National fixed network call

Cybercrime has invaded companies in Portugal: how to respond?

cybercrime invades companies in portugal

Share the post

It's no longer possible to push the subject under the carpet: cyber attacks have grown 81% in Portugal in the last year alone. More than ever, Portuguese companies are being targeted by cybercrime attempts.

Who says so is a study by Check Point Software, which indicates the sectors of education, health and public administration as the most affected, in this framework of escalating cybercrime. Your company is no exception: on average, a Portuguese organization is attacked +800 times a week!

Source: Check Point Software

Today I'm going to teach you how to protect your company, so that you won't be another victim of this escalating cybercrime. And so that you understand the importance of effective protection, let's look at what has happened to companies that we all consider impenetrable.

Portugal: which companies under attack?

The list of Portuguese companies that were the target of cybercrime in the last year has some surprising presences:

  • SIC
  • Express
  • Continente
  • Vodafone
  • TAP
  • Cofina
  • Sport Lisboa e Benfica

And these were not simple attacks, resulting in the loss of a computer mouse.

The attack on Vodafone caused firemen, letter carriers and some hospitals to lose the ability to respond to users. The Judiciary Police was unable to receive complaints. Even the ATMs of the Multibanco network stopped working!

"One of the hospitals affected was the one in Matosinhos, which was prevented from sending automatic messages with calls for appointments and exams and test results to Covid-19."

- Mariana Marques Tiago in Public

Other Portuguese organizations affected include:

  • Portuguese Sea and Atmosphere Institute
  • EMEL
  • INEM

Mário Vaz, CEO of Vodafone in Portugal, explains that thousands of users lost access to calls, text messages, mobile data and, in some cases, even access to television channels was conditioned.

Mário Vaz - Vodafone

And the chaos is not limited to the Vodafone network. The attack on the Impresa group, which includes SIC and the Expresso newspaper, was conducted by the Lapsus hacker group and resulted in thousands of destroyed archive files.

It was natural to think that these attacks were being conducted by someone planning to exterminate free journalism in Portugal. But the BBC claims that the Lapsus group is led by a young man of only 16!

The criminal organization had already been associated with the attack on the Ministry of Health in Brazil, and this time they managed to hijack the Twitter account of the Expresso, in addition to the website This was how the page looked when trying to access it:


The same group claimed attacks on the Portuguese Parliament and Tap. And allegedly conditioned access to websites of the Cofina group and affected the portals of:

  • Record Newspaper
  • Correio da Manhã
  • Jornal de Negócios
  • Sábado Magazine
  • CMTV

The feeling that remains is that of an entire country in a state of siege, without access to essential information and services, because of a teenage prank. And if it was hard to think that companies are so vulnerable and that they need to protect themselves more than ever, the more than evident proof is here.

"Our country's greatest institutions have been vandalized in the snap of a finger."

- Nuno Diniz - Morebiz Founder

As a business owner, the question that arises from this observation is only one: how can I ensure the minimum protection requirements for my company? Read on to find out.

What threats can my company face?

There are two types of cybercrime commonly used in an attack on companies or institutions: phishing and ransomware. We have written about both, but today we will summarize the information you need to defend your company.

Phishing: The Essentials

Phishing is known as the criminal act of tricking a user into sharing confidential information such as passwords or credit card numbers.

Click and learn how to avoid data theft via phishing

As infishing, there is more than one way to "catch" a victim. But using an email posing as a trusted person or organization - such as a bank or government entity - is still the most common practice.

This is the usual sequence of crime:

  1. The victim opens the email because he finds a scary or urgent subject in his inbox;

  2. The email asks the victim to download an attachment and/or consult a website and do a certain urgent action;

  3. The user clicks and enters a trustworthy looking website;

  4. The website asks the user to log in or enter bank or personal details;

  5. This information is later sold, used to empty bank accounts and/or extort the victim

The big difference between a user who knows how to identify this type of threat and one who stumbles at every trap is cybersecurity training.

In any case, as a general rule, you should be suspicious that you are facing a phishing attempt when the email you just received exhibits the following signs:

  1. The email is addressed to you in a general way (e.g.: Dear Reader)

  2. Calls for immediate action

  3. Use abbreviated, suspicious, or misspelled links

  4. There are spelling errors in the body of the text.

  5. Asks for personal information

  6. It comes from an email that you are not familiar with

  7. Contains suspicious attachments

  8. Proposes an offer too good to be true

Remember that typically criminals impersonate banks, government entities, companies, or social media platforms. And the attempt to steal can come not only through email but also through phone calls or text messages!

Click and find out if your company was affected during the pandemic

In 2020, Portugal was second on the list of territories with the highest rate of data theft worldwide, just below Brazil. Phishing is the most common type of cybercrime worldwide, so you should adopt a cautious behavior, especially when opening a new email.

Ransomware: The Essentials

If you didn't know the term: ransomware is a type of malicious software that can prevent you from accessing your system or personal files, unless you pay a ransom to regain access.

This type of software can reach your computer, for example, through a phishing attempt. And it was thanks to a similar process that the Lapsus group managed to take over the Expresso newspaper's website.

- What is Ransomware?

Now that you know how the two types of cybercrime that most affect Portuguese companies operate, it's time to learn how to defend yourself.

