Cyber Incident Response Guide (Personal): Difference between revisions
Initial Tag: wikieditor |
fixed mw Tag: wikieditor |
||
| Line 1: | Line 1: | ||
Here's the corrected MediaWiki format with the appropriate link hierarchies: | |||
```mediawiki | |||
= Cyber Incident Guide for Personal Use = | = Cyber Incident Guide for Personal Use = | ||
Prevention is the best option! | Prevention is the best option! | ||
The [ | The [Digital Force Protection Guide|dfp-guide] can help you prevent this from happening as well as preparing backups for recovery. | ||
Reacting to a potential cyber incident on personal devices, accounts, and networks | Reacting to a potential cyber incident on personal devices, accounts, and networks | ||
== Identify the | == Identify the incident == | ||
The first step in responding to a cyber incident is identifying what happened. The steps you take may vary depending on the nature of the incident. Here are some guidelines to help you identify different types of cyber incidents: | The first step in responding to a cyber incident is identifying what happened. The steps you take may vary depending on the nature of the incident. Here are some guidelines to help you identify different types of cyber incidents: | ||
* Monitor | * Monitor | ||
* | * '''Identify''' | ||
* Secure | * Secure | ||
* Restore | * Restore | ||
| Line 16: | Line 19: | ||
== Possible Hack == | == Possible Hack == | ||
Return to: [ | * Return to: [Identify the Incident|#identify-the-incident] | ||
=== HACK: Online === | === HACK: Online === | ||
Return to: [ | * Return to: [Identify the Incident|#identify-the-incident] | ||
'''Q: Are you locked out of your account?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Online Accounts|#online-accounts] section. | ||
'''Q: Is your financial account missing money?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Online Accounts|#online-accounts] section. | ||
'''Q: Are there changes or activities in your accounts that you didn't make?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Online Accounts|#online-accounts] section. | ||
=== HACK: Local === | === HACK: Local === | ||
Return to: [ | * Return to: [Identify the Incident|#identify-the-incident] | ||
'''Q: Has your mouse moved or computer turned on without your control?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Local Devices|#local-devices] section. | ||
'''Q: Did you get a ransomware message?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Local Devices|#local-devices] section. | ||
'''Q: Did you get a fake anti-virus or update message?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Local Devices|#local-devices] section. | ||
'''Q: Have you noticed a plugin, toolbar, or application installed that you did not install?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Local Devices|#local-devices] section. | ||
'''Q: Is your device running slowly or behaving abnormally?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Local Devices|#local-devices] section. | ||
'''Q: Pop-ups on the computer?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Local Devices|#local-devices] section. | ||
'''Q: Are your internet searches being redirected?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Local Devices|#local-devices] section. | ||
=== LEAK === | === LEAK === | ||
Return to: [ | * Return to: [Identify the Incident|#identify-the-incident] | ||
'''Q: Is your private information, like photos or personal details, shared online without your permission?''' | |||
If YES: Alert family and friends to the leak and advise them to be cautious of anyone attempting to pretend to be you. Freeze your credit report to prevent identity theft. | * If YES: Alert family and friends to the leak and advise them to be cautious of anyone attempting to pretend to be you. | ||
* Freeze your credit report to prevent identity theft. | |||
'''Q: Have personal images, video, or other media been shared online without your permission?''' | |||
If YES: Do not engage with the leaker. Identify the source of the leak and lock down the source of the leak. Identify the content that has been leaked. Identify direct links to the leaked content and store them for future reference. | * If YES: Do not engage with the leaker. Identify the source of the leak and lock down the source of the leak. Identify the content that has been leaked. Identify direct links to the leaked content and store them for future reference. | ||
=== BREACH === | === BREACH === | ||
Return to: [ | * Return to: [Identify the Incident|#identify-the-incident] | ||
'''Q: Suspect Data Breach?''' | |||
If YES: | * If YES: | ||
** Check your email on [https://haveibeenpwned.com|haveibeenpwned.com] | |||
** Jump to [Secure Online Accounts|#online-accounts] section. | |||
'''Q: Have you received any notifications from companies or organizations about a hack of their systems?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Online Accounts|#online-accounts] section. | ||
=== PHISHING === | === PHISHING === | ||
Return to: [ | * Return to: [Identify the Incident|#identify-the-incident] | ||
'''Q: Did you receive an email or message requesting personal or financial information?''' | |||
If YES: Mark the email as spam and delete it. | * If YES: Mark the email as spam and delete it. | ||
