Cybersecurity FAQs

Answering your top questions on cybersecurity.

  • The sender email address may be incorrect or misspelled.
  • Hovering over website links with your mouse reveals a website that is unrelated to the topic or vendor.
  • There is a password protected zip file attachment with the password contained in the same email.
  • There is a requested urgency for you to open an attachment, click a website link, contact a phone number or respond to the email.
  • Opening an email attachment reveals a page with a link to another website.
  • Go to, which is run by the Federal Trade Commission. The website has a step-by-step guide on how to deal with identity theft, including instructions for freezing your credit reports.
  • File a police report with your local department and ask for a copy of the report.
  • Only if you constantly verify that your computer and browser are updated with the latest security patches. This is the first place malware tries to steal your passwords.
  • Look to utilize a password manager to create and store your passwords. Perform research and select reputable applications such as LastPass, DashLane or Keeper Password Manager.
  • If the website asked you to enter information, then assume that any information you entered is stolen and will be used. Depending on the type of information at risk, you may need to change passwords, contact your financial institutions or file an identity theft report. Go to
  • If the website had you download and install software, then contact a computer repair center to clean your computer as it is most likely infected with malware.
What should you do if you're a victim of unemployment fraud?

WGAL news reported that they continue to hear from viewers who say people have fraudulently claimed unemployment for them. You may learn you’re a victim in the following ways:

  • When you try to file an unemployment claim.
  • If you receive unrequested unemployment paperwork from the Department of Labor & Industry's Office of Unemployment Compensation.
  • If you get unemployment benefit payments you did not apply for from the Pennsylvania Treasury.
  • If your employer receives notice that a claim has been opened even though you are still working.

If you’re a victim of unemployment fraud, you should:

Contact the state unemployment office.

  • Pennsylvania has a special website for reporting unemployment fraud and identity theft.
  • Use the website if your unemployment benefits have been hijacked or if someone files a false claim using your personal information.
  • If you are still working, you may learn of the fraud from your employer because unemployment offices will contact your employer first to verify that you are no longer working before they'll issue payments.

Protect your identity.

  • If someone is claiming your unemployment benefits, it is very likely they have your Social Security number and that you are now a victim of identity theft.
  • Go to, which is run by the Federal Trade Commission. The website has a step-by-step guide on how to deal with identity theft, including instructions for freezing your credit reports.

File a police report.

  • File a police report with your local department and ask for a copy of the report.
  • It's unlikely police will find your identity thief, but if you have any form of identity theft insurance you may need that police report if you file a claim.

Additional Information:
  • Keep your computer updated with the latest version of your operating system. Do not run operating systems that are end-of-life such as Windows 7 or Windows 8.
  • Keep your software applications such as Office and Adobe current with the latest security patches.
  • Verify that auto-updates are turned on and working.
  • Run a reputable anti-malware program such as (Symantec, McAffee, Malwarebytes, Avast to name a few) and keep your subscription current.
  • Backup your files regularly to a detachable USB drive or an on-line backup service. Keep offline backups to prevent ransomware from encrypting them if infected.
No! Always treat public Wi-Fi as unsafe. Utilize your cellphone hotspot over a public Wi-Fi connection. If you need to utilize public Wi-Fi never access financial resources without using a VPN solution.
  • These can be excellent services. Make sure to do extensive research and look closely at what is provided in the service. Also be sure to verify the type of credit scoring used: FICO scoring or VantageScore. Some credit cards may also provide this monitoring as a feature of using their credit card.
  • Things to consider: Cost, Number of credit bureaus monitored, scoring model, Dark web scanning and Identity theft insurance provided.
  • Always use unique and long passwords or pass-phrases across your online services.
  • Use a separate email address for your financial sites and services.
  • Never access any financial services via an email link. Always go directly to the institutions’ websites.
  • See if any of your financial institutions or credit card services offer Dark web monitoring and credit monitoring for free. (Discover Card does both credit and Dark web monitoring as a member service).
  • Use a VPN when on public Wi-Fi.
  • Identify phishing emails.
  • Keep your devices updated with the latest security updates.
  • Always enable multi-factor authentication on services you utilize.
  • Enable proactive text and email alerts for financial services.
    • Notifications for password change, email change and address change.
    • Notifications for charges over specified amounts.
Never respond to or unsubscribe from Spam email. This will actually cause you to receive more as you are confirming your email address is valid.
No, unfortunately caller ID is very simple to spoof and cannot be trusted.

Start by assessing your risks. Cybersecurity threats that many organizations face include:

  • Data and information storage—this includes private business information, human resources activities and personal employee/customer information
  • Credit card data collection and online payment processing
  • Online content and media content including social media sites
  • Cloud and outsourced computing services—it’s important to note that even outside sources are a risk because they’re prime targets for cyber threats due to their accessibility and popularity

Also look for unique threats that are specific to your industry and operations. A few examples include personal laptop usage by employees, potential loss of community services due to a cyber threat or the storage of highly-valued information.

Next, make a plan to help combat your risks. While this will be unique to you, here are a few considerations to help you get started:

  • Identify key team members who are tasked with working to prevent, detect and respond to cyber incidents.
    • If your organization doesn’t employ information technology or cybersecurity professionals and you elect to utilize third party vendors to develop, host, install, configure, support or otherwise administer some or all of your technical systems—here are a few tips to help protect your organization:  
      • Define processes for securing and auditing access to systems
      • Request professional references for all vendors
      • Obtain samples of completed reports by vendors
      • Consult with legal counsel to obtain a non-disclosure agreement and other formal contracts prior to signing any paperwork
    • Using the knowledge of your experts, implement guidelines and procedures to help limit your risks—and continue to evaluate and update them as cyber threats are everchanging.

Despite every possible cybersecurity measure, not every cyber threat or breach can be prevented. So, just as you have a plan to help prevent attacks—you’ll also need a plan that outlines how you’ll detect threats and respond to incidents.

Lastly, you’ll need to implement your plans, which includes training your team on your policies and procedures. Some ways to help your employees retain your cyber-related guidelines and practice online safety include:

  • Requiring an annual Cyber Security Awareness training program
  • Ensuring knowledge of policies and compliance requirements—one way you can do this is through simulating a cyber threat to test their recognition and cyber incident response plan
  • Continually informing and updating your team through ongoing alerts and cybersecurity tips

Check out our library of cybersecurity resources designed specifically for the following organizations: