Skip to main content
Return to SuccessCX.com

How can we help?

IT/Security: Helping a user report a security incident

Title: 

  • Helping a user report a security incident

Content: 

Step 1: Identify the nature of the incident

Begin by calmly asking the user what kind of issue they’re experiencing. Use clear examples to help guide them. Ask:

  • Did you receive a suspicious email or phishing link?
  • Did you accidentally click on something malicious or download an unknown file?
  • Have you lost a device, like your work laptop or phone?
  • Have you seen any suspicious system activity or unauthorized logins?
  • Are you reporting something else related to cybersecurity?

If the user isn’t sure, reassure them and let them describe the situation in their own words and/or ask for a screenshot example of what they can see or are experiencing.

Always make sure you are ending the agent replies with "Best" or "Kind Regards".

Step 2: Gather essential information

Once the type of incident is clear, ask the user the following:

  • When did the issue occur or when was it first noticed?
  • Where did it happen (e.g., email, Slack, VPN, internal app)?
  • What device was involved (e.g., work laptop, phone, shared kiosk)?
  • Did they take any immediate actions (e.g., shut down device, changed passwords, contacted manager)?
  • Do they suspect sensitive data was exposed?
  • Who is this issue affecting? Just the user reporting it, many users, or all users? 

If they mention phishing, ask if they still have the email and if they can forward it to the security team (if appropriate in your org). 

Step 3: Advise the user on what to do next

Depending on the incident type:

  • For phishing emails: Ask the user not to click on anything further. If allowed, ask them to forward the email to the security inbox security@gadgetsplus.com and delete it.
  • For malware or unusual device activity: Instruct the user to disconnect from the network and shut down the device if they haven’t already.
  • For lost/stolen devices: Advise them to report it immediately to their manager and IT if not already done.
  • If unsure: Encourage the user to wait for IT to follow up before taking further action.

Step 4: Create a ticket and set expectations

Thank the user for reporting the issue and let them know their report is being escalated to the security team.

Inform them that:

  • They may be contacted for more information
  • Urgent incidents are reviewed immediately, and they should keep their phone or email accessible
  • The team will confirm next steps as soon as possible

Ask for a best contact number or email if it’s not already known.

📌 Extra information that you know of:

  • The company’s IT security team responds to all high-priority incidents within 2 hours during business hours
  • The company follows Notifiable Data Breach (NDB) obligations under the OAIC if personal data is exposed
  • Users should never attempt to “fix” the incident themselves beyond shutting down or disconnecting if advised
  • This procedure is only for initial triage — further investigation will be done by the internal cybersecurity team

Related to:

Related articles

Let's work together!