Incident Response Guide for End Users.pptx

Incident Response Guide for End Users

Be Vigilant

• Look out for unusual activity such as unexpected emails, system alerts, or unauthorized access to files.

Report Promptly

• Notify your organization's IT or security team immediately if you suspect an incident.
• Use designated channels for incident reporting like a help desk portal or specific email address for incident reporting.

Provide Details

• Include key information like date, time, and description of the issue
• Attach any relevant screenshots

Recognize and Report

Disconnect

• If you suspect malware, immediately disconnect your device from the network to prevent the spread.

Avoid Escalation

• Do not open, forward, or respond to suspicious emails or links.

Secure Access

• Log out of compromised accounts.
• Do not attempt to access compromised accounts without guidance from appropriate IT resources.

Contain the Incident

Work with IT

• Cooperate fully with the IT or Security Team.
• Follow IT or Security Team guidance carefully.

Provide Information

• Be ready to share additional details or context about what you observed.

Avoid Tampering

• Do not try to fix the issue yourself unless directed as it may complicate the investigation.

Follow Instructions

Monitor Communication

• Watch for updates and instructions from the IT team about containment, resolution, and next steps.

Follow Recovery Plans

• If passwords need to be reset or security patches need to be installed, do so immediately.

Stay Updated

Reflect

• Understand the cause of the incident and ways to avoid similar issues in the future.

Stay Educated

• Participate in cybersecurity training and familiarize yourself with company policies regarding security best practices.

Learn and Prevent

Hover over each icon below to see examples before navigating to the next slide.

Examples of Incidents to Report

Key Indicators of a Security Incident

Login Attempts

• From unfamiliar locations
• From unfamiliar devices

Password Changes

• Changes you didn't initiate

Unauthorized Access Notifications

• Alerts about unauthorized access to your account

Unusual Account Activity

Emails from Unknown Senders

• Requesting sensitive information

Unusual Language and Poor Grammar

• Mismatched sender details

Suspicious Links or Attachments

• Seem out of place

Phishing or Suspicious Emails

Pop-up Messages or Error Screens

• Appear without reason

Slower-than-usual Device Performance

• Could indicate malware

Programs or Files Opening or Closing on Their Own

Unexpected System Behavior

Missing or Altered Files

• Files you didn’t modify

Unauthorized Sharing or Download

• Sensitive data being shared or downloaded without permission

Alerts about Data Breaches

• Receiving notifications related to breaches of your accounts

Data Anomalies

• Loss of Device
• Access to sensitive information
• Examples: laptop, phone
• Device Tampering
• Discovery of unauthorized access

Device Loss or Theft

Click on each illustration to complete the activity before navigating to the next slide.

Actions to Take When You Suspect an Incident

By staying alert to these signs, you can catch potential incidents early and minimize risks. You have completed this lesson and may now continue with training course.

Conclusion

Document the incident: Note down details such as what you observed, when it happened, and any related files or messages.

Stay calm and report immediately: Contact the Service Desk without delay.

Avoid interacting further with the suspected source: For example, don't click links or open suspicious files.

Disconnect your device from network: This helps prevent potential malware from spreading.

Monitor your accounts: Check for unauthorized changes in settings or transactions.