'''Q: Did you click on a suspicious link or download an attachment from an unknown source?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Your Devices and Network|#network] section. | ||
=== SCAM === | === SCAM === | ||
'''Q: Did someone request money or your banking information from you?''' | |||
If YES: Be cautious. Read about | * If YES: Be cautious. Read about [http://www.consumerfinance.gov/ask-cfpb/what-are-some-common-types-of-scams-en-2092/|common finance scams]. | ||
* Scammers may pressure you with fear, desire, stress, greed, and other emotions to lower your guard. | |||
'''Q: Did you send money to the scammer?''' | |||
If YES: Consider the money gone, and do not pay the scammer again. Report the incident to the local police department and | * If YES: Consider the money gone, and do not pay the scammer again. Report the incident to the local police department and [https://reportfraud.ftc.gov/#/|file a complaint with the FTC]. | ||
'''Q: Did you install anything from the scammer?''' | |||
If YES: Jump to [ | * If YES: Jump to [Secure Your Devices and Network|#network] section. | ||
'''Q: Did you give the scammer any personal or sensitive information?''' | |||
If YES: Immediately report the incident to the local police department and | * If YES: Immediately report the incident to the local police department and [https://reportfraud.ftc.gov/#/|file a complaint with the FTC]. | ||
=== ACCIDENT === | === ACCIDENT === | ||
Return to: [ | * Return to: [Identify the Incident|#identify-the-incident] | ||
'''Q: Has your device been stolen?''' | |||
If YES: Immediately change all passwords for your accounts and enable two-factor authentication for all your accounts connected to the device. Attempt to locate the device using a tracking app or service. Consider factory resetting the device and wiping all data if necessary. | * If YES: Immediately change all passwords for your accounts and enable two-factor authentication for all your accounts connected to the device. Attempt to locate the device using a tracking app or service. Consider factory resetting the device and wiping all data if necessary. | ||
'''Q: Did you accidentally delete important files or information?''' | |||
If YES: Refer to the [ | * If YES: Refer to the [Restore|#restore] section for steps on data recovery. | ||
== Secure == | == Secure == | ||
After identifying the nature of the cyber incident, take the necessary steps to secure your digital environment. Return to | After identifying the nature of the cyber incident, take the necessary steps to secure your digital environment. [Return to Identify the Incident|#identify-the-incident] for further guidance. | ||
=== Online Accounts === | === Online Accounts === | ||
Secure your online accounts immediately by taking the following steps: | Secure your online accounts immediately by taking the following steps: | ||
* | * '''Change Passwords''': Update passwords for all critical accounts and store using a [password manager|/resources/guides/dfp-guide/password-manager]. | ||
* | * '''Enable Multi-Factor Authentication''': Enhance security by enabling MFA. For guidance, see our [MFA setup guide|/resources/guides/dfp-guide/mfa-guide#how-to-enable-mfa]. | ||
* | * '''Search for a Data Breach''': Check your email on [https://haveibeenpwned.com|haveibeenpwned.com]; change authentication to any accounts identified or any accounts using the same password as the account in question. | ||
* | * '''Specific Accounts to Secure''': | ||
** '''Email Accounts''': Prioritize accounts used for account recovery. | |||
** '''Finance and Banking''': High-value targets, especially crypto accounts. | |||
** '''Mobile Carrier''': Secure to prevent SIM swapping. | |||
** '''Social Media''': Prevent impersonation and fraud. | |||
* Remove Online Data Opt-Out Lists | * Remove Online Data Opt-Out Lists [https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List|here]. | ||
Review additional measures in the [ | Review additional measures in the [Online Account Hack section|#hack-online]. | ||
=== Local Devices === | === Local Devices === | ||
Take immediate action to secure and analyze your local devices: | Take immediate action to secure and analyze your local devices: | ||
# | # '''Disconnect from the Internet''': Stop further unauthorized access. | ||
# | # '''Run a Malware Scan''': Check for and remove any malicious software. | ||
# | # '''Log Review''': Investigate security logs for any signs of compromise. [Learn how to search log files|/resources/guides/incident-response-guide/searching-log-files.md]. | ||
For more details, see the [ | For more details, see the [Local Hack section|#hack-local]. | ||
=== Network Security === | === Network Security === | ||
See the | See the [router hardening guide|router-hardening]. | ||
Ensure your network devices are secure by performing the following: | Ensure your network devices are secure by performing the following: | ||
# | # '''Password Update''': Change passwords for routers and Wi-Fi networks. | ||
# | # '''Firmware Update''': Keep your network devices updated with the latest firmware. | ||
# | # '''Disable Remote Management''': Prevent external access to your network devices. | ||
# | # '''Monitor Traffic''': Watch for unusual activity that might indicate a breach. | ||
=== Identify and Lock Down === | === Identify and Lock Down === | ||
