Make sure your employees know how to spot potential security breaches and how they should respond. This policy describes the signs that might point to a security incident and offers guidelines on the steps they should take.

From the policy:

Summary
Confidential information must be kept secure to protect the business and its staff. System or network breaches and data loss can result in severe consequences for organizations. There are numerous real-life examples of publicized intrusions that produced damaging results, and they’ve proven that technological safeguards and a strong employee commitment to policy are essential tools in preventing and responding to information security incidents.

With this perspective in mind, the proper channel and process for reporting security incidents that might compromise data integrity is of utmost importance for all employees in order to maintain business operations.

Incident reporting requirements
The following examples are possible signs that an information security incident may be in progress or may have already occurred. Some of these may be legitimate occurrences that are a normal part of daily operations—but others may be a sign of a deeper threat. Employees should operate from the standpoint of whether these examples (or others not listed) are expected or unexpected:

• Strange application behavior, such as programs that mysteriously close or from which data is missing
• Excessive system crashes
• Abnormally slow or poor system performance
• Reports that they have sent out spam or unwanted emails
• Inappropriate pop-up ads
• Locked accounts or reports that they have attempted to logon unsuccessfully, especially when they have been away from their system
• Remote requests for information about systems and/or users (e.g., individuals claiming via phone or email to be help desk staff and asking for passwords)