HomeTrainingIncident reporting: the first 15 minutes
Module 10 · 9 min

Incident reporting: the first 15 minutes

What to do if you clicked, entered a code, sent data, or see strange activity.

The employee reports quickly, preserves evidence, and does not hide mistakes.

Threat

Damage grows when a person is afraid, deletes traces, or quietly tries to fix the situation alone.

What to know

  • An incident can be caused by a mistake, inattention, or lack of knowledge. The goal is to limit harm, not find blame in the first minute.
  • Time, sequence of actions, message content, sender, links, and screenshots matter.
  • If money is at risk, the first action may be contacting the bank or stopping the payment.
  • If a work account is at risk, the account must be secured and IT or the responsible person informed.

Actions

  • Stop the risky action and do not enter more data.
  • Keep evidence: email, SMS, link, screenshot, time, and what you did.
  • Report through the company’s defined channel, even when you are not sure.
  • Do not trade guilt for silence. A fast report can save the company.

Manager note

The best security metric is not zero mistakes. It is fast, honest, usable reporting.

Sources