3 Things You’ll Need Most If a Cyberattack Hits You

🔎 What Counts as a Cyberattack?

A cyberattack is any unauthorized access to your email, bank account, phone, or computer. Common examples include ransomware (locking your files), phishing (fake messages that steal logins), and data breaches (your information gets taken). It can hit anyone — individuals, families, small businesses, even critical services. State-aligned groups (including those shielded by Communist China) and criminal gangs all use versions of the same playbook: steal credentials, sneak in quietly, and create leverage through data theft or disruption.

1) 🧭 Clarity — See What’s Going On

When something feels wrong, your first lifeline is clarity. Guessing wastes time; clarity turns panic into a plan.

• Spot the signals: strange login alerts, files suddenly renamed or encrypted, charges you don’t recognize, “new device signed in” notices.
• Make a simple incident log: write down what you see (with times), take screenshots of warnings, and note which accounts/devices look affected.
• Map the “blast radius”: which accounts (email, banking, social), which devices (phone, laptop), which files (tax docs, client lists) are touched?

Why it matters: clarity tells you what to isolate, what to shut down first, and where to focus your recovery. It’s the difference between chaos and control.

2) 🧯 Control — Stop the Damage

Once you know what’s happening, contain it. Think of this as putting a firebreak around the flames.

• Isolate compromised devices: turn off Wi-Fi/ethernet; if necessary, power down the device until a scan/recovery can be done.
• Change passwords immediately: start with email (your account-reset hub) and banking, then move to other accounts. Use unique passphrases.
• Enable Multi-Factor Authentication (MFA): SMS codes, authenticator apps, or passkeys stop a lot of stolen-password attacks cold.
• Revoke suspicious sessions/tokens: sign out of all devices, reset app passwords, and revoke third-party access you don’t recognize.
• Update/patch: apply OS and app updates — many attacks walk through old, unpatched holes.

Tip: if a workplace or family member’s device is involved, coordinate — your “control” step is stronger when everyone closes the same doors at once.

3) 🛟 Lifeline — Recover Fast

The best recovery is one you’ve rehearsed. Modern attackers often steal data (not just encrypt it), then threaten to leak it. That’s why a real lifeline needs both backups and a clear restore plan.

• Use layered backups: cloud + offline (external drive). Keep at least one copy that’s immutable (can’t be altered by malware).
• Prioritize what matters: ID documents, taxes, family photos, client records. Know where they live and how you’ll restore them.
• Test restores: practice getting a file back. A backup you’ve never tested is a wish, not a plan.
• Document the steps: who does what, in what order, and how you verify systems are clean before reconnecting.

Reality check: backups don’t stop extortion if data was stolen, but they keep you operational and slash the pressure to pay.

🧩 Prepare Now (Before Anything Happens)

• Turn on login alerts for email and banking; review them weekly.
• Use MFA everywhere you can. Prefer passkeys or an authenticator app.
• Keep devices updated (auto-update on).
• Back up important data (cloud + offline) and test a restore every quarter.
• Make a short plan with family/caregivers: who to call, which passwords to change first, where the backups are.
• Be skeptical of urgency (banking, shipping, prize, CRA/IRS). Slow down before you click.

🚨 If You’re Under Attack Right Now

1. Don’t panic. Take notes/screenshots.
2. Disconnect the affected device from the internet/Wi-Fi.
3. Change critical passwords (email, banking) from a clean device; enable MFA.
4. Scan and update the affected device before reconnecting.
5. Notify impacted people/orgs (family, clients, bank).
6. Report to the Canadian Anti-Fraud Centre.

📚 Sources

• BleepingComputer — “The first three things you’ll want during a cyberattack” (clarity, control, lifeline framework).