When Something Goes Wrong

Report It — Fast and Blame-Free

Foundational

If something looks wrong, or you think you've made a mistake — clicked a bad link, lost a device, sent data to the wrong person — tell us straight away. Reporting fast is the most valuable security thing you can do, and you will never be in trouble for reporting in good faith. The only mistake is staying silent.

Everyone makes mistakes and everyone gets fooled sometimes — even security experts. What turns a small slip into a serious incident is delay: the hours an attacker has before anyone notices, or a data breach left unreported past a legal deadline. Speed is everything, and it depends on people feeling safe to put their hand up.

So this is a promise as much as a rule: report honestly and quickly, and you'll be thanked, not blamed. We treat mistakes as something to learn from and fix, never as something to punish. A false alarm costs us nothing; a hidden incident can cost a great deal.

When and how to report

AlwaysReport anything suspicious or any mistake immediately — a phishing email, a click you regret, a lost device, data sent to the wrong place, or just a feeling that something's off.
DoKnow your reporting routes before you need them — the security/IT contact, the report-phishing button, and your manager — and use whichever is quickest.
DoReport even if you're not sure it's real, even if you think it might be your fault, and even if you already acted on it — sooner is always better.
DoIf you clicked something or entered your password, change the password and report it right away so we can limit any damage.
ConsiderKeeping any evidence (the email, a screenshot of the message) for the security team rather than deleting it.

The promise — and the one real rule

DoExpect to be thanked, not blamed: honest, prompt reporting is exactly what we want, and how we keep everyone safe.
NeverHide, delay, or fail to report a mistake, a suspected breach, or a security concern because you're worried or embarrassed — concealment is the one thing that turns a manageable problem into a serious one.

Ask yourself

AskDo I have even a small doubt that something's wrong? Then report it.
AskDo I know who to tell and the fastest way to reach them right now?
AskAm I tempted to wait and see, or hope it's nothing? That's exactly when to report.

Why it matters: Almost every incident is far less damaging when it's caught early — and we hold sensitive data where a breach can carry legal reporting deadlines measured in hours. The whole system depends on people speaking up quickly and without fear. That's why reporting in good faith is always welcomed, and why staying silent is the only response we can't afford.