When it comes to educating customers about cybersecurity threats, current events can underscore the urgency of building defenses against cyberattacks. A recent example is Russia’s malicious cyberattacks on Ukraine which, according to U.S. agency reports, have included attacks on energy sources, supply chain disruptions and financial data theft. Such attacks highlight the danger of digital crimes that can extend far beyond a country’s borders.
While preventing such attacks is ideal, when a distraught customer calls you and tells you they fear – or know – the worst has happened, quick and decisive action is crucial. As a first responder, here’s how to advise clients on a variety of situations – starting with the right authorities to contact for more detailed advice.
Your client suspects identity theft
- Advise them to place a fraud alert or credit freeze on their accounts, after which they should contact any supplier, bank or institution directly involved. Then contact the FTC and file an Identity Theft Affidavit and create an Identity Theft Report. Reports can be filed by calling (877) 438-4338 or by going to IdentityTheft.gov.
- Armed with these documents, they should contact local law enforcement and file a police report.
- If your client’s Social Security number is compromised, they should contact the Social Security Administration at (800) 269-0271 and the IRS at (800) 829-0433.
- If all or part of the theft or fraud was committed by mail, or if fraudulent change of address forms are discovered, contact the Postal Inspection Servicethe law enforcement and security branch of the Postal Service.
The client’s computer has been compromised
- Advise them not turn off or restart the device, as this may make it more difficult to turn it back on. Instead, immediately disconnect the device from the internet, either via Wi-Fi or a physical outlet. These steps are important to prevent possible data loss and/or a potential attack from migrating from the affected computer to another device in the environment.
- Unplug any external drives connected to the device, especially if the external drive contains backup data. Customers should take note of all sites they were connected to when the event occurred, as a cyberattacker will likely see exactly what your customer is able to see on screen. They should then connect to these sites from a separate computer and, at a minimum, monitor them for suspicious activity.
- To further protect accounts, customers should reset passwords and enable multi-factor authentication, if it is not already enabled. Advise customers to run a malware removal tool if they have one. If they don’t, they can reconnect to the internet and download one here.
Client’s computer was encrypted by ransomware
- If this happens, the customer will likely be cut off from accessing their computer and therefore unable to remove the ransomware or access data backups. At this point, they have a decision to make: either pay the ransom or not pay it. If they have good backups of all their data, they can choose not to pay the ransom. Instead, they can erase the affected device and restore the data, which should result in minimal or no loss.
- If they don’t have good backups and the data on the machine is too valuable to lose, paying the ransom might be the best option. However, the customer should understand that payment does not guarantee that they will be able to fully recover the data. Attackers don’t always play fair and even after receiving the money they may not provide the correct key, or no key at all, or the key may fail to decrypt the device.
- After the machine is restarted, advise them to install a good anti malware tool.
Your client’s password(s) have been compromised
- If they receive multi-factor authentication requests that they did not request or notice abnormal logins to an account, customers should assume that their credentials have been compromised.
- Ask them to decline any MFA request they receive, then log in to the site and change the password immediately. When doing so, choose the option – if it appears – to force all current sessions to log out immediately to thwart a bad actor who might already be logged into the account.
- Going forward, customers should be on the lookout for any other signs of abnormal activity or connection. Since email addresses are the most common usernames for websites and apps, discourage them from using the same password for multiple accounts. Using a password manager can help effectively manage a larger volume of unique and complex passwords. This tool can help identify if account credentials have been affected by a previous compromise.
Eternal Vigilance Cheat Sheet
Prevention is always better than cure. Educating your customers about cybercrime can reduce the chances of you receiving a panicked call. Here are the key areas to act on.
- Reinforce daily precautions: here is a reminder on good practices for everyday use of the web.
- Raise awareness of common cybersecurity threats: Phishing attacks, domain spoofing, and watering holes are three common hacking techniques, but there are others. methods which can be easily identified.
- Highlight the warning signs of identity theft: With the volume of personal data that resides online, customers may not be aware of identity theft until significant damage has been done . Learn more about customer support prevent and treat identity theft.
- Educate customers about investment scams: Your customers should be aware that cyberattacks are not limited to identity theft and data breaches, but can also involve fraudulent investment products or financial advice. The SEC publishes newsletters regularly inform the public about new and ongoing scams, as well as resources to combat and report them.
- Make sure offline information also stays secure: While it seems like a no-brainer, ask customers to keep all financial documents, personal records, and valuables in secure places at home or in safe deposit boxes.