SkipToMainContent

Emerging Threats

Cyberattacks on the rise: What to do before and after a cyberattack or data breach

New year, new cyber threats.

You might have resolved to increase your cyber safety in 2020, but you also understand that many threats to cyber safety are often beyond your control.

Even so, like a lot of Americans, you probably want to take steps to help protect what’s yours — like your devices, identity, online privacy, family and home. That’s why it’s smart to help protect your internet-connected devices and guard your sensitive personal information.

You can’t prevent a cyberattack or a data breach — either one could involve your personal information, and both could affect your well-being. But you can do things to minimize those threats and react to bad news.

Here’s what you need to know about navigating potential cyberattacks and data breaches.
This article describes steps you can take to help protect yourself against cyberthreats in 2020 and beyond.

How are cyberattacks and data breaches different?

A cyberattack occurs when cybercriminals try to gain illegal access to electronic data stored on a computer or a network. The intent might be to inflict reputational damage or harm to a business or person, or theft of valuable data. Cyberattacks can target individuals, groups, organizations, or governments.

A data breach is a type of security incident. It occurs when information is accessed without authorization. The information accessed could include personal information such as Social Security numbers, passwords, and financial account numbers. The breached information is sometimes sold or traded on the dark web and can be used to commit crimes like identity theft.

A cyberattack often happens first. A data breach might follow. Both incidents can have an impact on you. The damage could range from lost data on your laptop to blocked access to certain government services.

Who are cyberattackers? They can include anyone from individual snoops or cybercriminal operations to government-sponsored groups.

Here’s a statistic to consider: Between 2015 and 2017, the United States was the No. 1 target in the world for state-sponsored attacks.

What states are most at risk for cyberattacks?

Cyberattacks can occur anywhere in the United States, but some states are at a greater risk for cyberattacks than others.

Security.org analyzed 2016-2017 FBI cyberattack data, state data reported to the National Governors Association for spending on cybersecurity, and the safety of each state’s election system.

Based on Security.org’s analysis, these are the 10 states most at risk for cyberattacks.

  1. Hawaii
  2. Pennsylvania
  3. Nevada
  4. Florida
  5. Wisconsin
  6. Arizona
  7. New Jersey
  8. Alaska
  9. Colorado
  10. Tennessee

Rhode Island ranked No. 50 on the list, making the Ocean State the state least at risk for cyberattack, based on the 2016-2017 data.

State rankings change from year to year, Security.org says, but “where you live may well play a role in the level of cyber risk you’re exposed to every day.”

What should I do to help protect myself before a cyberattack or data breach?

It’s smart to develop strong cyber safety habits to help prepare for a cyberattack or data breach. Large-scale attacks and breaches might occur at major organizations, but it’s also important to secure your personal information and networks.

Here are three steps you can take.

1. Protect your files and devices

Keep your software up to date. Keeping your security software, web browser, and operating system updated to the latest version. Updates patch security holes that cybercriminals could exploit to access your personal information or infect your devices with malicious software.

Secure your files. You can choose one or more ways to back up your important documents. Your choices include external hard drives, flash drives, backup services, and in the cloud.

Encrypt your devices. You probably have sensitive personal information on your devices, including laptops, tablets, and smartphones. Consider encrypting those files. Encryption scrambles readable text, so only someone who has the decryption key can access and read it.

Use multifactor identification. Multifactor identification (also called two-factor authentication) can help prevent cybercriminals from accessing your accounts. Take the extra security step to enable multifactor authentication on any account that requires login credentials. Often, a security code will be sent to your smartphone to complete the log-in process.

2. Protect your wireless network

Secure your router. Some routers come with a default password, and cybercriminals might already know what it is — meaning your network would be at risk. Change the password on your router to something a cybercriminal would be unlikely to guess.

Use strong encryption. There are different types of encryption. Make sure your router offers WPA2 or WPA3 encryption. Both are strong forms of security. Encryption protects information sent over your network so it can’t be read by outsiders.

3. Practice smart cyber security habits

Use strong passwords. Make your passwords strong and unique. A strong password contains at least 12 characters, including letters, numbers, and special symbols. Avoid using the same password on more than one account.

Use a VPN. A virtual private network — better known as a VPN — can help protect against online threats. A VPN gives you online privacy and anonymity by creating a private network from a public internet connection.

Stay current. It’s a good idea to keep up with cyberthreats, in part, because they continue to evolve. Staying current on news and developments is one way to help prepare to react to new cyberthreats.

What should I do before and after a cyberattack or data breach

Even if you have a heightened awareness of possible cyberattacks and data breaches, it’s hard to know exactly how they might affect you until they happen. Each cyberattack or data breach event is different, and different types of data may be exposed or vulnerable depending on what type of attack occurs. How you react and recover will depend on the individual circumstances.

You can apply these six steps to different types of data breaches and cyberattacks. Cybercriminals might target different organizations, including government offices, health care facilities, financial institutions, colleges and schools.

1. Confirm the breach and find out whether your information was compromised.

It’s important to take action quickly. Contact the breached organization and pay attention to any statements from the breached organization to find out if your data is part of the information involved in the security incident.

2. Find out what type of data was stolen or affected.

The type data of data impacted could guide your next steps. For instance, you might consider monitoring your accounts for unauthorized activity, changing your password, or placing a credit freeze on your accounts.

3. Accept the breached organization’s offers to help.

Breached organizations often offer help. They may offer credit monitoring or identity theft protection services, for instance. Consider whether the services are right for you.

4. Change and strengthen your login credentials and passwords.

To help protect your accounts, change your passwords and make sure they’re strong and complex. Be sure to strengthen your login credentials, passwords, and security questions-and-answers.

5. Contact the right people and take additional action.

It’s a good idea to reach out to the breached organization to seek help with your recovery. You might contact other organizations, too. For instance, you can obtain free credit reports from AnnualCreditReport.com to watch for any suspicious or unfamiliar credit activity. Or you might consider placing a fraud alert or credit freeze on your accounts with the three major credit bureaus.

6. Stay alert. Monitor your accounts.

The steps you should take after a cyberattack or data breach often depend on the category of the targeted organization and the type of damage done or information revealed. Also, be alert for phishing attempts from cyberthieves who may contact you by phone or email, claiming to be from the breached company, trying to trick you into providing personal information.

How likely are cyberattacks and data breaches

It’s impossible to say how, when, or how often cyberattacks and data breaches are likely to occur. A heightened awareness that they can happen at any time can help you to prepare and to recover.

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.