{
    "version" : "https://jsonfeed.org/version/1",
    "content" : "resources",
    "type" : "single",
    "title" : "Social Media Cyber-Vandalism Toolkit |Digital.gov",
    "description": "Social Media Cyber-Vandalism Toolkit",
    "home_page_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/","feed_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit/index.json","item" : [
    {"title" :"Social Media Cyber-Vandalism Toolkit","deck" : "Guidance on how to respond to cyber-hijacking.","summary" : "Cyber-vandalism presents a serious challenge to online-based communication tools. This document provides guidance and security practices to federal, state, and local government employees. Suggestions and resources prepare users to respond to cyber-hijacking.","date" : "2015-01-27T01:09:20-04:00","date_modified" : "2025-01-27T19:42:55-05:00","authors" : {"jherman" : "Justin Herman"},"topics" : {
        
            "security" : "Security",
            "social-media" : "Social media"
            },"branch" : "bc-archive-content-3",
      "filename" :"readiness-recovery-response-social-media-cyber-vandalism-toolkit.md",
      
      "filepath" :"resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit.md",
      "filepathURL" :"https://github.com/GSA/digitalgov.gov/blob/bc-archive-content-3/content/resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit.md",
      "editpathURL" :"https://github.com/GSA/digitalgov.gov/edit/bc-archive-content-3/content/resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit.md","slug" : "readiness-recovery-response-social-media-cyber-vandalism-toolkit","url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit/","content" :"\u003cp\u003eCyber-vandalism presents a serious challenge to online-based communication tools. Users need available resources to counter intrusions of social media accounts.\u003c/p\u003e\n\u003cp\u003eThis document provides guidance, resources, and security practices that prepare users to respond to cyber-hijacking, make informed choices, and enact future policy.\u003c/p\u003e\n\u003ch2 id=\"readiness-phase-1\"\u003eReadiness: Phase 1\u003c/h2\u003e\n\u003cp\u003eCyber-vandalism occurs when an outside party, regardless of identity or motive, takes control of an agency communication channel and misdirects it. Incidents may contain information misleading to the public or threatening to an agent of the United States. Agencies should plan and train prior to an incident, and prepare approved processes and material for the recovery and response to cyber-vandalism.\u003c/p\u003e\n\u003ch3 id=\"1-identify-a-social-media-stakeholder-team-to-prevent-and-respond-to-cyber-vandalism\"\u003e1. Identify a social media stakeholder team to prevent and respond to cyber-vandalism\u003c/h3\u003e\n\u003cp\u003eA direct chain of responsible managers should be aware of their roles in the potential response to any social media cyber-vandalism, including the necessity of quick, decisive action. This team should be connected by email, phone, text and any other appropriate means of communication. The team should include, but is not limited to:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eSocial media team\u003c/li\u003e\n\u003cli\u003eProgram manager\u003c/li\u003e\n\u003cli\u003ePublic affairs representative\u003c/li\u003e\n\u003cli\u003eGeneral Counsel\u003c/li\u003e\n\u003cli\u003eIT Security\u003c/li\u003e\n\u003cli\u003eSenior leader/manager\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"2-review-individual-appplatform-resources\"\u003e2. Review Individual App/Platform Resources\u003c/h3\u003e\n\u003cp\u003eOnline-based communication tools offer resources, each with unique strengths and limitations. Awareness of this support and their unique characteristics is beneficial before an incident:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eFacebook:\u003c/strong\u003e \u003ca href=\"https://www.facebook.com/help/379220725465972\"\u003eFacebook Security Tips\u003c/a\u003e; \u003ca href=\"https://www.facebook.com/settings?tab=security\"\u003eFacebook Security Settings\u003c/a\u003e; Learn \u003ca href=\"https://www.facebook.com/help/413023562082171\"\u003eextra security features\u003c/a\u003e including approvals, notifications, trusted contacts and mobile security\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLinkedIn:\u003c/strong\u003e \u003ca href=\"https://help.linkedin.com/app/safety/home\"\u003eLinkedIn Safety Center\u003c/a\u003e; \u003ca href=\"https://help.linkedin.com/app/safety/answers/detail/a_id/37027\"\u003ePrevention Tips\u003c/a\u003e; \u003ca href=\"https://help.linkedin.com/app/safety/answers/detail/a_id/38595\"\u003ePassword Guidelines\u003c/a\u003e; \u003ca href=\"https://help.linkedin.com/app/safety/answers/detail/a_id/146\"\u003eFrequently