Cybersecurity

cybersecurity awareness month logo
Cyber Survival Guide header
National Cybersecurity Alliance logo
Campground cartoon drawing is in the background

Wooden signpost illustration that reads: "So you think you were PWNED (password compromised)...

The spirit of adventure beckons you online!

You have fun­ny GIFs to find, emails to ignore, pants to buy. But we all know that per­ils lurk in the dark cor­ners of the web, and, even when you try to main­tain good habits, you can encounter packs of cyber­crim­i­nals and mali­cious soft­ware.

What is there to do? Don’t despair! We’re here to help! Use the fol­low­ing as a sur­vival guide for when you think you down­loaded a virus, when you sus­pect an online account has been hacked, or a cyber­crim­i­nal is threat­en­ing to delete all your files unless you hand over some cryp­tocur­ren­cy.

With all these mishaps, the most com­mon way hack­ers get access to your pri­vate dig­i­tal life is through phish­ing – no, not the kind at a lake. Keep­ing your wits about you when a sus­pi­cious mes­sage slith­ers its way into your inbox can help you douse a hack­ing attempt before it ignites into some­thing more seri­ous.

Along our journey, we’ll tell you what to look out for so cybercriminals can’t set a hook in your data!

Campsite with backpack, tent, and campfire
Wooden signpost illustration that reads: "If you think your device has a virus..."

You’ve probably heard spine-tingling tales around the digital campfire about computer viruses and the chaos they leave in their wake.

Slug­gish devices, sen­si­tive infor­ma­tion pur­loined, a lap­top trans­formed into an expen­sive, inop­er­a­tive paper­weight. Virus­es and mal­ware are very real haz­ards swarm­ing around the inter­net, but you can bush­whack them away with con­cert­ed action and a qual­i­ty antivirus pro­gram, and then you can take proac­tive action to keep their ten­drils from vin­ing around your device!

Common symptoms of a computer virus:

  • Sud­den­ly slow com­put­er per­for­mance

  • Com­put­er unex­pect­ed­ly shut­ting down or restart­ing

  • Over­worked hard dri­ve caus­ing your com­put­er’s inter­nal fan to run often

  • Fre­quent error mes­sages and unex­pect­ed pop-up win­dows

  • Unknown appli­ca­tions (like web brows­er tool­bars) that appear with­out you down­load­ing them

  • Fre­quent sys­tem crash­es

  • Lag­ging web brows­er or your web brows­er con­stant­ly redi­rects

  • Mal­func­tion­ing antivirus pro­grams or fire­walls

  • Miss­ing files

Campsite with backpack, tent, and campfire

What to do if you think you have a virus:

1. Run a full sys­tem scan with your antivirus soft­ware.

2. Restore your com­put­er to an ear­li­er back­up if you can­not delete the infect­ed files. Run a full sys­tem scan again.

3. Delete all the tem­po­rary files on your device.

4. Go Safe Mode: if you can­not delete all the tem­po­rary files, try boot­ing up your sys­tem in “Safe Mode” and attempt to delete them again.

5. If you still can­not get rid of the virus, wipe the entire hard dri­ve and rein­stall your oper­at­ing sys­tem.

This is called “reimag­ing your machine” and will delete all your files and doc­u­ments (which is why we rec­om­mend prac­tic­ing good back­up habits). Although there are rare instances where a com­put­er virus sur­vives a dri­ve reimag­ing, this will gen­er­al­ly elim­i­nate the vast major­i­ty of virus­es.

Wooden signpost illustration that reads: "If you think your account has been hacked..."

Fear­less inter­net explor­ers, you have the pow­er to reclaim your online accounts even if a hack­er sneaks in! With some quick, sure-foot­ed action, you can shoo cyber­crim­i­nals out of your social media, email, or oth­er account and push them back into the dig­i­tal wilder­ness. Let’s look at how you can iden­ti­fy if one (or sev­er­al) of your accounts have been com­pro­mised and how you can restore order to your online base­camp.

Look out for tell-tale signs that your account has been hacked.

  • Your social media pro­file pub­lish­es posts that you didn’t cre­ate

  • Your social media pro­file sends phish­ing DMs to fol­low­ers encour­ag­ing them to click on a link, down­load an app, or buy some­thing

  • Friends and fol­low­ers tell you that they’ve received emails or mes­sages that you nev­er sent

  • A com­pa­ny alerts you that your account infor­ma­tion was lost or stolen in a data breach

Campsite with backpack, tent, and campfire

What to do if you think your account has been hacked:

1. Change the accoun­t’s pass­word right away.

You can often lock out a cyber­crim­i­nal by chang­ing the accoun­t’s pass­word. Unfor­tu­nate­ly, this can also work the oth­er way around: the hack­er might change the pass­word and lock you out. If this hap­pens, use the accoun­t’s “For­got my Pass­word” func­tion to reset it. If more help is need­ed, con­tact the online plat­form or web­site ASAP about the sit­u­a­tion.