Increase your defense against identity theft: | Increase your defense against identity theft: | ||
# | # '''Credit Lock''': Freeze your credit with major credit bureaus to prevent new account openings. [Credit Freeze Guide|https://inteltechniques.com/freeze.html]. | ||
# | # '''Review Digital Footprint''': Check all online accounts for unauthorized access or transactions. [Opt-Out Lists|https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List]. | ||
# | |||
# '''Security Settings''': Update and strengthen security settings on all connected devices. | |||
== Restore == | == Restore == | ||
Recover from a cyber incident by restoring compromised systems and accounts: | Recover from a cyber incident by restoring compromised systems and accounts: | ||
# | # '''Account Recovery''': Reset passwords and set up MFA. Consider using masked emails for sensitive accounts. [password manager guide|/resources/guides/dfp-guide/password-manager]. [MFA setup guide|/resources/guides/dfp-guide/mfa-guide#how-to-enable-mfa]. | ||
# | # '''Data Recovery''': Restore data from backups or use professional data recovery services if necessary. | ||
# | # '''System Reinstallation''': In cases of severe malware infection, reinstalling the operating system on affected devices may be required. | ||
== Report == | == Report == | ||
It’s crucial to report any cyber incident to help prevent future occurrences: | It’s crucial to report any cyber incident to help prevent future occurrences: | ||
# | # '''Financial Institutions''': Inform your bank or credit card issuer about any unauthorized transactions. | ||
# | # '''Law Enforcement''': Report identity theft and other cybercrimes to the police. | ||
# | # '''Notify Affected Parties''': If others are impacted by the breach, inform them to take protective measures. | ||
== Learn == | == Learn == | ||
Enhance your knowledge and preparedness for future incidents: | Enhance your knowledge and preparedness for future incidents: | ||
* | * '''Incident Review''': Understand what happened and why. [Learn from the incident|./incident-response-guide/learning-from-incident]. | ||
[[Category:Cybersecurity]] | [[Category:Cybersecurity]] | ||
[[Category:Incident Response]] | [[Category:Incident Response]] | ||
[[Category:Guides]] | [[Category:Guides]] | ||
Revision as of 07:04, 23 September 2024
Here's the corrected MediaWiki format with the appropriate link hierarchies:
```mediawiki
Cyber Incident Guide for Personal Use
Prevention is the best option! The [Digital Force Protection Guide|dfp-guide] can help you prevent this from happening as well as preparing backups for recovery.
Reacting to a potential cyber incident on personal devices, accounts, and networks
Identify the incident
The first step in responding to a cyber incident is identifying what happened. The steps you take may vary depending on the nature of the incident. Here are some guidelines to help you identify different types of cyber incidents:
- Monitor
- Identify
- Secure
- Restore
- Report
- Learn
- Monitor
Possible Hack
- Return to: [Identify the Incident|#identify-the-incident]
HACK: Online
- Return to: [Identify the Incident|#identify-the-incident]
Q: Are you locked out of your account?
- If YES: Jump to [Secure Online Accounts|#online-accounts] section.
Q: Is your financial account missing money?
- If YES: Jump to [Secure Online Accounts|#online-accounts] section.
Q: Are there changes or activities in your accounts that you didn't make?
- If YES: Jump to [Secure Online Accounts|#online-accounts] section.
HACK: Local
- Return to: [Identify the Incident|#identify-the-incident]
Q: Has your mouse moved or computer turned on without your control?
- If YES: Jump to [Secure Local Devices|#local-devices] section.
Q: Did you get a ransomware message?
- If YES: Jump to [Secure Local Devices|#local-devices] section.
Q: Did you get a fake anti-virus or update message?
- If YES: Jump to [Secure Local Devices|#local-devices] section.
Q: Have you noticed a plugin, toolbar, or application installed that you did not install?
- If YES: Jump to [Secure Local Devices|#local-devices] section.
Q: Is your device running slowly or behaving abnormally?
- If YES: Jump to [Secure Local Devices|#local-devices] section.
Q: Pop-ups on the computer?
- If YES: Jump to [Secure Local Devices|#local-devices] section.
Q: Are your internet searches being redirected?
- If YES: Jump to [Secure Local Devices|#local-devices] section.
LEAK
- Return to: [Identify the Incident|#identify-the-incident]
Q: Is your private information, like photos or personal details, shared online without your permission?
- If YES: Alert family and friends to the leak and advise them to be cautious of anyone attempting to pretend to be you.
- Freeze your credit report to prevent identity theft.
Q: Have personal images, video, or other media been shared online without your permission?
- If YES: Do not engage with the leaker. Identify the source of the leak and lock down the source of the leak. Identify the content that has been leaked. Identify direct links to the leaked content and store them for future reference.
BREACH
- Return to: [Identify the Incident|#identify-the-incident]
Q: Suspect Data Breach?
- If YES:
- Check your email on [1]
- Jump to [Secure Online Accounts|#online-accounts] section.
