Security Resource Center

Stay safe online — and know what to do if something goes wrong

Practical, plain-English cybersecurity help from your local IT team. Learn the basics, find trusted tools, and know what to do if something goes wrong.

Spot phishing

Recognize fake emails, texts, and calls before you click.

Learn more

Passwords & MFA

Strong, unique passwords and MFA stop most account takeovers.

Learn more

Ransomware & backups

Back up the right way and keep ransomware from ruining your day.

Learn more

Common scams

Know the playbooks scammers use to pressure you.

Learn more

Safe browsing & Wi-Fi

A few browser and Wi-Fi settings keep strangers out.

Learn more

If you’re compromised

A clear, calm plan for the moment something goes wrong.

Learn more

Report & recover

FBI IC3 — ic3.govReport internet & cyber crime: fraud, business email compromise, ransomware, online theft.FTC ReportFraudReport scams and fraud to the Federal Trade Commission.IdentityTheft.govFree, personalized identity-theft recovery plan from the FTC.CISA — Report an IncidentFor businesses & serious incidents: report to CISA.NCMEC Take It DownFree help removing explicit images of someone under 18 from the internet.

Check & protect

Have I Been PwnedCheck whether your email or phone appeared in a known data breach.VirusTotalScan a suspicious file or link for malware with 70+ engines — free. There’s also a mobile app to scan your phone.AnnualCreditReport.comThe only federally authorized site for your free credit reports.Freeze your creditPlace a free credit freeze with Equifax, Experian and TransUnion.FCC Smartphone Security CheckerStep-by-step security tips for your specific phone.

Learn & stay safe

StaySafeOnlinePractical cybersecurity education from the National Cybersecurity Alliance.FTC Consumer AdvicePlain-language guidance on identity theft and online security.CISA — Secure Our WorldSimple, current steps to protect yourself, your family and your business.StopRansomware.govThe U.S. government’s one-stop hub for ransomware resources.

Keeping kids & families safe

ConnectSafelyParent guides to apps, gaming, social media, and online safety.Common Sense MediaAge-based reviews and advice for apps, games, shows, and tech.NetSmartz (NCMEC)Online-safety lessons and videos for kids, teens, and parents.Be Internet Awesome (Google)A free game and curriculum that teaches kids the fundamentals of online safety.StopBullying.govFederal guidance on recognizing, preventing, and responding to cyberbullying.Family Online Safety InstituteGood Digital Parenting tools, research, and family tech agreements.

Tools we recommend

ExpressVPNEncrypt your connection on public Wi‑Fi. Sign up with our link and get 30 days free.Dashlane Password ManagerThe password manager we trust. Use our link to claim 6 months of Premium free.

Education & Tips

Spot phishing

Phishing is a fake message — email, text, or phone call — designed to trick you into clicking a malicious link, opening an attachment, or handing over passwords, codes, or payment details. It is the number-one way both households and businesses get breached.

Red flags to watch for

A sense of urgency or threat (“your account will be closed”)
A sender address that doesn’t match the real company
Generic greetings, odd grammar, or slightly-off logos
Links that don’t go where the text says (hover to check)
Requests for passwords, codes, gift cards, or wire transfers
Unexpected attachments — invoices, “voicemails,” shipping labels

Types you’ll run into

Email phishing — the classic fake login or invoice
Smishing — phishing by text message
Vishing — phishing by phone call (“Microsoft support”)
Business Email Compromise (BEC) — a spoofed boss or vendor changing payment details

If you clicked or replied

Disconnect the device if you downloaded anything
Change the password for that account right away
Turn on multi-factor authentication
Watch the account and your bank for unusual activity
Report it (links below) and tell us — we can help

Helpful links

FTC — Recognize & avoid phishingCISA — Secure Our WorldReport to FBI IC3

Need a hand with any of this? Call HTDNET — 540-905-8111

Education & Tips

Passwords & MFA

Most account break-ins don’t involve fancy hacking — they happen because a password was weak, reused, or stolen in a breach. Strong, unique passwords plus multi-factor authentication (MFA) shut down the vast majority of attacks.

Build better passwords

Make them long — a passphrase of four or more random words beats a short complex one
Use a different password for every account
Let a password manager create and remember them
Never reuse your email password anywhere else

Turn on multi-factor authentication (MFA)

MFA asks for a second proof — a code or a tap — when you log in
An authenticator app or hardware key is stronger than text-message codes
Passkeys (face or fingerprint) are even better where offered
We will never call to ask for a one-time code — and neither will your bank

If a password may be exposed

Change it immediately, and anywhere you reused it
Check your email at Have I Been Pwned
Turn on MFA if you haven’t already
Switch to a password manager to fix reuse for good

Helpful links

Have I Been PwnedFTC — Protect your accountsCISA — Secure Our WorldDashlane Password ManagerThe password manager we trust. Use our link to claim 6 months of Premium free.

