What is PIRF?
Cyber and Law launched a project called Personal Incident Response Framework (PIRF). It’s a free public knowledge base that borrows from current enterprise incident response techniques and simplifies them for everyday users contending with personal cybersecurity incidents. Get help with incidents from “losing a wallet” to “Grandma clicked a weird link.” It's open source, feel free to print, share, or otherwise distribute.
Infamous in my family, my grandfather asks me to write down a step-by-step guide of how to resolve a problem. The inspiration for this project stems from lessons learned in industry to unofficial ad hoc guides we've developed for our family and friends after they experience a breach or when they ask for cybersecurity related help.
Think of this resource as a well-organized compilation of tips from the cybersecurity experts at Cyber and Law in an approachable format regardless of technical skill level.
The core phases for the PIRF are: 1.Prevention, 2. Detection, and 3. Remediation.
The PIRF matrix below shows a high-level view of actions you can take to prevent, detect, or remediate specific cybersecurity incidents:
| Action/Event | Prevent | Detect | Remediate |
|---|---|---|---|
| Clicked suspicious link | Learn to spot phishing | Unexpected logins, anti-virus alerts | Change passwords, scan system |
| Reused passwords | Use password manager | Breach alerts, login anomalies | Update passwords, enable MFA |
| Lost/stolen device | Enable encryption, remote wipe | New logins from device | Wipe device, reset passwords |
| Opened shady attachment | Don’t open unknown files | System slowdown, anti-virus warnings | Disconnect, scan, restore backup |
| Used public Wi-Fi | Use VPN | Strange session activity | Log out, change passwords |
| Fake tech support interaction | Don’t trust unsolicited support | Remote tool running, missing funds | Remove access, contact bank |
| Overshared online | Limit personal info shared | Targeted scams or phishing | Remove posts, monitor identity theft |
| Skipped software updates | Enable auto-updates | anti-virus picks up exploits | Patch, check system |
| No MFA | Enable MFA everywhere | Login notifications, password resets | Turn on MFA, reset password |
| Plugged unknown USB | Don’t use untrusted devices | Device acts oddly | Scan or wipe device |
| Fell victim to gift card scam | Learn about gift card scams | Unexpected contact from "IT" | Stop contact, report the scam |
Each page in PIRF is designed to be standalone. This is functional: each page will have enough information to resolve an issue without needing to know anything about PIRF.
How to Use PIRF?
First time here, just browsing?
Check out PIRF Profiles to build your personal threat model.
How can I avoid an attack?
Head to Prevention to learn about common cybersecurity incidents and how you can prepare.
I need help with an attack!
Head to Detection and find your incident.
I've been attacked, what do I do now?
Find your incident in Remediation and follow the steps.
You can always submit a request for new incident guides by emailing feedback@cyberandlaw.com.
FAQs
What are PIRF Profiles?
PRIF Profiles are a set of Pre-Built Personal Threat Models you can use and adapt. They are intended as a starting point for anyone interested in improving their personal security and privacy. This list is by no means extensive but should cover the needs of most. Please provide any feedback to feedback@cyberandlaw.com.
How is this different from other cybersecurity Resources?
- PIRF is focused on what to do during a crisis, offering simple step-by-step remediation and makes incident response accessible to an audience beyond cybersecurity professionals and technically inclined individuals.
Why not just Google or use ChatGPT?
- PIRF is developed by experts in the field. While you can certainly find fantastic information through your own research sometimes time does not permit. Furthermore, sometimes GAI responses can be factually inaccurate or incomplete. On PIRF you can be sure that the information considers an incident from multiple angles.
Can I share PIRF?
- Absolutely. In fact, it's encourage. PIRF is built to empower anyone. Print it, use it for employee training, hang it in your office...go wild!
I want to contribute, found a mistake, or have a recommendation:
- Email: feedback@cyberandlaw.com
A guide enabling everyone to expiditiously respond to cybersecurity incidents that personally exploit you or your family. Learn how to prevent incidents, detect them, and respond effectively — for free!