Cybersecurity Incident Report Form

Report cybersecurity incidents involving unauthorized access, disclosure, or loss of sensitive data. This includes:

• Unauthorized Access: Someone gained access to systems without permission
• Data Exposure: Sensitive information accidentally made public or visible
• Insider Threats: Employees or contractors misusing data access
• External Breaches: Hackers or cybercriminals accessing company data
• Accidental Disclosure: Sending information to wrong recipients
• Data Loss: Critical data accidentally deleted or lost

Select this option for any suspected or confirmed breach of sensitive or confidential data.

Report cybersecurity incidents involving the loss or theft of any company or personal devices containing business data. Applicable devices include:

• Laptops: Company-issued or personal laptops with business access
• Mobile Phones: Smartphones with corporate email or applications
• Tablets: iPads, Android tablets, or other tablet devices
• USB Drives: Flash drives, external hard drives, or storage devices
• Smart Cards: Access cards, ID badges with embedded chips
• Wearables: Smartwatches or fitness trackers with data access
• Other Hardware: Any device that stores or accesses company data

Select this option if any device containing business data has been lost, stolen, or is missing.

Malware (malicious software) is any software intentionally designed to cause damage to a computer, server, client, or computer network. Common types include:

• Viruses: Self-replicating programs that attach to other files
• Trojans: Disguised as legitimate software but perform malicious actions
• Ransomware: Encrypts files and demands payment for decryption
• Spyware: Secretly monitors and collects user information
• Adware: Displays unwanted advertisements

Select this option if the cybersecurity incident involves any suspected malicious software affecting systems or data.

Report cybersecurity incidents caused by incorrect system, application, or security configurations. This includes:

• Security Settings: Firewall rules, access controls, or permissions incorrectly configured
• Network Configuration: Router, switch, or network device settings causing issues
• Application Settings: Software configured incorrectly leading to security vulnerabilities
• Cloud Configuration: AWS, Azure, or other cloud services misconfigured
• Database Settings: Database permissions or configurations exposing data
• System Defaults: Default passwords, settings, or configurations not properly hardened

Select this option if the cybersecurity incident was caused by incorrect configuration of systems or applications.

Report cybersecurity incidents involving fraudulent financial transactions or payment-related security breaches. This includes:

• Credit Card Fraud: Unauthorized use of company or customer credit cards
• Wire Transfer Fraud: Fraudulent requests for money transfers
• Invoice Fraud: Fake invoices or altered payment instructions
• Account Takeover: Criminals accessing financial accounts
• Payment Processing: Issues with payment systems or merchant accounts
• Business Email Compromise: Email-based financial fraud attempts

Select this option for any suspected or confirmed fraudulent financial activity.

Report cybersecurity incidents involving attempts to deceive employees into revealing sensitive information or performing unauthorized actions. This includes:

• Email Phishing: Fake emails requesting credentials or personal information
• Phone Scams: Callers impersonating IT support or executives
• Text/SMS Phishing: Fraudulent text messages with malicious links
• Pretexting: Creating fake scenarios to manipulate victims
• Baiting: Offering something enticing to trigger malicious actions
• Tailgating: Unauthorized physical access by following authorized personnel

Select this option if someone attempted to manipulate employees through deception or social engineering tactics.