Asked Questions | Reporting Inappropriate Content, Messages, or Safety Concerns\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInstagram:\u003c/strong\u003e \u003ca href=\"https://help.instagram.com/369001149843369/\"\u003eInstagram Privacy \u0026amp; Safety Center\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTwitter:\u003c/strong\u003e \u003ca href=\"https://support.twitter.com/groups/33-report-a-violation/topics/166-safety-center/articles/76036-safety-keeping-your-account-secure\"\u003eSafe tweeting: the basics\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGoogle:\u003c/strong\u003e \u003ca href=\"https://support.google.com/accounts/answer/46526?hl=en\"\u003eKeeping your account secure\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHootsuite:\u003c/strong\u003e \u003ca href=\"https://hootsuite.com/products/platform/social-media-security\"\u003eSocial Media Security\u003c/a\u003e\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"3-establish-stakeholder-rapid-outreach-plan\"\u003e3. Establish Stakeholder Rapid Outreach Plan\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003ePrepare a list of internal and external contacts and processes for a cyber-vandalism incident:\n\u003cul\u003e\n\u003cli\u003eWho is the POC for the app or platform when an incident occurs (see Phase 2: Recovery for list)?\u003c/li\u003e\n\u003cli\u003eWho is the POC for cyber-vandalism of accounts in the Government (see Phase 2: Recovery for list)?\u003c/li\u003e\n\u003cli\u003eWho is on your social media stakeholder team?\u003c/li\u003e\n\u003cli\u003eWho are your key communities and audiences on social media and other channels you must alert?\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eIncorporate relevant contact information:\n\u003cul\u003e\n\u003cli\u003eEmails; Phone Numbers; Social Media Handles; Hashtags; Listservs and more.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"4-create-communication-templates\"\u003e4. Create Communication Templates\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003ePre-populate different types of messages.\n\u003cul\u003e\n\u003cli\u003eEmails; Texts; Social media posts and more.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCommunicate essential information to convey the nature of the compromise, for example:\n\u003cul\u003e\n\u003cli\u003eAn account is compromised; An administrator cannot access an account; A username and/or password for an account is compromised; Information on the account is unauthorized.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"5-review-secure-social-media-best-practices-checklist\"\u003e5. Review Secure Social Media Best Practices Checklist\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003eInstitutionalize secure web standards, such as HTTPS, as a foundation for secure social media:\n\u003cul\u003e\n\u003cli\u003eUsing an URI scheme, such as HTTPS, establishes a fast, private, and secure connection due to its strong encryption benefits\u003c/li\u003e\n\u003cli\u003eRead \u003ca href=\"https://18f.gsa.gov/2014/11/13/why-we-use-https-in-every-gov-website-we-make/\"\u003eWhy We Use HTTPS in Every Gov Website We Make\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eEstablish accounts with official .gov or .mil domains of full-time equivalent employees (FTE) .\n\u003cul\u003e\n\u003cli\u003eAllow for more than one FTE to administer an account.\u003c/li\u003e\n\u003cli\u003eDesignate an alternative as auxiliary support. Limit this designation to an individual essential to the operation and management of an account.\u003c/li\u003e\n\u003cli\u003eClearly define the criteria for the administrator and alternative.\u003c/li\u003e\n\u003cli\u003eProvide adequate resources to the FTE administrator, including a mobile device and third-party management tool whenever possible.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCreate a social media policy with standard operating procedures (SOP) for cyber-security.\u003c/li\u003e\n\u003cli\u003eObtain approval from appropriate agency parties, including IT Security and General Counsel\u003c/li\u003e\n\u003cli\u003eTrain stakeholders and others on the procedures and policies of social media cyber-security.\n\u003cul\u003e\n\u003cli\u003eRequire training before use of an account.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eUse only authorized URL Shorteners, e.g. \u003ca href=\"https://go.usa.gov/\"\u003ego.USA.gov\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdd all official accounts to the \u003ca href=\"https://touchpoints.app.cloud.gov/registry\"\u003eU.S. Digital Registry\u003c/a\u003e, verifying authenticity of ownership.\n\u003cul\u003e\n\u003cli\u003eThis tool, used by both Facebook and Google to verify accounts, tracks official federal social media accounts.