Why Security Awareness?
Security awareness is fundamental in every job, no matter what industry. As our systems and workflows become more reliant on networks and internet-connected devices, the need to implement security awareness and cyber safety processes becomes more vital every day.
What is an Information Security Incident?
An information security incident is the unauthorized access, use, disclosure, data breach, modification, or destruction of information. It can be suspected, attempted, successful, or imminent threat of unauthorized access. That means the information security incident doesnʼt have to be successful for it to be a problematic security threat that requires procedures for both tracing and tracking
The incident and systems to prevent a similar event from happening in the future. An information security incident can also interfere with an information technology operation or disrupt an information technology process.
Other Types of Incidents to Report
- Internal Security Breach
- Data Breach
- Random USB Drives
- Unfamiliar Persons
- Sending Emails with PII to the Wrong Email Address
- Client Complaints
- Denial of Service
It is important that you report any suspected incidents to the Taxfyle Compliance team as soon as possible, even if you are unsure if it is an actual security incident.
Incident Reporting
If you encounter an actual or suspected incident, please report it immediately to the Taxfyle Compliance Team using the following link: Anonymous Feedback
What to Remember:
● Stay calm. Avoid deciding what happened or why; simply report that you suspect an incident has occurred, and the Compliance Team will schedule a follow-up meeting to discuss further. Incidents are often complex, and we handle them best in direct conversations.
● Avoid email details. Please do not disclose or comment on any details of the suspected incident via email. Use the provided link for reporting and a meeting will be arranged promptly to address the issue.
● Keep it within the team. Do not discuss any suspected security incidents with anyone outside the Compliance Team. For incidents involving sensitive matters, such as credential compromise, report only by phone or via the designated reporting link.
● Use the term “incident.” Refrain from using the term “breach”—all reports should be referred to as “incidents” until assessed by the Compliance Team.
