PURPOSE Reporting security concerns early helps prevent incidents and reduce impact. WHEN TO REPORT Report phishing, suspicious links, lost devices, unexpected MFA prompts, malware symptoms, exposed data, strange account activity, or policy bypass attempts. WHAT TO INCLUDE Include what happened, when it happened, who was involved, screenshots if safe, links, sender details, and actions already taken. DO NOT DELAY Small concerns can become large incidents quickly. BEST PRACTICE When unsure, report it. Security teams would rather check early than clean up late.