Modern day IT security does not just come under the remit of the IT department. Instead, it is everyone’s job. It can greatly enhance an organisation’s security posture if incident reporting policies create an easy way for employees to report suspicious emails, SMS messages, telephone calls, etc. Ideally, incident reporting should become a cultural norm and not be perceived as a mechanism for the paranoid. But perhaps the greatest attribute of any incident reporting mechanism is trust. Employees who have accidentally made an error, such as opening up a dubious attachment, should not fear being reprimanded. A reported incident can be at least eliminated, contained or monitored.