Lesson 2: How to React to Security Incidents Immediately

📚 Introduction

Cybersecurity incidents can happen at any moment. The faster you react, the more damage you can prevent. If you hesitate, you may give attackers the chance to control your device or spread malware inside your company.

You must know what to do immediately if something suspicious happens.

🚨 Common Security Incidents You May Face

• Clicking on a suspicious link or file
• Receiving a phishing email
• Downloading unknown software by mistake
• Your device starts working unusually slow or behaves strangely
• Pop-up messages asking you to install updates

✅ What You Must Do Immediately

• Stop working immediately.
• Do not continue typing, clicking, or navigating.
• Disconnect from the internet immediately.
• Turn off Wi-Fi or unplug the internet cable. This can stop attackers from remotely controlling your device.
• Do not shut down your computer unless your IT team tells you to.
• Shutting down can sometimes destroy valuable evidence.
• Call your IT department or security officer immediately.
• Use your phone (not your computer) to contact them.
• Do not try to fix it yourself.
• You can make the situation worse or lose important security information.

📄 Your Immediate Checklist

• ✔️ Disconnect from the internet
• ✔️ Call IT/security immediately
• ✔️ Do not touch the suspicious file again
• ✔️ Do not shut down your computer
• ✔️ Wait for IT’s instructions
• ✔️ Stay available to answer questions

⚠️ What You Should Never Do

• ❌ Do not ignore the problem.
• ❌ Do not try to uninstall unknown software yourself.
• ❌ Do not delete files that you think are suspicious.
• ❌ Do not forward suspicious emails to colleagues.

🏢 Internal Company Protocols You Must Respect

• Always report incidents within 5-10 minutes.
• Use the official reporting channels (email, phone number, or ticket system provided by your company).
• Document what happened:
• What you clicked.
• What file you opened.
• What happened on your screen.
• Cooperate fully with the IT team.

📣 Why Quick Reporting is Important

• Fast reporting can limit the spread of malware.
• It can protect other employees.
• It shows your company you are responsible.
• It can even save your job. Failing to report can be seen as negligence.

✅ Summary

• Act fast → Disconnect → Report.
• Follow your company’s instructions exactly.
• Never try to fix the situation alone.
• Quick reporting can make the difference between a small problem and a big disaster.

📝 Time to Test Your Knowledge!

Let’s see if you remember how to react in a cybersecurity emergency.

This quiz will test your understanding of fast response and company protocols.

✔️ Instant feedback.
✔️ You can retake the quiz if needed.

👉 Good luck! Let’s begin.

 

Results

#1. What is the first action you must take when you realize you’ve clicked on a suspicious link?

Continue working and wait to see what happens.

Disconnect from the internet immediately

Shut down your computer right away.

Try to fix the issue yourself.

#2. Why should you avoid shutting down your computer immediately after a security incident?

Because shutting down your computer can damage your hard drive.

Because shutting down may destroy important security evidence.

Because hackers can prevent shutdowns.

Because your computer could restart automatically.

#3. How should you contact the IT/security team after a security incident?

Send an email from your computer.

Use your phone to call them immediately

Wait for IT to contact you.

Inform your colleagues first.

#4. What should you NEVER do if you accidentally download suspicious software?

Try to uninstall the software yourself

Call the IT/security team immediately.

Disconnect from the internet

Stop working and wait for IT’s instructions.

#5. Why is fast reporting of security incidents important?

It allows the company to blame someone quickly.

It can prevent the malware from spreading inside the company

It gives you time to fix the issue alone

It helps you avoid paperwork.

#6. Which of the following is part of your company’s internal protocol in case of a cybersecurity incident?

Wait 24 hours before reporting.

Try to solve the problem before telling anyone.

Report the incident immediately using official reporting channels

Only report it if your manager asks you.

#7. What should you document after a security incident?

Only the name of the file you opened.

The website you visited before the incident.

The exact steps you took and what happened on your screen

You don’t need to document anything.

#8. What is the best way to disconnect from the internet quickly?

Turn off your Wi-Fi or unplug the network cable

Close all your programs.

Restart your computer.

Shut down your email application.

#9. Why is it dangerous to ignore a suspicious pop-up or email?

Because ignoring it can let malware spread silently

Because ignoring it can overload your system

Because ignoring it may delete your files

Because ignoring it can cause you to lose your internet connection

#10. Who should you contact first after a cybersecurity incident?

Your colleague in the next office.

Your family member who knows about computers.

Your IT department or security officer

Your internet service provider.

Previous

Finish