\u003c/li\u003e\n\u003cli\u003eList Department of Defense (DoD) social media accounts in the \u003ca href=\"https://dodcio.defense.gov/Social-Media/\"\u003eDoD Social Media Site Registry\u003c/a\u003e.\n\u003cul\u003e\n\u003cli\u003ePer \u003ca href=\"https://dodcio.defense.gov/DoD-Web-Policy/\"\u003eDOD Web Policy\u003c/a\u003e and \u003ca href=\"http://www.dtic.mil/whs/directives/corres/pdf/855001p.pdf\"\u003eDoDI 8550.01\u003c/a\u003e , use \u003ca href=\"https://www.defense.gov/Resources/Register-a-Site/\"\u003eDoD Social Media Registry submission form\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFollow best practices for secure passwords.\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf\"\u003eGuide to Enterprise Password Management (Draft)\u003c/a\u003e by the National Institute of Standards and Technology\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"6-evaluate-two-step-verification\"\u003e6. Evaluate Two-Step Verification\u003c/h3\u003e\n\u003cp\u003eThis type of authentication verifies a user attempting to access a device or system. It requires confirmation of two consecutive, yet dependent, entries. It may not be applicable to those without mobile devices or in secure environments prohibited entry of such items. It may also require the use of third-party management tools to effectively allow multiple content coordinators.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eFacebook:\u003c/strong\u003e \u003ca href=\"https://www.facebook.com/help/148233965247823\"\u003eFacebook’s Login Approvals\u003c/a\u003e; ZDnet.com supplemental \u003ca href=\"http://www.zdnet.com/article/tutorial-facebook-2-factor-authentication-step-by-step/\"\u003estep-by-step guide\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eGoogle and YouTube:\u003c/strong\u003e \u003ca href=\"https://www.google.com/landing/2step/\"\u003eGoogle 2-Step Verification\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLinkedIn:\u003c/strong\u003e \u003ca href=\"http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/\"\u003eLinkedIn’s Two Step Verification\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTwitter:\u003c/strong\u003e \u003ca href=\"https://blog.twitter.com/2013/getting-started-with-login-verification\"\u003eTwitter’s Two Step Verification Process\u003c/a\u003e.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"7-review-special-guidance-per-common-user-responsibility\"\u003e7. Review Special Guidance Per Common User Responsibility\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eFor Supervisors and Directors:\u003c/strong\u003e Confirm policy is clear, accessible, and distributed among employees. Review, approve, and document all agency accounts regularly. Identify and eliminate rogue accounts. Instruct staff administering accounts to adhere to agency criteria and undergo training where appropriate.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFor Social Media Managers:\u003c/strong\u003e Make security a part of regular social media meetings. Conduct security checks on a regular basis. Regularly update passwords. Keep the list of social media accounts updated. Keep account manager contact information accessible and updated. Remove access for users who are no longer with the agency. Develop a secure method of storing account names, owners, and passwords.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFor Social Media Coordinators:\u003c/strong\u003e Use a protected, official government device. Use protected connections. Do not post from an open Wifi network. Use a work VPN, 3G or the work-connected Internet connection. Generally, use network locations with strong firewalls and on standalone equipment. Preview shortened links to see the address of where they lead. Review the URL of a website in the address bar. Make sure the websites you visit use HTTPS encryption. If you are unsure of a link, double click the lock icon on your browser’s status bar to display the digital certificate for a site.\u003c/p\u003e\n\u003ch3 id=\"8-conduct-training-on-secure-use-of-social-media\"\u003e8. Conduct Training on Secure Use of Social Media\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003eLive training:\u003c/strong\u003e \u003ca href=\"https://colcqpub1.connectsolutions.com/content/connect/c1/7/en/events/catalog.html\"\u003eCybersecurity Online Learning (COL)\u003c/a\u003e program supplements mandatory FISMA security role-based training by offering in-demand cybersecurity workshops. The Information Assurance Branch, United States Department of State, offers monthly social media security online courses for free for anyone with a “.mil” or “.gov” email address, regardless if the applicant is an FTE, military, or contractor.