Protect Yourself & Your Business From Cyber Attacks
Six principles every person and organization can follow, with no budget required.
Always carefully review and verify any emails, web links, face-to-face requests, mail, phone calls, or text messages that ask for personal or sensitive information. Be cautious of unexpected requests or messages that create a sense of urgency.
Enable two-factor authentication (2FA) wherever possible for your email, web accounts, and other online platforms. This adds an extra layer of security by requiring a second form of verification (such as a fingerprint or a text message code) in addition to your password.
Verify the legitimacy of sources before responding or providing any personal information. Double-check email addresses, website URLs, phone numbers, and text message senders to ensure they are legitimate and not impersonating someone else.
Be cautious about sharing personal information, financial details, or sensitive data, especially with unsolicited requests through email, web, face-to-face, mail, phone call, or text. Avoid providing information unless you are certain of the authenticity of the request.
If you suspect any suspicious activity or feel that you are being taken advantage of, report it to the appropriate authorities: your bank, the police, or the relevant online platform. Don't hesitate to seek help and report any potential scams or fraud.
Stay informed and educated about common scams and tactics used by bad actors through email, web, face-to-face, mail, phone calls, or text. Keep yourself updated with the latest security measures and best practices to protect your personal information and financial assets.
Trusted resources for individuals and small businesses: free, open source, and privacy-focused.
A free, end-to-end encrypted email service based in Switzerland. Your emails are encrypted so that not even Proton can read them. A great first step toward private communication.
A browser extension that adds OpenPGP email encryption to webmail providers like Gmail, Yahoo, and Outlook, protecting your messages end-to-end without switching email providers.
Password Managers
A free, open-source password manager that stores all your passwords securely in an encrypted local database. No cloud required; your data stays on your device.
Secure Messaging
End-to-end encrypted messaging and voice/video calls. Signal is the gold standard for private communications, trusted by journalists, security professionals, and everyday users alike.
Security Training
Free online cybersecurity awareness training designed to educate individuals and teams on phishing, social engineering, safe browsing, and best practices. No technical background required.
VPN Services
A no-logs VPN service focused entirely on anonymity. Mullvad doesn't require an email address to sign up and accepts cash payments, making it one of the most privacy-respecting VPNs available.
Web Browsers
A fast, privacy-first web browser that blocks ads and trackers by default. Built on Chromium, so it works with most Chrome extensions while protecting your browsing data.
Always growing: We continuously review and vet new resources. Check back regularly as this list grows.
Official government and law enforcement resources. Report it; don't ignore it.
The U.S. government's lead agency for cybersecurity. Report vulnerabilities, infrastructure threats, and get guidance, alerts, and free resources for organizations of all sizes.
Visit CISA.govThe FBI's central hub for reporting all types of internet crime. If you've been a victim of an online scam, fraud, or cyber attack, file a complaint here regardless of dollar amount.
Visit IC3.govFraud targeting businesses through email, including fake invoices, wire transfer scams, and executive impersonation. Report to the FBI's Internet Crime Complaint Center.
Report at IC3.govSomeone used your personal information (Social Security number, credit card, or other ID) without your permission. The FTC guides you through recovery step by step.
Report at IdentityTheft.govDeceptive emails, texts, or websites designed to steal your credentials or personal data. Report phishing emails directly through the FBI's Internet Crime Complaint Center.
Report at IC3.govReport online exploitation, child sexual abuse material (CSAM), or enticement of minors to the National Center for Missing & Exploited Children's CyberTipline.
Report at NCMEC CyberTiplineMalicious software has encrypted your files and attackers are demanding payment. Report immediately to CISA and the FBI. Do not pay the ransom before consulting authorities.
Report at CISA.govCaller ID or email address has been faked to impersonate a trusted entity such as a bank, government agency, or known contact. Report phone spoofing to the FCC.
Report at FCC.gov