Reporting Cyber Security Incidents

If you receive a phishing email that you have not interacted with (e.g., clicking links, replying, or calling), refer to ‘Reporting a Phishing Email.’ For any other suspicious activity or suspected/actual incidents or breaches, follow the procedures outlined below.

  1. Recognize Suspicious Activity
    • Be alert for signs such as:
      • Unusual system behavior (slow performance, pop-ups, or crashes)
      • Unauthorized access to systems or data
      • Suspicious emails (phishing), attachments, or links
      • Missing or corrupted files
      • Unauthorized changes to files or settings
  1. Report Immediately
    • Contact the incident response team immediately via:
      • Email: support@trinityinfo.org
      • Phone: 
        • Stew Thompson: (231) 468-9140
        • Mark Walton: (231) 580-9529
      • Slack: Report in the #techsupport channel
  1. Provide Key Details
    • Describe the suspicious activity or issue.
    • Provide the time and date of the incident.
    • Include any relevant emails, screenshots, or error messages.
    • Specify the systems or devices affected.
  1. Disconnect from the Network
    • If you suspect ransomware, other malware, or unauthorized access, disconnect your computer from the internet or network to prevent further damage.
  1. Await Instructions
    • Follow any immediate instructions from the incident response team.
    • Do not use the device until cleared by the incident response team.
    • Do not communicate about the incident over potentially compromised systems.
  1. Do Not Share Information
    • Keep the incident confidential. Avoid discussing it with colleagues or external parties until further notice from the incident response team or leadership.
  1. Follow Up
    • Be ready to provide any additional information needed for investigation.
    • Keep an eye on further instructions or training following the incident.