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://dodcio.defense.gov/Social-Media/SMEandT/\"\u003eDepartment of Defense Social Media Security/Privacy Education \u0026amp; Training\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://consumer.ftc.gov/scam-alerts\"\u003eConsumer.ftc.gov/scam-alerts\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://onguardonline.gov/\"\u003eOnGuardOnline.gov\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.us-cert.gov/ncas\"\u003eNational Cyber Awareness System\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://antiphishing.org/\"\u003eAntiphishing.org\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebinar: \u003ca href=\"https://www.youtube.com/watch?v=aa7BKJ6sk8g\"\u003eOperations Security (OPSEC) \u0026amp; Social Media: Balancing Security, Secrecy, \u0026amp; Transparency\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebinar: \u003ca href=\"https://www.youtube.com/watch?v=K0yy3wviTvM\"\u003eHow to Recover from a Social Media Crisis\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWebinar: \u003ca href=\"https://www.youtube.com/watch?v=tesgduqeyjI\"\u003eHow Government Can Prepare for and Respond to Social Media Hacks\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost: \u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2014/10/30/cyber-house-of-horrors/\"\u003eBeware the Cyber Security House of Horrors\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost: \u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2013/05/31/twitters-two-step-verification-process/\"\u003eTwitter’s Two Step Verification Process\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePost: \u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2013/04/25/government-must-respond-rapidly-to-social-media-hacking/\"\u003eGovernment Must Respond Rapidly to Social Media Hacking\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"recovery-phase-2\"\u003eRecovery: Phase 2\u003c/h2\u003e\n\u003cp\u003eAlerts of suspicious activity on social media can come from anywhere, including social media itself. If the social media cyber-security stakeholder team or responsible manager determines an incident is in progress, remember that minutes and even seconds count. Within minutes you’ll need to alert internal stakeholders, alert outside stakeholders to help you regain control, and act to isolate the compromise.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eImmediately: Alert your social media cyber-security stakeholder team, and CC them on following messages.\u003c/li\u003e\n\u003cli\u003eAttempt to change passwords to isolate the incident (steps 2 and 3 ideally simultaneously with two employees)\u003c/li\u003e\n\u003cli\u003eContact the platform companies themselves and GSA to help regain control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"1-contact-information-to-recover-control-after-cyber-vandalism\"\u003e1. Contact Information to Recover Control After Cyber-Vandalism\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eFacebook:\u003c/strong\u003e \u003ca href=\"https://www.facebook.com/help/131719720300233/\"\u003eOnline form for Facebook\u003c/a\u003e; Email: \u003ca href=\"mailto:gov@fb.com\"\u003egov@fb.com\u003c/a\u003e;\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTwitter:\u003c/strong\u003e \u003ca href=\"https://support.twitter.com/articles/185703-my-account-has-been-hacked\"\u003eOnline form for Twitter\u003c/a\u003e; Email: \u003ca href=\"mailto:Gov@Twitter.com\"\u003eGov@Twitter.com\u003c/a\u003e;\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLinkedIn:\u003c/strong\u003e \u003ca href=\"https://help.linkedin.com/app/safety/answers/detail/a_id/146\"\u003eRespond to and Report Various Issues\u003c/a\u003e; Email: \u003ca href=\"mailto:LCSHelp@linkedin.com\"\u003eLCSHelp@linkedin.com\u003c/a\u003e; Email: \u003ca href=\"mailto:mcirrito@linkedin.com\"\u003emcirrito@linkedin.com\u003c/a\u003e;\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInstagram:\u003c/strong\u003e \u003ca href=\"https://help.instagram.com/368191326593075\"\u003eOnline form for Instagram\u003c/a\u003e; Email: \u003ca href=\"mailto:government@FB.com\"\u003egovernment@FB.com\u003c/a\u003e;\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVine:\u003c/strong\u003e \u003ca href=\"https://support.twitter.com/forms/vine\"\u003eOnline form for Vine\u003c/a\u003e; Email: \u003ca href=\"mailto:Gov@Twitter.com\"\u003eGov@Twitter.com\u003c/a\u003e;\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHootsuite:\u003c/strong\u003e Email: \u003ca href=\"mailto:Support@hootsuite.com\"\u003eSupport@hootsuite.com\u003c/a\u003e; Email: \u003ca href=\"mailto:sajji.hussein@hootsuite.com\"\u003esajji.hussein@hootsuite.com\u003c/a\u003e;\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"2-audit-your-social-media-inventory\"\u003e2. Audit your social media inventory\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003eAudit your list of social media accounts, password holders, agency hosted websites.