If you have detected a security event, there are five basic steps to take:
Don't panic: If any damage has been done, it has been done already by now.
If this concerns a device, disconnect it, but leave it on: Disconnect the system | service | device from the SNS network by pulling out its Ethernet cable or by disabling the wireless adapter. Do not switch the power off.
If this concerns your account, Reset your password through the SerSe portal.
Contact the Security Team: email@example.com
Don't touch anything else: Wait for instructions before taking any further actions. Depending on the impact, we might have to understand the event in detail. Uncoordinated actions might destroy evidence.
The Security Team will discuss further steps with you and also get involved other stakeholders if necessary. Together, we will assess the security event impact and consequences, and investigate its origin.
Once the security event has been properly understood, it is up to the system owner to reestablish an operative state. Usually this means: Re-install|configure a service|device from scratch, change the account password, review and correct vulnerable software and applications.
Security is not complete without You
Technical cyber security controls and measures are essential to prevent attacks against Institutional data, but sec_rity is not complete without U.
Given that phishing attacks are the most common cause of data breaches, and human error is the main cause (more than 95%) of cyber security incidents worldwide, your attention, awareness and support are vital to keep our data safe.