What is Patrick Gray's Cyber Security Framework?

Former FBI Special Agent Patrick Gray's framework outlines five essential pillars: Understand that you are a target, Educate your workforce on threats, Collaborate with others and law enforcement, Prepare an incident response plan, and Backup your data using the 3-2-1 strategy.

What are the warning signs of phishing emails?

Warning signs include urgent language demanding immediate action, mismatched sender addresses, unexpected attachments or links from unknown senders, requests for sensitive information like passwords or SSNs, and poor grammar or generic greetings.

What is the 3-2-1 backup plan?

The 3-2-1 backup plan means maintaining three copies of your data, storing them across two different storage mediums (e.g., cloud and local drive), and keeping one copy offline and disconnected from your network.

How do I report cyber crime?

You can report cyber crime through the FBI Internet Crime Complaint Center (IC3) at ic3.gov, CISA at cisa.gov/report, or by contacting your local FBI field office directly for urgent matters.

Free Cybersecurity Resources & Frameworks

Patrick Gray's Cyber Security Framework

Former FBI Special Agent Patrick Gray outlines five essential pillars for defending against cyber threats. This framework has helped organizations of all sizes build stronger security postures. Pair it with our threat intelligence page to connect defensive planning to current attack patterns.

1

Understand

You are a target for the hacking community. It doesn't matter the size of your business or system. Recognizing this reality is the first step to protecting yourself.

2

Educate

Keep your workforce current on internet safety and the evolving threat landscape. Security awareness training is your first line of defense.

3

Collaborate

Information sharing between businesses, individuals, and law enforcement is critical. No one fights cyber crime alone.

4

Prepare

The first 24 hours of an incident are the most impactful. Have an incident response plan ready before you need it.

5

Backup

Ensure your backups can withstand ransomware attacks. A compromised backup is no backup at all.

Phishing Emails & Business Email Compromise

Organizations receive one malicious email per 302 emails. Attacks have evolved from generic spam to sophisticated social engineering targeting payment information and credentials.

Educate on Cyber Risks & Threats

Train employees to recognize phishing attempts, suspicious links, and social engineering tactics
Implement email filtering and anti-phishing tools to catch threats before they reach inboxes
Establish clear reporting procedures so employees know exactly what to do when they spot a threat
Run regular phishing simulations to test awareness and identify areas for improvement
Keep teams informed about the latest attack methods and threat intelligence

Warning Signs of Phishing Emails

Urgent language demanding immediate action ("Your account will be suspended")
Mismatched sender addresses or domains that look similar but aren't quite right
Unexpected attachments or links, especially from unknown senders
Requests for sensitive information like passwords, account numbers, or SSNs
Poor grammar, spelling errors, or generic greetings ("Dear Customer")

Authentication, Passwords & Access Management

Weak passwords remain one of the most common entry points for attackers. Strengthening your authentication practices is one of the most effective defenses.

Improving Password Hygiene & Authentication

Implement strong password policies requiring a minimum of 12 characters with mixed complexity
Use a reputable password manager to generate and store unique credentials for every account
Enable Two-Factor Authentication (2FA) on all accounts that support it — especially email and admin panels
Enforce strict access controls based on job roles — employees should only access what they need
Regularly audit user accounts and remove access for former employees immediately
Never reuse passwords across multiple services or systems

Data Backup Strategy

Ransomware increasingly targets backup systems. A solid backup strategy is your last line of defense and can mean the difference between recovery and catastrophe.

Why Are Data Backups Important?

When ransomware strikes, your backups may be the only way to recover your data without paying a ransom. But attackers know this — modern ransomware specifically seeks out and encrypts backup files. Your backup strategy must account for this evolving threat.

The 3-2-1 Backup Plan

Maintain three copies of your data at all times
Store them across two different storage mediums (e.g., cloud and local drive)
Keep one copy offline and disconnected from your network
Implement incremental backups to minimize data loss between backup windows
Test your restoration process regularly — a backup you can't restore is worthless
Monitor for ransomware evolution that specifically targets backup systems

How to Report Cyber Crime

Reporting cyber crime helps law enforcement track and combat threats. If you or your organization has been targeted, report it immediately through these channels.

Need a clearer process before you file? Use our dedicated report cyber crime guide for evidence collection, escalation order, and platform reporting tips.

FBI Internet Crime Complaint Center (IC3)

File a complaint for internet-related criminal activity including ransomware, fraud, and data breaches.

Visit IC3.gov

CISA (Cybersecurity & Infrastructure Security Agency)

Report cybersecurity incidents and get assistance from the federal government's cyber defense agency.

Visit CISA.gov

Local FBI Field Office

For urgent matters or significant incidents, contact your local FBI field office directly.

Find Your Office

Live Threat Feed

Know What's Coming

Breach alerts, threat briefings, and analyst-level intelligence

Cyber Security Resource Center