Q: Have you received any notifications from companies or organizations about a hack of their systems?
- If YES: Jump to [Secure Online Accounts|#online-accounts] section.
PHISHING
- Return to: [Identify the Incident|#identify-the-incident]
Q: Did you receive an email or message requesting personal or financial information?
- If YES: Mark the email as spam and delete it.
Q: Did you click on a suspicious link or download an attachment from an unknown source?
- If YES: Jump to [Secure Your Devices and Network|#network] section.
SCAM
Q: Did someone request money or your banking information from you?
- If YES: Be cautious. Read about finance scams.
- Scammers may pressure you with fear, desire, stress, greed, and other emotions to lower your guard.
Q: Did you send money to the scammer?
- If YES: Consider the money gone, and do not pay the scammer again. Report the incident to the local police department and a complaint with the FTC.
Q: Did you install anything from the scammer?
- If YES: Jump to [Secure Your Devices and Network|#network] section.
Q: Did you give the scammer any personal or sensitive information?
- If YES: Immediately report the incident to the local police department and a complaint with the FTC.
ACCIDENT
- Return to: [Identify the Incident|#identify-the-incident]
Q: Has your device been stolen?
- If YES: Immediately change all passwords for your accounts and enable two-factor authentication for all your accounts connected to the device. Attempt to locate the device using a tracking app or service. Consider factory resetting the device and wiping all data if necessary.
Q: Did you accidentally delete important files or information?
- If YES: Refer to the [Restore|#restore] section for steps on data recovery.
Secure
After identifying the nature of the cyber incident, take the necessary steps to secure your digital environment. [Return to Identify the Incident|#identify-the-incident] for further guidance.
Online Accounts
Secure your online accounts immediately by taking the following steps:
- Change Passwords: Update passwords for all critical accounts and store using a [password manager|/resources/guides/dfp-guide/password-manager].
- Enable Multi-Factor Authentication: Enhance security by enabling MFA. For guidance, see our [MFA setup guide|/resources/guides/dfp-guide/mfa-guide#how-to-enable-mfa].
- Search for a Data Breach: Check your email on [2]; change authentication to any accounts identified or any accounts using the same password as the account in question.
- Specific Accounts to Secure:
- Email Accounts: Prioritize accounts used for account recovery.
- Finance and Banking: High-value targets, especially crypto accounts.
- Mobile Carrier: Secure to prevent SIM swapping.
- Social Media: Prevent impersonation and fraud.
- Remove Online Data Opt-Out Lists [3].
Review additional measures in the [Online Account Hack section|#hack-online].
Local Devices
Take immediate action to secure and analyze your local devices:
- Disconnect from the Internet: Stop further unauthorized access.
- Run a Malware Scan: Check for and remove any malicious software.
- Log Review: Investigate security logs for any signs of compromise. [Learn how to search log files|/resources/guides/incident-response-guide/searching-log-files.md].
For more details, see the [Local Hack section|#hack-local].
Network Security
See the [router hardening guide|router-hardening].
Ensure your network devices are secure by performing the following:
- Password Update: Change passwords for routers and Wi-Fi networks.
- Firmware Update: Keep your network devices updated with the latest firmware.
- Disable Remote Management: Prevent external access to your network devices.
- Monitor Traffic: Watch for unusual activity that might indicate a breach.
Identify and Lock Down
Increase your defense against identity theft:
- Credit Lock: Freeze your credit with major credit bureaus to prevent new account openings. [Credit Freeze Guide|https://inteltechniques.com/freeze.html].
- Review Digital Footprint: Check all online accounts for unauthorized access or transactions. [Opt-Out Lists|https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List].
- Security Settings: Update and strengthen security settings on all connected devices.
Restore
Recover from a cyber incident by restoring compromised systems and accounts:
- Account Recovery: Reset passwords and set up MFA. Consider using masked emails for sensitive accounts. [password manager guide|/resources/guides/dfp-guide/password-manager]. [MFA setup guide|/resources/guides/dfp-guide/mfa-guide#how-to-enable-mfa].
- Data Recovery: Restore data from backups or use professional data recovery services if necessary.
- System Reinstallation: In cases of severe malware infection, reinstalling the operating system on affected devices may be required.
Report
It’s crucial to report any cyber incident to help prevent future occurrences:
- Financial Institutions: Inform your bank or credit card issuer about any unauthorized transactions.
- Law Enforcement: Report identity theft and other cybercrimes to the police.
- Notify Affected Parties: If others are impacted by the breach, inform them to take protective measures.
Learn
Enhance your knowledge and preparedness for future incidents:
- Incident Review: Understand what happened and why. [Learn from the incident|./incident-response-guide/learning-from-incident].