Protecting Your Information Post-Disaster


By Jay Gamble, CISA Region 4 Director

When disasters strike, like the recent swath of tornados in the Southeast, it often brings out the very best humanity has to offer. Whether its neighbors helping neighbors, community groups opening their doors to those in need, or government agencies partnering at all levels to help deliver aid and support, we are able to come together for a greater purpose.

There are those, however, who would rather capitalize on the trauma and confusion caused by these situations to scam and bilk businesses and individuals alike. Hackers and online criminals can and will send fraudulent emails offering assistance or even requesting donations under false pretenses. These messages can appear legitimate but will often include malicious links or attachments designed to steal information.

Although it can be difficult to tell what is and isn’t an online scam, here are four tips everyone can follow both year-round and after a disaster to help ensure they aren’t the next victim of an online scam:

  • Think before you click: If a link or an attachment looks suspicious or comes from a source you don’t recognize, don’t click on it! Phishing emails are one of the most-used methods for hackers to gain access to your accounts or to upload malicious software. Also don’t forget to report phishing attempts to your email service provider.
  • Different accounts, different passwords: Remembering dozens of passwords can be a pain, but by using the same password across all your accounts, it makes it much easier for bad actors to gain access to your information. Make sure to use only complex passwords (10-15 characters with a mix of upper- and lowercase letters, numbers and special characters) and change them on a regular basis. If keeping track of that many passwords is challenging, trying using a password manager to store them.
  • Enable multifactor authentication: Want an added level of protection in case your password is compromised? Turn on multifactor authentication (MFA)! Whether it’s an email, text message or phone call, adding that one extra step will help control access to your accounts and will make it that much more difficult for scammers to steal your personal information. 
  • Update, update, update: Hackers and cyber criminals are always on the prowl for the latest vulnerability in the apps and operating systems running laptops, cellphones, tablets and servers. That’s why it’s incredibly important to keep all software current with the latest security patches and updates. When dealing with a disaster situation, the last thing anyone wants to deal with is security updates on devices, so take the preventative step and simply enable automatic updates whenever possible.

In addition to using these four tips, small business owners need to take a few extra steps to minimize the cyber risks they may face after a disaster, such as providing cybersecurity awareness training to all employees or having an established incident response plan that is regularly reviewed and exercised. More helpful tips and guidance can be found on CISA’s Cyber Guidance for Small Businesses webpage.

As victims of a natural disaster or any other serious incident begin the process of assessing damage to their homes, businesses, schools and places of worship, their focus needs to be on recovery, not worrying about online scams. By following these four simple steps, they can keep their attention on where it truly matters—rebuilding their communities.