Cybersecurity involves preventing, detecting, and responding to cyberattacks — malicious attempts to access or damage a computer system. Cyberattacks can lead to loss of money, theft of personal information, as well as a damaged reputation and safety, and disrupt business and infrastructure.
Social engineering attack: an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.
Phishing attack: phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization, such as a credit card company or financial institution, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of year, such as:
Epidemics and health scares
Major political elections
What to Do to Protect Yourself Before a Cyberattack
Keep software and operating systems up-to-date.
Protect your smartphone from cyber threats with the NYC Secure app, available for Apple and Android devices.
Protect your personal information. Use strong passwords and two-factor authentication (two methods of verification).
Use antivirus solutions, anti-malware, and firewalls to block threats.
Watch for suspicious activity. When in doubt, don't click. Do not provide personal information.
Use encrypted (secure) internet communications. Use sites that use HTTPS if you will access or provide any personal information. Do not use sites with invalid certificates. Use a Virtual Private Network (VPN) that creates a secure connection.
Create back-up files.
Protect your home and/or business Wi-Fi network.
Limit the personal information you share online. Change privacy settings and do not use location features.
Protect your home network by changing the administrative and Wi-Fi passwords regularly. When configuring your router, choose the Wi-Fi Protected Access 2 (WPA2) Advanced Encryption Standard (AES) setting, which is the strongest encryption option.
During a Cyberattack
Limit the damage. Monitor for unexplained charges, strange accounts on your credit report, unexpected denial of your credit card, posts you did not make showing up on your social networks, and people receiving emails you never sent.
Immediately change passwords for all of your online accounts.
Scan and clean your device.
Consider turning off the device. Take it to a professional to scan and fix.
Let work, school, or other system owners know.
Contact banks, credit card companies, and other financial accounts. You may need to place holds on accounts that have been attacked. Close any unauthorized credit or charge accounts. Report that someone may be using your identity
Check to make sure the software on all of your systems is up-to-date.
Run a scan to make sure your system is not infected or acting suspiciously.
If you find a problem, disconnect your device from the internet and perform a full system restore.
After a Cyberattack
File a report with the Office of the Inspector General (OIG) if you think someone is illegally using your Social Security number. TO file a report, visit www.idtheft.gov. You can also call the Social Security Administration hotline at 1-800-269-0271. For additional resources and more information, visit https://oig.ssa.gov/report.
File a complaint with the FBI Internet Complaint Center (IC3) at www.IC3.gov. They will review the complaint and refer it to the appropriate agency.
File a report with the New York City Police Department so there is an official record of the incident.
Contact additional agencies depending on what information was stolen. Examples include contacting the Social Security Administration if your social security number was compromised, or the Department of Motor Vehicles if your driver's license or car registration has been stolen.
For more information on identifying and identifying threats, visit US-CERT's Alerts and Tips page.
What the City Does
NYC Cyber Command, in conjunction with other City agencies, works to eliminate cyber threats and cascading impacts following a cyber incident.
NYC Cyber Command is a centralized organization created by Executive Order to lead the City's cyber defense efforts, working with more than 100 agencies and offices to prevent, detect, respond to, and recover from cyber threats. NYC Cyber Command is committed to protecting NYC infrastructure and critical systems from malicious attacks through the use of the latest technologies, public-private partnerships, and regular training and exercises for City employees.
NYC Secure App (NYC Cyber Command/NYC Department of Information & Telecommunications)