What to do if you detect an information security incident | Traficom
Skip to main content
Transport and Communications Agency

What to do if you detect an information security incident

Was your email hacked, did you receive an SMS with a suspicious link or is your computer infected with malware? Should you come across an information security incident, notify both the authorities and your organisation’s IT support staff. We explain below how to report incidents to different authorities.

Information security incidents include, for example, phishing, data system break-ins, denial-of-service attacks and their attempts. Incident reports help the authorities examine individual cases and provide support in managing incidents.

By reporting an incident, you will also help others. When you report an information security incident, you help the authorities gain an understanding of current events concerning information security. Incident reports are very important to us because they help us share information and advice about information security phenomena. When you submit a report to us, we can also give you advice on what to do to manage the situation.

All reports submitted to the NCSC-FI are always processed with complete confidentiality. That is why we ask you on the incident report form whether you allow us to exchange information about the case with the police. Allowing us to do that will make it easier and quicker to deal with the incident.

Have you detected an information security incident?

  • Report the incident to the NCSC-FI with the ‘Report incidents’ form or by sending email to cert@traficom.fi.
    • Please describe the event, attach the original message or a screenshot and mention whether the incident caused any damage (financial losses, personal data leak, or technical or other damage).
  • If you would like us to contact you, please also include your contact details.
  • We investigate violations of and threats to information security concerning network services, communications services and various applications, for example.
  • We gather information about information security incidents, maintain situational awareness about cyber security and provide information about information security matters.
  • Reports help us ensure that national situational awareness of current information security issues is at a good level.

  • Great! Make sure that:
    • your devices are up to date
    • you comply with good password practices and use multifactor authentication in all services that support it
    • you think before you click. If something sounds too good to be true, it probably is not.
    • you comply with your employer’s instructions and information security principles also when working remotely. For example, take care of your personal matters with your own devices, not your work computer.

Do you suspect a crime has been committed?

Offences may include, for example, the theft of credit card or banking details, identity theft, data system break-ins, data theft by means of malware and various network attacks.

  • Please report the matter to the police without delay.
  • Offences concerning information technology and networks include data system break-ins, phishing to steal credit card or online banking details, data theft by means of malware and various network attacks.
  • Offences enabled by information technology and networks may include almost any criminal activity that employs information technology in some way.

  • There is no need to file a police report. If you find the matter suspicious, you can inform the police about it by filling in the online tip-off form.
    • The form is an easy way to let the police know about suspected criminal activity or material you may come across online. You can also use the form to report other suspicious observations.
    • The messages sent via the form are processed and analysed by the Cybercrime Centre. If there is reason to believe a criminal offence has been committed, further information about the matter is gathered and the case is referred to the local police service, which decides about further action.

Are you an operator of a function vital to society?

Essential critical infrastructure operators and service providers must notify any security incidents in their network and information systems to the authorities. Sectors covered by the reporting obligation include the energy sector, digital infrastructure, digital services, financial sector, financial sector infrastructure, transport sector, healthcare sector and water supply sector.

  • Click here to submit a NIS notification.
    • The NIS notification form allows operators to report an information security incident referred to in the EU Network and Information Security (NIS) Directive to the supervisory authority in the relevant sector.
  • Essential critical infrastructure operators and service providers must notify any security incidents in their network and information systems to the authorities.

  • You do not need to report the information security incident in accordance with the NIS Directive.
  • However, it is always recommended to submit a voluntary incident report to us at the NCSC-FI to receive our assistance and be able to resolve the incident and share information within a trust network.
  • Submit a voluntary report here or email us at cert@traficom.fi
    • Please describe the event, attach the original message or a screenshot and mention whether the incident caused any damage (financial losses, personal data leak, or technical or other damage).

Has the information security incident resulted in a personal data leak or a data leak risk?

  • A personal data breach must be reported to the Office of the Data Protection Ombudsman without undue delay and, where feasible, not later than 72 hours after the controller has become aware of it.
  • If a personal data breach can cause a risk to the rights and freedoms of natural persons, the supervisory authority must be notified. In Finland, the Office of the Data Protection Ombudsman functions as the supervisory authority.
  • A personal data breach means an event leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

  • No separate measures are required.
  • Submit a voluntary report to the NCSC-FI here or email us at cert@traficom.fi
    • Please describe the event, attach the original message or a screenshot and mention whether the incident caused any damage (financial losses, personal data leak, or technical or other damage).
  • If the data system break-in concerned your email service, we recommend that you change your password, activate multifactor authentication and cooperate the with IT support staff of your own organisation to process the matter.
  • If you suspect that a criminal offence has been committed, file an online police report here.

In addition to submitting a report, the processing of an information security incident nearly always requires practical measures. There is no single operating model that would fit all situations. Therefore, we also recommend contacting the IT support staff of your own organisation.

Page was last updated