\u003c/li\u003e\n\u003cli\u003eEnsure no former employees, contractors or interns have access to current passwords.\u003c/li\u003e\n\u003cli\u003eReview any third-party app you use to monitor or post to social media, such as IFTTT.\u003c/li\u003e\n\u003cli\u003eReview your other digital services, including websites, for signs of cyber-vandalism and any vulnerabilities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"3-confirm-cyber-vandalism-recovery-process-on-different-channels\"\u003e3. Confirm cyber-vandalism recovery process on different channels\u003c/h3\u003e\n\u003cp\u003eOnce securing your other accounts, release pre-approved initial messages alerting your communities that an incident is occurring and that steps are underway in order to recover cyber-vandalized accounts.\u003c/p\u003e\n\u003ch3 id=\"4-initiate-restoration-activities-after-regaining-accounts\"\u003e4. Initiate Restoration Activities After Regaining Account(s)\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003eArchive cyber-vandalism messages.\u003c/li\u003e\n\u003cli\u003eDelete cyber-vandalism messages.\u003c/li\u003e\n\u003cli\u003eStop all pre-scheduled messages.\u003c/li\u003e\n\u003cli\u003eRestore normal settings and features.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"response-phase-3\"\u003eResponse: Phase 3\u003c/h2\u003e\n\u003cp\u003eAgencies must not only prepare for and recover social media accounts after a cyber-vandalism incident, they should also quickly and effectively respond to their stakeholders and audiences as soon as possible using social media in order to maintain trust in digital services. Initial responses to the cyber-security stakeholder team and the public should be within minutes of recovering control of your accounts.\u003c/p\u003e\n\u003ch3 id=\"1-confirm-incident-and-recovery\"\u003e1. Confirm Incident and Recovery\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eCyber-security team confirmation:\u003c/strong\u003e Send initial report of recovery to social media cyber-security stakeholder team.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePublic confirmation:\u003c/strong\u003e Distribute as soon as possible social media posts confirming the cyber-vandalism incident and your recovery of affected accounts. Announce a return to regularly scheduled activities.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCommunity confirmation:\u003c/strong\u003e Deliver additional communication with pre-determined internal audiences and stakeholders to prevent the spread of rumors and misinformation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"2-confirm-and-verify-changes-to-access\"\u003e2. Confirm and Verify Changes to Access\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003eReview account holders.\u003c/li\u003e\n\u003cli\u003eConfirm verification of login status.\u003c/li\u003e\n\u003cli\u003eConfirm changes and updates of passwords.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"3-conduct-a-review-of-lessons-learned\"\u003e3. Conduct a review of lessons learned\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWhat type of response worked well?\u003c/li\u003e\n\u003cli\u003eWhy did this work so well?\u003c/li\u003e\n\u003cli\u003eWhat did not work?\u003c/li\u003e\n\u003cli\u003eWhat unforeseen events occurred?\u003c/li\u003e\n\u003cli\u003eWhat changes will lead to a better response?\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"4-apply-data-and-analysis-of-outcomes-to-improving-your-program\"\u003e4. Apply data and analysis of outcomes to improving your program\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDevelop after-action report.\u003c/li\u003e\n\u003cli\u003eEnsure future relevance with accurate information.\u003c/li\u003e\n\u003cli\u003eInclude lessons learned and best practices.\u003c/li\u003e\n\u003c/ul\u003e\n\n\n\n\u003carticle\n  class=\"dg-note \"\n\u003e\n  \u003ch4 class=\"dg-note__heading\"\u003e\n    \u003csvg\n      class=\"dg-note__icon usa-icon dg-icon dg-icon--large\"\n      aria-hidden=\"true\"\n      focusable=\"false\"\n    \u003e\n      \u003cuse xlink:href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/uswds/img/sprite.svg#notifications\"\u003e\u003c/use\u003e\n    \u003c/svg\u003e\n    \n      Note\n    \n  \u003c/h4\u003e\n  \u003cstrong\u003eThis resource is a “living document\u0026amp;#8221\u003c/strong\u003e; designed for continued contribution and expansion — if you have input or suggestions, please suggest an edit or email \u003ca href=\"mailto:digitalgov@gsa.gov\"\u003edigitalgov@gsa.gov\u003c/a\u003e.\n\u003c/article\u003e\n\n"}
  ]
}