Need a hand with any of this? Call HTDNET — 540-905-8111

Education & Tips

Ransomware & backups

Ransomware locks up your files and demands payment to unlock them. For a business it can mean days of downtime; for a family it can mean losing irreplaceable photos. Good backups and basic hygiene are the best defense — they turn a disaster into an inconvenience.

Prevent it

Keep Windows, macOS, and your apps patched and up to date
Use reputable security software and a firewall
Don’t open unexpected attachments or enable macros
Limit administrator rights to people who truly need them

The 3-2-1 backup rule

Keep 3 copies of important data
On 2 different types of media
With 1 copy off-site or offline
Test that you can actually restore — an untested backup isn’t a backup

If you’re hit

Disconnect the device from the network immediately
Don’t pay first — paying doesn’t guarantee recovery and funds crime
Report it at StopRansomware.gov and IC3
Call us — we can help you contain it and restore from backup

Helpful links

StopRansomware.govReport to FBI IC3CISA — Secure Our World

Need a hand with any of this? Call HTDNET — 540-905-8111

Education & Tips

Common scams

Scammers manufacture urgency, fear, or excitement to push you into acting before you think. Knowing the common playbooks makes them easy to spot.

Common scams

Tech-support scams — pop-ups or calls claiming your PC is infected
Business Email Compromise — a fake boss or vendor changing payment info
Gift-card & crypto demands — no real agency asks for these
Invoice and overpayment scams
Romance and “too-good-to-be-true” investment scams

Universal red flags

Pressure to act right now
Requests for gift cards, wire transfers, or crypto
Payment details that suddenly “changed” — verify by phone
Anyone discouraging you from checking with someone else

Protect yourself

Slow down and verify through a known phone number
Confirm money or payment requests in person or by phone
Never give remote access to an unsolicited caller
When in doubt, ask us before you act

Helpful links

FTC — Report fraudFTC — Scam guidanceReport to FBI IC3

Need a hand with any of this? Call HTDNET — 540-905-8111

Education & Tips

Safe browsing & Wi-Fi

Your browser and your network are the front door to everything you do online. A handful of settings keeps strangers from walking in.

Safer browsing

Keep your browser and devices updated — updates fix security holes
Look for HTTPS, but remember it only means the connection is private, not that the site is trustworthy
Be cautious with downloads and browser extensions
Use a password manager so you only log in on the real site

Wi-Fi & your network

Avoid logging into sensitive accounts on public Wi-Fi
Consider a reputable VPN when you must use public networks
Change the default admin password on your router
Run a separate guest Wi-Fi for visitors and smart devices
Keep your router’s firmware updated

Helpful links

CISA — Secure Our WorldFTC — Home network securityFCC Broadband MapExpressVPNEncrypt your connection on public Wi‑Fi. Sign up with our link and get 30 days free.

Need a hand with any of this? Call HTDNET — 540-905-8111

Education & Tips

If you’re compromised

If you think an account, device, or your identity has been compromised, acting quickly limits the damage. Here’s the order of operations — and remember, we’re here to help with any of it.

Step 1 — Protect & contain

Disconnect the affected device from the network or internet.
Call HTDNET at 540-905-8111 — we can guide you in real time.
Change your passwords from a different, clean device — start with email.
Turn on multi-factor authentication (MFA).
Contact your bank or card issuer if money or accounts are involved.

Walk through it step by step — open “Help, I’ve been hacked” →

Step 2 — Report the crime

Document everything — screenshots, dates, amounts, and accounts.
Report to the FBI at IC3.gov and scams to the FTC.
If your identity was stolen, get a recovery plan at IdentityTheft.gov.
File a local police report; businesses also report to CISA.

Step 3 — Notify & monitor

Tell anyone who could be affected — customers, coworkers, family, friends.
Watch your accounts and credit for weeks to months — fraud often shows up later.
Set up bank and credit alerts; freeze your credit if your SSN was exposed.

How HTDNET can help

Scan and clean affected devices.
Restore your data from backup.
Harden your accounts and network to make a repeat far less likely.
Call us at 540-905-8111 — we’ll handle the heavy lifting.

