U.S. Department of Justice Cyber Attack Manual – 3 Guidelines for Consumers
The U.S. Department of Justice recently released a manual with best practices for victims of cyberattacks. The guidelines are aimed at helping companies either avoid cyberattacks or minimize the damage to the organization and consumers should a cyberattack occur.
These best practices come in the wake of close to one billion online records being compromised in 1,922 confirmed incidents throughout 2014, including high profile data breaches such as Home Depot, JPMorgan Chase, Michaels and Neiman Marcus. The compromised records consist of usernames, passwords, credit card numbers, Social Security numbers and more. Data breaches and other online security attacks show no signs of slowing down and it’s only a matter of time until we see headlines about another major brand compromised by cybercriminals.
While most of the guidelines in the Department of Justice manual target businesses specifically, the same guidelines can be applied to consumers following data breaches and other cyberattacks. These include:
- Do not use the compromised system to communicate – while businesses are encouraged to avoid communicating on systems that have been compromised, the same applies to consumers. If a consumer’s credit card has been compromised, he or she should cancel or stop using the card. Alternatively, if an online account is hacked, the consumer must avoid sharing any additional information or making transactions on that account.
- Continue to monitor your system for anomalous activity – once cybercriminals have compromised a system or identity, they will likely continue to attack. Businesses must monitor their systems for continued attacks, while consumers should watch out for red flags such as new accounts appearing on a credit report, suspicious withdrawals or charges on bank statements and signs that confidential or internal data is missing. All of these are signs your identity continues to be targeted following a cyberattack.
- Conduct a post-incident review to identify deficiencies in planning and execution of your incident response plan – following a cyberattack, businesses must get to the root of the problem to avoid future attacks. Did an internal party compromise the system or was the business lax in implementing integrated security measures. Consumers must also identify any deficiencies in their online security measures if identities are compromised. This includes assessing password strength, how much information is shared online and whether or security software is installed and updated.
Given continued online attacks, how can consumers stay protected? Consumers should report any red flags right away, check online accounts regularly for suspicious activity and assess their online security measures to ensure they are taking all steps possible to avoid cyberattacks.
The most effective way for consumers to keep online information protected is to put preventative measures in place. To ensure all bases are covered, an all-in-one security solution, such as Ad-Aware Total Security, provides anti-malware, anti-spam, anti-phishing, and much more – ensuring complete online protection.
By Andy Browne, malware labs director, Lavasoft