Acting quickly can reduce the damage in the event of a cyberincident.
Inform
We recommend that you give your employees a flyer in advance with the most important information on conduct in the event of a crisis and ensure they are aware of what to do.
Isolate
Immediately disconnect all systems from the network. Do not forget to switch off the WLAN.
Contact
Internal communication
- Contact your ICT officer and all contacts in the organisation that you need to deal with the attack
- If you are in a communal administration that is part of a communal association, all involved units should be informed about the incident, as other communes may also be affected.
Send a report to the NCSC
Irrespective of whether or not damage was done, you should report all incidents, including those discovered at the experimental stage, to the National Cybersecurity Centre (NCSC) .
However, reports to the NCSC cannot be used for prosecution or in court proceedings.
When reporting, please note that data protection must be respected.
Notify the prosecution authorities
Consider contacting the police and filing a report. Wait until the police have secured the evidence before restarting the systems. Specialised police staff will advise and help you, secure evidence and investigate. You can find the telephone number of your local police station at www.suisse-epolice.ch.
Report incidents of a criminal nature to the police, for example:
- unauthorised access to a data processing system,
- theft,
- blackmai.
To do so, dial the emergency number 112 or contact your local police station:
