Think fast: what’s the first thing you do after realizing you just replied to the e-mail from the Nigerian prince wanting to give you a sum of $34 million? Okay, you most likely didn’t reply to that…but let’s suppose you suddenly realize your machine or device has been compromised and you’re staring at a ransom note. Now what?

First, take a picture of the ransom notice on the screen.

Second, immediately disconnect the device from your company’s network (if appropriate) and the Internet by disconnecting the WiFi. Do the same with all devices connected to the network your machine is on.

Third, call us, your IT company, and report the incident. Even if you suspect something is going on, follow these steps. Do not ignore it, click it away or try to fix it yourself.

If you’re an employer, work with your IT company to create step-by-step instructions on what to do if employees believe they have witnessed a cyber-incident. Training needs to happen now, not when the problem is happening. Even the simple instructions above can save you from going from bad to worse.

Have questions about cyber security or some other IT-related issues? Access our calendar here to book a quick, 10-minute call.