Security incidents can happen even when users are cautious. Knowing what to do quickly and correctly can prevent further damage and reduce the impact on the business.

This guide explains the warning signs of a possible compromise and the correct steps to take if you suspect something is wrong.

  • What Does “Compromised” Mean?

    An account or device may be compromised if an unauthorized person gains access to it or uses it without permission. This can happen through:
    • Phishing emails
    • Suspicious phone calls (vishing)
    • Malware or malicious downloads
    • Approving unexpected MFA requests
    Not every incident is obvious. Early warning signs matter.

  • Warning Signs of Compromise

    You should be alert if you notice:
    • Unexpected MFA prompts
    • Passwords no longer working
    • Emails sent from your account that you did not send
    • Login alerts from unfamiliar locations
    • Files missing, changed, or encrypted
    • Your computer behaving unusually or slowing down
    • Popups or security warnings you did not expect
    Even one of these signs is enough to take action.

  • Why Fast Action Matters

    The sooner a potential security incident is reported:
    • The easier it is to limit damage
    • The more likely accounts can be secured
    • The less impact on business operations
    Delays can allow attackers to:
    • Move to other systems
    • Steal data
    • Send additional phishing messages
    • Cause financial or reputational damage

What To Do Immediately

  • 1. Stop What You Are Doing

    Do not continue interacting with:
    • Suspicious emails
    • Phone callers
    • Websites
    • Popup messages

  • 2. Do Not Try to “Fix It Yourself”

    Do not:
    • Continue clicking to “see what happens”
    • Attempt random fixes
    • Ignore prompts or alerts
    Well intended actions can make an incident worse.

  • 3. Report It Right Away

    Contact your IT provider or manager immediately and provide:
    • What you noticed
    • What action you took (if any)
    • The approximate time it occurred
    Early reporting allows IT to respond properly.

What To Do

  • What to Do If You Clicked or Approved Something

    If you believe you may have:
    • Clicked a suspicious link
    • Entered credentials
    • Approved an MFA request
    • Installed software
    Take these steps:
    • Stop using the device
    • Disconnect only if instructed
    • Contact IT right away
    Do not be embarrassed as reporting quickly is the correct action.

  • What NOT to Do

    Avoid the following:
    • Deleting emails or evidence
    • Powering off systems unless told to
    • Sharing the issue widely
    • Assuming the issue “went away”
    Every detail helps during investigation.

  • Quick Checklist

    If something feels wrong, ask yourself:
    • Was I expecting this activity?
    • Did I initiate this action?
    • Does this match my normal usage?
    If the answer is “no” report it.

Remember

Security incidents happen; reporting quickly helps protect everyone.
You will never be faulted for reporting a concern early.
If something feels unusual, it is always better to ask.
For assistance, contact UNI Data Inc. immediately.

GET IN TOUCH...