Reporting fraud and suspicious activity
Reporting cybersecurity incidents efficiently is crucial for small and medium-sized businesses (SMBs) in navigating the aftermath and mitigating potential damage. For businesses operating within the United States, several key organizations and platforms exist for reporting various cybersecurity-related activities, breaches, and fraud. Below are the contact details and reporting mechanisms for these entities in the United States:
Cybersecurity & Infrastructure Security Agency (CISA)
For Reporting Cybersecurity Incidents:
CISA encourages reporting of cybersecurity incidents, phishing, malware, and other vulnerabilities to help protect critical infrastructure and the broader business community.
Federal Bureau of Investigation (FBI) - Internet Crime Complaint Center (IC3)
For Reporting Cyber Crimes, Data Theft, and Fraud:
IC3 provides a platform for reporting internet crimes and scams to the FBI. It's suitable for reporting data theft, employee theft, insider fraud, and other cybercrimes.
Federal Trade Commission (FTC)
For Reporting Identity Theft and Privacy Violations:
The FTC handles complaints related to identity theft, privacy violations, and other consumer protection issues. SMBs can report incidents affecting their customers or employees.
Your Cybersecurity Insurance Carrier
For businesses with cybersecurity insurance, it's essential to report incidents to your carrier promptly. Contact information will vary by insurer, so refer to your policy documents for the specific phone number, email, and procedures for reporting incidents.
Local Law Enforcement
For Reporting Crimes:
- Contact: Your local police department
- Phone: Use the non-emergency number for your local law enforcement agency
For incidents involving illegal activities such as theft or fraud, contact your local law enforcement for investigation and assistance.
Additional Resources and Reporting Mechanisms
- State Attorneys General Offices: Each state has an Attorney General's office that may provide resources and reporting mechanisms for cybersecurity incidents affecting residents of that state.
- Sector-Specific Regulatory Agencies: Depending on your industry, additional reporting may be required to specific regulatory bodies or industry associations.
Important Note: Before reporting, it's crucial to gather as much information about the incident as possible, including the nature of the data involved, how the breach or fraud occurred, and any steps already taken in response. This information will be invaluable to the agencies assisting with your case and may be required for a detailed report.
By utilizing these resources, SMBs in the United States can ensure they're taking the appropriate steps to report and respond to cybersecurity incidents, protecting their operations and their customers' data.