2. Noti­fy your con­tacts that your account was hacked and that they might receive spam mes­sages that look like they came from you.

Instruct your friends, fam­i­ly, col­leagues, fol­low­ers, and oth­er con­tacts not to open these mes­sages or click on any links con­tained in them. When the sit­u­a­tion is cleared up, let every­one know that your accounts are secure again.

3. Run a full sys­tem scan of your com­put­er using your antivirus soft­ware.

4. Get help.

If you sus­pect some­one has stolen mon­ey from you, con­tact your bank and the local police. If a work account was com­pro­mised, con­tact your com­pa­ny’s IT depart­ment. If you think your iden­ti­ty was stolen, con­tact the three cred­it bureaus and the FTC. Con­tact the respec­tive online plat­form regard­ing the hacked account. Con­tact trust­ed friends and fam­i­ly about the mat­ter so they can be on the look­out for weird com­mu­ni­ca­tions from your online pro­files.

Wooden signpost illustration that reads: "If you are infected with ransomware..."

Unlike white-water raft­ing, ran­somware is an adren­a­line rush no one wants to have. Pic­ture this: you savor­ing your morn­ing cup of cof­fee, fire up your com­put­er, and dis­cov­er that you can’t access any of your pre­cious files along with a taunt­ing mes­sage from nasty hack­ers say­ing your data will be toast unless you pay a ran­som. This means you’ve been struck by ran­somware, a seri­ous crime that has recent­ly been on the rise. Here are some tech­niques to take on dig­i­tal hostage-tak­ers.

1. Stay calm and focused. Hack­ers want to send you into a state of pan­ic – don’t let them! By main­tain­ing your cool, you can make more informed deci­sions. Even if the sit­u­a­tion is dire, a calm approach will ensure you are tak­ing stock of all your options.

2. Take a pho­to of the ran­somware mes­sage for evi­dence.

3. Quar­an­tine your device by dis­con­nect­ing from Wi-Fi and unplug­ging any eth­er­net cables. Remove any exter­nal hard dri­ves or thumb dri­ves ASAP because many ran­somware pro­grams will try to cor­rupt your back­ups.

4. Check your antivirus soft­ware to see if it has decryp­tion tools to remove the ran­somware. Depend­ing on the mal­ware, your antivirus soft­ware might be able to decrypt your data with­out requir­ing you to pay a ran­som to any­one. Even if you can’t undo the encryp­tion, the soft­ware might be able to iden­ti­fy the strain of ran­somware which will help with the inves­ti­ga­tion.

5. Wipe your hard dri­ve and rein­stall your oper­at­ing sys­tem. Ide­al­ly, you will have backed up your files on the cloud or an exter­nal hard dri­ve. Wip­ing your hard dri­ve will elim­i­nate every­thing you saved on your com­put­er, but it might also elim­i­nate the ran­somware pro­gram, too.

6. Report the ran­somware attack to your local police depart­ment, the FBI, CISA, and the U.S. Secret Ser­vice.

7. Should you pay the ran­som? We rec­om­mend nev­er pay­ing out dur­ing a ran­somware attack because it only fuels more cyber­crime. If you have exhaust­ed every option and you believe the files being held hostage are worth the ran­som, con­sid­er that there is no guar­an­tee that the cyber­crim­i­nals will decrypt your files even if you pay. Con­sult with law enforce­ment, cyber­se­cu­ri­ty pro­fes­sion­als, and legal advi­sors to assess the sit­u­a­tion and make an informed deci­sion.

8. Once you have con­trol of your device again, change all your pass­words because the hack­ers could’ve looked through pass­words saved on your web brows­er or else­where.

Wooden signpost illustration that reads: "Be Prepared"

As with most things in our real and online lives, pre­vent­ing hack­ing is eas­i­er than deal­ing with the fall­out after it has hap­pened in the major­i­ty of cas­es. By prac­tic­ing some good cyber hygiene behav­iors, you can stay on the trail head­ed to amaz­ing inter­net expe­ri­ences!

Most of the unfor­tu­nate events described in this guide are caused by a phish­ing attack, which is when a cyber­crim­i­nal sends you an email, mes­sage, social media post, or text that includes a mali­cious down­load or link. If the hack­er can trick you into click­ing, you risk down­load­ing a virus, los­ing con­trol of an account, or becom­ing held hostage by ran­somware.

Here are some common signs of a phishing message:

  • Does it contain an offer that’s too good to be true?

  • Does it include language that’s urgent, alarming, or threatening?

  • Is it poorly crafted writing riddled with misspellings and bad grammar?

  • Is the greeting ambiguous or very generic?

  • Does it include requests to send personal information?

  • Does it stress an urgency to click on unfamiliar hyperlinks or attachments?

  • Does the sender’s e‑mail address match the company it’s coming from?

  • Look for little misspellings like pavpal.com or anazon.com.

Cybersecurity tips displayed on campsite-style signposts.
Down­load this Guide [PDF]

Start typing and press enter to search