Helpful links

IdentityTheft.govReport to FBI IC3Free credit reports

Need a hand with any of this? Call HTDNET — 540-905-8111

Software we provide

We resell, install, and support these for our clients. A self-serve procurement form is coming soon — for now, contact us and we will get you set up.

Trend Micro Worry-Free BusinessCloud-managed antivirus and endpoint protection built for small business.Malwarebytes for BusinessLayered anti-malware and ransomware protection that complements your antivirus.Cove Data ProtectionAutomated cloud backup with fast recovery for servers, PCs, and Microsoft 365.Google WorkspaceBusiness email, docs, and storage with strong, security-first defaults — set up and managed by us.

Free tools you can get online

We do not sell these — they are free and reputable. Get them straight from the source.

Microsoft DefenderBuilt-in antivirus already on Windows 10 and 11 — just keep real-time protection on.BitwardenFree, open-source password manager for strong, unique passwords on every account.Malwarebytes FreeFree on-demand scanner to check a suspicious computer for malware.Have I Been PwnedSee whether your email address has appeared in a known data breach.Cloudflare 1.1.1.1Free, privacy-first DNS that can make browsing faster and a little safer.NiniteInstall and update trusted free apps safely, all in one click.

Hit by a scam, breach, or hack? Here’s exactly what to do.

Protect yourself first, then report it, then notify and monitor. Tick through the quick checklist, or switch to Document as you go to record report numbers and screenshots and email yourself a PDF. Progress saves on this device.

Step 1 · Do this first

Protect & contain

0 of 9 done

Disconnect the affected device.Pull it off Wi‑Fi and unplug the cable so malware can’t spread or phone home.Call HTDNET — 540‑905‑8111.Have someone reach us; we can guide you through the rest in real time.Change passwords from a clean device.Start with email and the affected account, and anywhere you reused that password.Turn on multi‑factor authentication (MFA).A second step means a stolen password alone won’t get them in. Enable it at Microsoft, Google, Apple, Yahoo, or Amazon.Contact your bank or card issuer.If money, cards, or bank info are involved, freeze the account and dispute charges.If your SSN was exposed, freeze your credit.Place a free freeze with Equifax, Experian, and TransUnion.Pull your free credit reports.Review them at AnnualCreditReport.com.Set up an IRS Identity Protection PIN.Recommended if your SSN was exposed — it blocks crooks from filing a tax return in your name.Stay alert for follow‑up phishing.Crooks use leaked details to sound convincing — slow down and verify.

Step 2 · Report it

Report the crime

0 of 6 done

Document everything first.Screenshots, dates, amounts, communications, emails, and phone calls. The form captures this for you.Report to the FBI — IC3.gov.Online fraud, BEC, ransomware, cyber crime. ic3.govReport scams & fraud to the FTC.File at ReportFraud.ftc.gov.Identity stolen? Visit IdentityTheft.gov.Get a free recovery plan. identitytheft.govFile a local police report.Contact your local law enforcement; some banks and creditors require a report. You can optionally contact your local FBI field office.Business: report to CISA.Meet client-notification rules; we can help. cisa.gov/report

Step 3 · Then watch

Notify & monitor

0 of 7 done

Tell anyone who could be affected.Customers, coworkers, family, or friends — especially if an attacker could reach them through you.Business: follow breach‑notification rules.Many states require notifying affected customers and partners. We can help you do it right.Warn contacts about messages “from you.”Until it’s resolved, tell people to verify anything unusual that appears to come from you.Watch your accounts and statements.Check bank, card, and key accounts for anything you don’t recognize.Monitor your credit and set up alerts.Turn on bank and credit alerts; consider credit monitoring.Keep watching for weeks to months.Fraud from a breach often shows up well after the event — stay alert.Keep this report and any case numbers.Save them in case you need to follow up later.

Strengthen your protection going forward:
ExpressVPN — a VPN that encrypts your internet connection and helps keep your online activity more private (not just on public Wi‑Fi). Get 30 days free.
Dashlane — a password manager that builds and stores strong, unique passwords so one breach can’t unlock everything. Get 6 months of Premium free.
Some links here are referral links — see the full disclosure in the footer.

Document it

Create your incident report

The same three steps as the checklist — plus room to record report numbers, emails, and screenshots. Submit to email a PDF to you and HTDNET, or use Print for my records for a private copy.

Data-loss protection is on: the form won’t send if it detects a Social Security number or full card number. Keep those for IC3 and law-enforcement reports — it’s fine to note that they exist (“card ending 1234”).

