By Jim Mangus, SVP Guardian

The bad actors are continually looking for ways to get into your company’s systems. So, when is something an issue that you should report? The short answer – Always! 

When I was in Iraq a while back (quite some time actually), we had a saying: we were in the land of the “not quite right.” So many things we saw would make us shake our heads and say Whiskey, Tango, Foxtrot. We learned over time that, while incidents may not have seemed bad or dangerous, they were always worthy of a look. That’s where we find ourselves today when it comes to cybersecurity. 

So, what counts as “something’s not quite right?” Basically, if you’re asking yourself “should I report this?” – the answer is yes. Examples include:

• Your computer is acting like it’s had too much coffee (or not enough) 
• You get an email that’s “almost” legitimate, but something feels fishy 
• There’s network activity that makes you go, “hmmm, that’s new” 
• Someone’s asking questions they shouldn’t be asking 
• You see unfamiliar faces in places they shouldn’t be 
• Your Spidey-sense is tingling for literally any reason 

Here’s the thing about threats: They don’t all show up wearing black hoodies and evil grins. Sometimes it’s just annoying adware that someone picked up from a sketchy website. Sometimes it’s malware. But sometimes – and this is why we care about “everything” – that innocent-looking browser popup is actually the first step in a ransomware attack that wants to encrypt all your stuff and demand Bitcoin. 

The problem? You can’t tell the difference just by looking. That “harmless” adware might be the recon phase of something much worse. What starts as a minor annoyance can escalate into a major incident faster than you can say, “we should have caught this earlier.”

Here’s our official policy: I would rather investigate 100 things that turn out to be nothing than miss one thing that turns out to be something. There’s no such thing as crying wolf in cybersecurity – there’s only “good catch” and “thanks for keeping us sharp.” If you report something and it’s nothing, congrats, you just helped us practice our incident response. If you report something and it’s actually something, you just saved everyone much pounding of chest and gnashing of teeth.

So, what should you report? How about: 

• What you saw (screen captures are good) 
• When you saw it 
• What you were doing when you saw it 
• Don’t worry about being eloquent – “something’s weird with XYZ” works fine 

Every time you successfully defend against an attack, you’re learning something new that helps better protect yourself and your customers. When you catch threats early, you’re not just avoiding headaches, you’re gathering intelligence that makes you stronger. 

Your job isn’t to figure out if something is actually a threat. Your job is to be the early warning system. See something weird? Say something immediately. Feel something’s off? Trust that feeling. 

When in doubt, speak up. When something’s weird, report it. When you’re not sure, report it anyway. 

Jim Mangus is Senior Vice President Operations & Delivery at Guardian. He helps organizations of all sizes and industries strengthen their security posture and navigate complex cyber threats. Jim is known for delivering innovative and tailored cybersecurity solutions that are unmatched in the service provider space. Connect with him at Jim Mangus | LinkedIn.