The U.S. Department of Justice recently released a manual with best practices for victims of cyberattacks. The guidelines are aimed at helping companies either avoid cyberattacks or minimize the damage to the organization and consumers should a cyberattack occur.
These best practices come in the wake of close to one billion online records being compromised in 1,922 confirmed incidents throughout 2014, including high profile data breaches such as Home Depot, JPMorgan Chase, Michaels and Neiman Marcus. The compromised records consist of usernames, passwords, credit card numbers, Social Security numbers and more. Data breaches and other online security attacks show no signs of slowing down and it’s only a matter of time until we see headlines about another major brand compromised by cybercriminals.
While most of the guidelines in the Department of Justice manual target businesses specifically, the same guidelines can be applied to consumers following data breaches and other cyberattacks. These include:
- Do not use the compromised system to communicate – while businesses are encouraged to avoid communicating on systems that have been compromised, the same applies to consumers. If a consumer’s credit card has been compromised, he or she should cancel or stop using the card. Alternatively, if an online account is hacked, the consumer must avoid sharing any additional information or making transactions on that account.
- Continue to monitor your system for anomalous activity – once cybercriminals have compromised a system or identity, they will likely continue to attack. Businesses must monitor their systems for continued attacks, while consumers should watch out for red flags such as new accounts appearing on a credit report, suspicious withdrawals or charges on bank statements and signs that confidential or internal data is missing. All of these are signs your identity continues to be targeted following a cyberattack.
- Conduct a post-incident review to identify deficiencies in planning and execution of your incident response plan – following a cyberattack, businesses must get to the root of the problem to avoid future attacks. Did an internal party compromise the system or was the business lax in implementing integrated security measures. Consumers must also identify any deficiencies in their online security measures if identities are compromised. This includes assessing password strength, how much information is shared online and whether or security software is installed and updated.
Given continued online attacks, how can consumers stay protected? Consumers should report any red flags right away, check online accounts regularly for suspicious activity and assess their online security measures to ensure they are taking all steps possible to avoid cyberattacks.
The most effective way for consumers to keep online information protected is to put preventative measures in place. To ensure all bases are covered, an all-in-one security solution, such as Ad-Aware Total Security, provides anti-malware, anti-spam, anti-phishing, and much more – ensuring complete online protection.
By Andy Browne, malware labs director, Lavasoft
About Lavasoft
Lavasoft is the maker of Ad-Aware, the world’s No. 1 free antivirus software. Founded in 1999, Lavasoft is the original anti-malware company, creating award-winning, free security and privacy software. Born of the belief that online security should be available to everyone, Lavasoft offers millions of users maximum protection for their computers and online identities. With nearly 500 million downloads, its flagship product Ad-Aware has blocked and removed billions of threats, saving consumers from all forms of attacks and malware – including viruses, spyware, adware, phishing and drive-by downloads. Lavasoft is a global company with operations in North America and Europe. For more information, visit www.lavasoft.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.