Incident reporting: the first 15 minutes
What to do if you clicked, entered a code, sent data, or see strange activity.
The employee reports quickly, preserves evidence, and does not hide mistakes.
Threat
Damage grows when a person is afraid, deletes traces, or quietly tries to fix the situation alone.
What to know
- An incident can be caused by a mistake, inattention, or lack of knowledge. The goal is to limit harm, not find blame in the first minute.
- Time, sequence of actions, message content, sender, links, and screenshots matter.
- If money is at risk, the first action may be contacting the bank or stopping the payment.
- If a work account is at risk, the account must be secured and IT or the responsible person informed.
Actions
- Stop the risky action and do not enter more data.
- Keep evidence: email, SMS, link, screenshot, time, and what you did.
- Report through the company’s defined channel, even when you are not sure.
- Do not trade guilt for silence. A fast report can save the company.
Manager note
The best security metric is not zero mistakes. It is fast, honest, usable reporting.