Reporting a Security Incident

Reporting a Security Incident
! REPORT IMMEDIATELY 1 Stop — don’t try to fix it 2 Call IT immediately 3 Describe what happened 4 IT team responds & contains No blame for good-faith reporting

Learn what constitutes a security incident, why reporting is critical, and how to report effectively without fear.

Reporting a Security Incident

Early reporting of security incidents is one of the most impactful actions any employee can take. The faster IT is notified, the faster the damage can be contained — sometimes the difference between a minor incident and a major breach.

The Incident Reporting Decision Flow

Something seems wrong Did you click a link or open an attachment? YES → REPORT TO IT NOW NO ↓ Is data exposed or someone unauthorised? YES → REPORT TO IT NOW NOT SURE ↓ Still report — better safe than sorry
✓ Key Point
When in doubt, always report. IT security teams would far rather investigate a false alarm than miss a real incident because someone wasn’t sure it was worth mentioning. You will never be in trouble for reporting something that turns out to be harmless.

What Counts as a Security Incident?

Situation Report?
Clicked a phishing link YES — immediately
Entered credentials on a suspicious site YES — immediately, change password too
Received unexpected MFA push requests YES — your password may be compromised
Found a USB drive and plugged it in YES — malware may have executed
Lost or had a work device stolen YES — device must be remotely wiped
Emailed sensitive data to wrong person YES — potential notifiable data breach
Noticed unusual activity on your account YES — possible account compromise
Suspicious email you didn’t interact with REPORT IT — use the “Report Phishing” button

The Cost of Delayed Reporting

DAMAGE OVER TIME — the longer you wait to report, the worse it gets 0 min Report now Minimal damage 30 min Credentials used Hours Data exfiltrated Days Full breach/ransomware

Barriers to Reporting (and Why They Are Wrong)

Many people don’t report because they feel embarrassed or fear consequences. This is exactly what attackers rely on.
⚠ Warning
“I’m scared of getting in trouble” — organisations have security incident policies precisely because mistakes happen. The person who covers up a phishing click and causes a full breach is in far more trouble than the person who immediately reported one.
“It was probably nothing” — let IT make that determination. Your job is to report; their job is to assess.
“I’ll wait and see if anything happens” — by then, it is too late. Credential stuffing attacks are automated and happen within minutes.

How to Report

Every organisation has a preferred reporting channel. Know yours before you need it:
  • The “Report Phishing” button in Outlook or Gmail (if configured)
  • Your IT helpdesk phone number or email
  • A dedicated security@yourcompany email address
  • Your manager, who escalates to IT
When you report, include:
  • What happened and when
  • What you clicked, opened, or entered
  • Any unusual behaviour you observed afterwards
Something looks wrong right now?
Clicked something you shouldn’t have, or seeing activity you can’t explain? Every minute matters. Mobile Techs IT Service provides rapid incident response for Gold Coast businesses — containment, password resets, malware removal, and recovery — with no blame and no judgement. We can also set your business up before anything goes wrong: clear reporting channels, a simple incident plan, and staff who know exactly what to do. Home users welcome too — on-site or remote, anywhere in Australia.