Help! I have received a Cyber ​​Alert, what now?

Our very first tip if you received a Cyber Alert, is to stay calm. We are happy to help you further and describe all the steps you can take in this article. First, it is advisable to look in the app in your Alert overview. Here you can find more details about your alert. See the image below where you can find the Alerts in the menu of the app.

What should I do when I received a Cyber Alert?

What you need to do depends on the type of plan you have. In the Guardey app, you can see which actions we have taken from Guardey. This way, you know whether or not the Cyber Alert has already been sent to someone else and whether you need to contact Guardey, your admin, or an IT manager or IT partner from your company.

Basic

Do you have a Basic plan with Guardey? Then you must follow the protocol of your company in the event of a Cyber Alert. Have no (clear) agreements been made about this? No problem, we’ll help you! First, look into the priority of your Cyber Alert (see more information later on in this article). Do you have a prior 1 (urgent) or a prior 2 (high)? Please contact the IT admin from your company as soon as possible.

No IT-admin, or if the Cyber Alert cannot be resolved internally, you can always contact Guardey. Guardey will connect you to one of its IT partners, who will look at the Cyber Alert together with you and establish a diagnosis. Please note: there can be extra costs involved.

Did you receive a prior 3 (moderate), 4 (low), or 5 (info) alert? We will learn you all about it.

Co-managed or custom plan

Do you have a co-managed or custom plan? In this case, a Guardey IT partner will contact you if there is a Priority 1 or 2 Cyber Alert. In the case of a custom subscription, the IT partner of your company will contact you to research the Cyber Alert. You need to be available by phone and/or e-mail for this. They can’t do anything without your help!

Did you receive a prior 3 (moderate), 4 (low), or 5 (info) alert? We will teach you all about it.

What does the Cyber ​​Alert priority mean?

Ok, so you have received an alert. Let’s talk about the meaning of a cyber alert. Have you received a Cyber ​​Alert? Then first check what the priority of the alert is. The priority of the Cyber ​​Alert indicates whether or not action needs to be taken quickly. Does the Cyber ​​Alert have a priority of 1 or 2? Then the problem must be solved as soon as possible. With a priority of 3, 4, or 5, there is less haste behind it.

What categories of Cyber Alerts are there?

The five priorities discussed earlier can be divided into different categories of Cyber Alerts. In the overview below, you can see how the priorities are divided and which categories Cyber Alerts belong to.

Please note that the overview of the Cyber Alerts categories may change. Guardey scans all internet traffic, and technology and cybercriminals are developing rapidly. It is, therefore, possible that new categories can be seen all the time.

Alerts Priority 1 (Urgent)

By Cyber Alerts with priority 1, we have the following Cyber Alerts:

• Blacklisted Hostnames and URLs
• Botnet Controller
• Malware-specific behavioral heuristics
• Sinkhole
• Tor Network

Alerts Priority 2 (High)

By Cyber Alerts with priority 2, we mean the following Cyber Alerts:

• Disguised executable file
• Mining pool
• Path traversal
• Periodic heartbeats
• Port Scan
• Web shells

Alerts Priority 3 (moderate)

By Cyber Alerts with priority 3, we mean the following Cyber Alerts:

• Adware
• Bad Internet Neighborhood
• BitTorrent tracker
• Cloud storage service
• File Sharing Tool
• File Sharing
• Instant Messaging
• Public proxy
• Remote management

Alerts Priority 4 (low)

By Cyber Alerts with priority 4, we mean the following Cyber Alerts:

• Geofence

Alerts Priority 5 (info)

By Cyber Alerts with priority 5, we mean the following Cyber Alerts:

• Domain Parker
• Dynamic DNS domains
• Fee hosting domains
• IP self-monitoring service

Where does the Cyber Alert notification come from?

After determining the priority and category of the Cyber Alert, you can look at the destination of the alert. But, we’ll be honest. This is already a bit more technical, so no worries if you don’t know how to use this. We show you this information most of all for your IT-admin.

The destination of a Cyber Alert can be found on the dashboard under ‘destination.’The destination of the Cyber Alert indicates at which internet location the Cyber Alert was triggered. To best describe this destination, Guardey gives you the information about:

• The IP address of the destination on which the Cyber Alarm was triggered. An IP address is an address that identifies a device connected to a network.
• The destination port which the destination used. A destination port is a number used on one side of the communication between two programs to receive data on the other side of the communication. There are a known number of ports used for specific applications, and other ports used by different software such as games, online services, etc.

I no longer want to receive this alert

Visiting a specific web page or application may trigger the Cyber Alarm, or it may be necessary for your work to visit certain web pages that trigger the Cyber Alarm. In the case of a Cyber Alert with a priority of 3, 4, or 5, it is possible to not be notified by an alert. For these reasons, we have a whitelist. After you whitelist a cyber alert, no Cyber Alert will be sent on future visits to this destination.

Need more help?

We understand that it remains a complex subject, and you may not have worked it out. Even as we want to help you as best as possible with solving the Cyber Alert.

To do this, we try to teach you more about the different Cyber Alerts in this article. But there are countless variations in every Cyber Alert category, it is impossible to write a concrete step-by-step plan with which you can solve an alert. Our IT partners are therefore happy to help you!

Would you like to learn more about Cyber alerts? Please feel free to contact our support at [email protected]!