STEP 1

You should try to UNDERSTAND as much as possible what happened, as well as the potential impact on you or third parties. If you consider the incident to be relevant enough for you or third parties, you should report it to Cyberprotech.

For example:

• Has your data been encrypted and you are being asked to pay a ransom to decrypt it – ransomware?
• Have you received a phishing email (or SMS) or an extortion attempt?
• Have you discovered a fraudulent website that seeks to capture information from potential victims or carry out scams?
• Have you been the victim of a scam on a digital platform
• Has someone taken over your email?
• Has your website become unavailable for no apparent functional reason or does it display a different image from the original?
• Has any other digital service you provide become unavailable due to an attack?
• Has there been an intrusion into your system and the theft of sensitive data?

STEP 2

You can REPORT the incident to Cyberprotech using the following means:

• Email: csirt@cyberprotech.org

To inform our team in the best possible way, you should try to describe the incident with some information, such as a description of what happened, the start date, the systems and/or people affected, as well as the files and/or URLs compromised.

You must REPORT the incident to CERT.PT using one of the following methods:

• Form on the CNCS website: here.
• Email: cert@cert.pt

STEP 3

You must FOLLOW THE RECOMMENDATIONS indicated by Cyberprotech professionals. For example, deleting a fraudulent email, changing the password of a compromised account, performing system updates, among other possible actions aimed at the type of cybersecurity incident in question.