Creating a Contact List for Cyber Incident Reporting and Assistance

Cyber criminals continue to organize themselves– from building scam center office complexes to creating ransomware payment help desks. The more organized, sophisticated and wide-spread threats become, the more important it is to leverage defensive resources and share information and intelligence to track and stop the threats. 

Collaboration aids investigators and law enforcement to mitigate incidents. To speed up incident notification, leverage response resources and help stop future attacks, consider creating an authorities contact list in your organization’s cyber incident response plan.  (Note: Be familiar with your cyber insurance carrier’s rules regarding contacting third parties, and include/order contacts accordingly.) Organizations to alert may include the following: 

MOREnet

• Network consulting and cybersecurity consulting during cyber incidents for members: help@more.net (573) 884-8694 

• Cybersecurity consulting for incident response planning and tabletop activities for members: security@more.net 

Missouri Office of Homeland Security Cybersecurity Unit/ Missouri Information Analysis Center (MIAC)

securityintel@mshp.dps.mo.gov (573) 526-0153 

• Provides contact information for other relevant organizations  

• Additional specific types of assistance during an incident 

Cyber Insurance Carrier

• Include contact phone numbers/email address/cyber hotline number/policy number/etc. 

Federal Bureau of Investigation (FBI)

• Online reporting of data breach, ransomware or network intrusion attack: www.tips.fbi.gov 

• Internet Crime Complaint Center (bitcoin wallets, financial fraud): www.ic3.gov 

• Also include your local field office phone number and hours

St. Louis Fusion Center

• Cryptocurrency-related crimes (including bitcoin wallets in email scams): crypto@stlfc.gov

Federal Trade Commission (FTC)

• Scams involving impersonation of a business or individual; vishing scams:  https://reportfraud.ftc.gov/ 

Cybersecurity and Infrastructure Security Agency (CISA)

• Certain organizations must report ransom payment within 24 hours 

Missouri Department of Elementary and Secondary Education (DESE) 

• Breach of electronic student data
• Include a link to the breach report form and reporting timeline in your plan

Missouri’s State Auditor 

• Breach of electronic student data
• Include reporting details in your plan

Missouri’s Attorney General 

• Breach of PII that affects more than 1,000 state residents
• Include contact info for the Attorney General Office in your plan