How do I defend my company against phishing and ransomware?

When your company understands the importance of good practices in cybersecurity, it will achieve a higher level of maturity: your employees can identify phishing attempts and your company's data is less vulnerable than before. But does that mean your company is protected against any cyberattack attempt?

Far from it.

It's up to you to strengthen the castle walls; Morebiz - IT Solutions recommends that you implement it:

  • Automatic backups
  • Credentials System
  • Secure VPNs

Download our free Manual of Good Practices - Computer Security

I will explain to you what each one means (this is exactly what I advised our clients who had security issues when remote work became mandatory):

1 - Automatic backups

ou should not only centralize your company's data on a single server but also ensure that the information stored on that server is duplicated on another server. Note: the two servers should be located in different locations to safeguard against data loss in the event of a fire or serious electrical accident.

The system operates in a simple manner: the first server enables access to the company's data at any time and from anywhere. The second server ensures that if any mishap occurs with the first server, the data isnot lost permanently. All of this is done automatically!

2 - Credentials system

Access to your company's servers should be highly restricted. This means that each employee should have personal and non-transferable access data. Prevent anyone from entering your company's network and gaining direct access to the data and documents stored on your servers!

3 - Secure VPNs

VPN is a term that can intimidate less tech-savvy entrepreneurs. But in reality, it stands for Virtual Private Network. This Virtual Private Network is used so that your remote workers can access your company's services (e.g., accessing data or downloading documents) in asecure and controlled way.

how to protect your company from cyberattack
Illustration by Patrícia Chequetti, Vloom

Our team can help you implement these tools within a few days. But in order for you to take the first step now, we have created a checklist with everything you need to confirm to ensure that the castle doors are closeduntil our help arrives:

  1. Changing the Wi-Fi and router password 

  2. Use up-to-date equipment and applications

  3. Use secure passwords (e.g. do not use 1234)

  4. Be careful with USB devices that are inserted into equipment 

  5. Backing up important data

  6. Do not use equipment without anti-malware protection

  7. Monitoring email and avoiding phishing traps 

  8. Immediately report to the competent service any cyber attack 
cybersecurity guide to work
Illustration by Patrícia Chequetti, Vloom

These guidelines were provided by the General Directorate of Administration and Public Employment in April of last year, in their Guide to Health and Safety at Telework in Public Administration. If you want to delve deeper, our colleagues at have done a comprehensive work, which we have taken the liberty of including in this article.

Cybercrime has invaded companies in Portugal: how to respond?

1 - Use the VPN provided by your company to connect securely to the corporate network and to develop tasks related to it

2 - Avoid, whenever possible, to be connected to the company's network and to other networks simultaneously

3 - Reduce the extraction of information from corporate systems to the essential

4 - Restrict the sharing of corporate documents to what is strictly necessary, using the ways previously defined by the organization for this purpose

5 - Avoid copying corporate files to pendrives and external disks

6 - Perform data backups, according to the guidelines defined in your organization's backup policy

Cybercrime has invaded companies in Portugal: how to respond?

1 - Create strong passwords in accordance with the security policy, avoid disclosing and reusing them, and update them regularly

2 - Always use the devices provided or certified by your company to develop your professional activity and do not share them with third parties

3 - Keep your security software (anti-malware, firewall, among others) and the applications you need always up to date and in line with current corporate security practices and policies

Ensure that you separate personal and professional information and do not to install, on devices intended for professional activity, software not authorized by the company or intended for purposes outside the professional context

Cybercrime has invaded companies in Portugal: how to respond?

1 - Choose spaces where you can make professional calls without risking sharing confidential information with others

2 - Make sure you present a simple background with no personal or family references, in case you need to make video calls

3 - Lock sessions and choose to put them on stand-by or turn off features such as the camera and microphone whenever they are not in use

4 - Avoid leaving work devices unlocked, especially if you share the space with children

Cybercrime has invaded companies in Portugal: how to respond?

1 - Resist the temptation to open unsolicited emails, even if they seem to contain useful information about apparently relevant topics (such as the theft of your Amazon account credentials)

2 - Do not access links or websites and do not open or download documents attached to unsolicited communications. Several attackers have taken advantage of the pandemic as a way to spread malware

3 - Make sure you are familiar with the contacts of your organization's IT/Security team to whom you should report suspicious behavior or situations, and seek instructions or clarification in case of doubt.

Cybercrime has invaded companies in Portugal: how to respond?

1 - Do not install any application that is not reliable and belongs to the manufacturers' official stores (Google Play and AppStore) on your devices

2 - Use credible sources of information, such as the WHO or DGS website, whenever you need to obtain information about topics of interest, thereby avoiding browsing unsafe and potentially dangerous websites.

3 - Be aware that attackers can exploit newsworthy topics like the war in Ukraine to convince users to install malicious applications or software on both personal and professional devices.

- Tiago Severino on the use of media themes in cybercrime practices

Where to start?

If you don't want your company to be the next Vodafone or Expresso newspaper, you can start by following some of the advice you found in the previous chapter. If you want a more comprehensive defense system, remember that you can schedule a free 30-minute meeting with one of our experts.

– Can a company survive without IT defense?
talk with us

Schedule a free

or call

+351 261 430 040

National fixed network call