Printing does not save or email your report — you can print a blank or completed copy. To email yourself a PDF, choose Submit to Me Only (sends it just to you) or Submit to Me and HTDNET (also sends it to us so we can help). After you submit online, this page may not show your entries again, so keep the emailed PDF as your receipt.

Please enable JavaScript in your browser to complete this form.

Document a cyber incident, step by step. Same checklist as the Quick checklist tab — here you can record details, report numbers, and attach evidence. Submit to email a PDF (with your attachments) to you and to HTDNET, or use Print for my records to keep a private copy.

Your name *

First

Last

Your email *

We will email your PDF report to this address.

Phone

Business or organization (if this affects one)

What type of incident is this? *

When did it happen?

Where did it happen? (website, app, email account, phone, in person)

What happened? In your own words — who, what, when, where, why, and how. *

How do I get the full email headers?

Microsoft 365 / Outlook on the web: open the message → More actions → View → View message source.
Outlook (desktop): open the message → File → Properties → Internet headers.
Gmail: open the message → More → Show original → Copy to clipboard.

Paste the suspicious email, text, message, or link here

Include the full message headers when you can. Do not include full card numbers, SSNs, or passwords.

Upload a screenshot or the email file (.eml, .msg) — optional

Drag & Drop Files, Choose Files to Upload You can upload up to 5 files.

A picture of the message, or the saved email file itself, helps us see exactly what happened.

Estimated money lost (USD), if any

Step 1 · Protect & contain

Do this first. Check off what you’ve done — helpful links are beside each step.

Containment steps completed

Disconnected the affected device
Called HTDNET
Changed passwords from a clean device
Turned on multi-factor authentication (MFA)
Contacted my bank or card issuer
Froze my credit (if SSN exposed)
Pulled my free credit reports
Set up an IRS Identity Protection PIN (recommended if your SSN was exposed)
Staying alert for follow-up phishing

you words —

What you did to contain it — devices secured, accounts changed, who you called, and when

Step 2 · Report the crime

Report it, then record the case numbers you receive — links are beside each step. Tip: you can fill out this form first and use your PDF to make reporting to these agencies faster.

Reporting steps completed

Documented everything (screenshots, dates, amounts, communications, emails, phone calls)
Reported to the FBI (IC3.gov)
Reported scams/fraud to the FTC (ReportFraud.ftc.gov)
Started a recovery plan at IdentityTheft.gov
Filed a local police report (your local law enforcement)
Business: reported to CISA / notified as required

FBI IC3 complaint number (if filed)

FTC report number (if filed)

Police report number & agency (if filed)

Other case numbers, contacts, or details

Upload your report confirmations (IC3, FTC, police PDFs) — optional

Drag & Drop Files, Choose Files to Upload You can upload up to 8 files.

Attach the confirmation PDFs or screenshots you received when you filed.

Step 3 · Notify & monitor

Tell anyone affected, then watch for trouble for weeks to months.

Notify & monitor steps completed

Notified anyone who could be affected (customers, coworkers, family, friends)
Business: notified affected customers/partners per breach-notification rules
Warned contacts not to trust messages from me until resolved
Watching bank and card statements for unusual activity
Watching my credit reports and set up alerts
Will keep monitoring for several weeks to months
Saved this report and any case numbers for my records

Who you notified and what you are monitoring (with dates)

Evidence & attachments — label each file Exhibit A, B, C… (optional)

Drag & Drop Files, Choose Files to Upload You can upload up to 15 files.

Upload any supporting files (images, PDFs, the monitoring log, notification letters). Please avoid files containing full SSNs or card numbers.

Attachment index — note what each file shows (e.g., Exhibit A = screenshot of the phishing email)

Please protect sensitive information. Don’t type full Social Security numbers, full card numbers, or passwords here — the form blocks sending if it detects them. It’s fine to note that they exist (“card ending 1234”). By submitting or using this form (including any attachments) you agree to hold HTDNET harmless, and acknowledge this is a self-help tool, not professional or legal advice.

Acknowledgement *

I have read the notice above and agree. I understand this report (including any attachments) may be emailed to me and to HTDNET; I have avoided entering full SSNs, full card numbers, or passwords; and I accept the risks of submitting this information and agree to hold HTDNET harmless.

Need to notify customers or affiliates?Download a ready-to-edit letter (standard language you can customize) and a monitoring log to track who you told and what you’re watching.

Hold on — that looks sensitive

It looks like you may have entered a Social Security number or a full card number. For your safety we won’t email that. Please print this for your records instead, or remove it and submit.

Think you’ve been breached?

Don’t wait. We can help you contain the damage, recover, and lock things down.

Call HTDNET — 540-905-8111