- Frontpage
- INSTRUCTIONS
- PREPARING FOR CRISIS SITUATIONS
- Cyberattack or cyber incident
Cyber-attacks or cyber incidents
PREPARING FOR CRISIS SITUATIONS
BE PREPARED FOR DISRUPTIONS IN VITAL SERVICES!
BE PREPARED FOR DISRUPTIONS IN E-SERVICES, INCLUDING THE ID CARD, THE MOBILE ID AND OTHER MEANS OF AUTHENTICATION!
How can I protect myself, my data and IT systems (including my computer and smart device)?
Update the software of your computer and smart devices in a timely manner and use virus protection.
Download apps only from an official environment: Google Play Store, Apple App Store, Windows Store.
Regularly back up your files on the computer and on the phone and make sure the backup copies work.
Use different strong passwords in different environments and update these regularly.
Use two-tier authentication (read more on the homepage of the Information System Authority)
Do not disclose your personal data or share your personal data with strangers.
Be careful in sharing information about your private life. You should not make the fact that you and your family are on a holiday for several weeks known to strangers via social networks – that may make your home vulnerable to malicious acts.
Do not open unknown e-mails, links and attachments. If someone you know sends a link or an attachment with an unusual manner of communication and/or text, always ask what it is.
Make sure that the webpage on which you need to enter personal data is protected by a secure encrypted connection: the address begins with https (and not http).
Be careful with spelling mistakes in web addresses. For instance, google.com is a safe address, but g00gle.com is not.
Try to avoid using jointly used and public devices. If that is not possible, make sure that you always log out of all the visited and logged-in places.
In the case of an extensive cyber-attack, follow the instructions of the Information System Authority and other institutions.
If you fall victim to a cyber-crime, report that to the police at ... and the Information System Authority’s incident management department CERT-EE at ....
Read more detailed recommendations and instructions on the webpage of the Information System Authority
Phishing letters
What can I do right away?
- If you notice that an e-mail sent by someone you know asks you to open an unknown or oddly titled attachment, do not open it! Ask that someone what it is. Do that via another channel, for instance by phone.
How can I avoid such situations in the future?
- Regard e-mails which require prompt action or which contain threats with suspicion. Do not reply to e-mails which ask you to send money or enter your passwords – that is usually phishing or account fraud.
- Make sure that updates are installed in your computer or smart device. Many offenders look for a non-updated app on your computer through which to gain entry to your computer.
Account taken over
What can I do right away?
- Think whether you have used the password of the overtaken account somewhere else. Make sure to change the passwords in other places and add multi-tier authentication, if possible (read more).
- Let the service provider know that your account has been taken over. Nearly all services have pages where you can report that your account has been compromised and ask for help. For instance:
- https://www.facebook.com/hacked
- https://help.instagram.com
- https://support.google.com/accounts/answer/6294825?hl=en&ref_topic=3382255
- https://getsupport.apple.com/GetSASO?locale=et_EE
- https://support.microsoft.com/et-ee/help/17875/microsoft-account-recover
- https://www.online.ee/faq.php#faq/c_kkk/answer_c_kkk_13
- https://help.zone.eu/kb/avaldus-kontaktandmete-muutmiseks/
- Let your important people know that your account has been taken over and the offender may try to take over their accounts as well.
How can I avoid such situations in the future?
- Use different passwords in different places. If you have many accounts, you can use a password manager (Keepass, 1Password, LastPass, etc.). Make sure to come up with at least one long and complex password for the e-mail account to which all the other services send resetting e-mails.
- Start using multi-tier authentication in as many environments as possible. It is particularly important for the e-mail account to which all the other services send password resetting e-mails.
- Use a well-known virus protection programme and let it check your devices to make sure they are free of malware.
Device is infected with malware
What can I do right away?
- If you can still access the device, find a virus protection programme and try to clean the computer with that.
- If the virus protection programme cannot help you, disconnect the infected device from the net (don’t forget the wireless or the WiFi network).
- If possible, take a picture of the consequences of the malware or document it in some other way and report the incident to the Information System Authority’s incident management department CERT-EE at ... for help and advice.
- Avoid using computers that are infected with malware even it is seems that “it’s not that bad”.
How can I avoid such situations in the future?
- Do not open unknown e-mails, links and attachments.
- If someone you know sends you an e-mail with content or a style of communication which is not characteristic of them, ask them whether they have been infected with malware.
- Regularly make backup copies of important items on your phone and computer and make sure that they work.
- Do not use illegal software. Acquire legal software, use its latest version and install security updates.
- Download software only from the official homepage of the producer.
- Install virus protection only from the homepage of the producer or from the reseller of the official store.
- Download phone apps only from an official environment (Google Play pood, Apple App Store, etc.).
- Do not insert found or unknown pen drives into your computer.