3 mistakes to avoid when reporting cyber blackmail
The first few minutes, hours, and days following a cybercrime are often crucial for victims to recover their data and move on from the incident. Cyber blackmail, similar to hacking and other online crimes, tends to become a looping nightmare if not reported in a timely and proper way. People who experience a cyber-attack commonly make specific mistakes in a state of frenzy while reporting cyber blackmail. Here are a few of them to avoid:
Not ceasing system activities that destroy blackmail evidence
This mistake applies to a whole host of failed cyber-attack responses. The activities that destroy critical evidence for investigation departments include:
- Continued system usage after receiving a blackmail threat
- Multiple account lockouts due to multiple antivirus alerts
- Clicking on suspicious links
- Opening shady emails despite a cyber threat.
Employees and desk staff not well-versed with cybersecurity protocols should pause all activities, including installing software, running antivirus or cleaning tools, or making various system adjustments. These activities can overwrite information that investigators may use as evidence of blackmail. To address this issue, the in-house staff of any organization must receive training to document any online activities. This documentation can be useful if those actions also become a part of the investigation.
Nonexistent data
The incident response process heavily depends on the pieces of evidence that an organization has saved after receiving a blackmail threat. A significant mistake is to complete a system reboot to ward off the threat. Unfortunately, this does nothing but erase the information the incident response team would have otherwise used to assess the impact, contain the cyber-attack damage within time, and track down the malicious element that set off the blackmail threat. As with the first point, evidence of an attack is the most valuable resource in the immediate aftermath of a cyber blackmail attack.