwords:
  • Ensure all your accounts have strong and unique passwords.
  • Use a password manager to securely generate and store passwords.
  • Avoid reusing passwords across multiple accounts.

• Enable Two-Factor Authentication (2FA):
  • Activate 2FA for all your accounts to add an additional layer of protection.
  • Choose app-based authentication (e.g., Google Authenticator, Authy) over SMS-based 2FA for enhanced security.

• Update Software and Security Systems:
  • Regularly update your operating systems, applications, and antivirus software to patch vulnerabilities.
  • Enable automatic updates wherever possible to stay protected from the latest threats.

Devices

Your devices are often the first targets of a cyber incident. Securing them is critical to preventing further damage.

Steps to Secure Your Devices

1. Disconnect from the Internet:

• • If you suspect a breach, immediately disconnect the affected device from all networks to limit the attack's spread.
  • Avoid connecting external devices (e.g., USB drives) that could also be infected.

1. Perform a Security Scan:

• • Run a complete malware and virus scan using trusted antivirus software.
  • If malware is detected, follow the removal instructions provided by your security software.

1. Reset to Factory Settings (if necessary):

• • If the device is heavily compromised, consider performing a factory reset.
  • Ensure you back up critical data before resetting and scan backups for infections.

1. Encrypt Your Devices:

• • Use full-disk encryption to protect sensitive data in case your device is lost or stolen.

1. Enable Firewalls and Security Features:

• • Ensure firewalls are activated to block unauthorized access.
  • Use built-in security features like "Find My Device" for remote locking or wiping.

Accounts

Securing your accounts ensures that attackers cannot gain unauthorized access to your personal or organizational data.

Steps to Secure Your Accounts

1. Audit Your Accounts:

• • Review your accounts for unusual activity, such as login attempts from unknown locations or devices.
  • Remove access for any unrecognized third-party applications or integrations.

1. Change Passwords:

• • Use strong, unique passwords for each account.
  • Avoid passwords that use dictionary words or common phrases.

1. Enable Account Recovery Options:

• • Set up account recovery options, such as secondary email addresses and phone numbers, to regain access if needed.
  • Verify that recovery information is up-to-date and secure.

1. Enable Two-Factor Authentication:

• • Use app-based 2FA for your most critical accounts, such as email, banking, and social media.
  • Consider hardware security keys (e.g., YubiKey) for enhanced protection.

1. Monitor Account Activity:

• • Regularly check account activity logs for unusual access or actions.
  • Enable alerts for suspicious login attempts.

1. Deactivate or Delete Unused Accounts:

• • Close accounts you no longer use to reduce potential attack surfaces.
  • Ensure data is securely removed before deactivating accounts.

Additional Resources

• refer to the Incident Response Guide for further guidance on responding to incidents.
• Consider using reputable online security platforms to monitor and manage your accounts and devices.

Conclusion

Cyber incidents can cause significant damage if not addressed promptly. By securing your devices and accounts, you reduce the likelihood of further exploitation and regain control over your digital assets. Follow the steps outlined in this guide to safeguard your data and systems.