What should Bob's colleagues do in response to his actions?

Reporting Bob is the appropriate action for his colleagues to take in response to his actions, especially if those actions pose a risk to cybersecurity or violate policy. When colleagues notice concerning behavior—such as mishandling sensitive data, engaging in unauthorized use of company resources, or any action that undermines security protocols—it is crucial that they report it to the designated authorities, such as a supervisor or the security team. This ensures that proper investigations can be conducted, and necessary measures can be taken to mitigate any potential threats.

Addressing such situations through reporting not only helps in maintaining the integrity of the command and protecting sensitive information but also contributes to a culture of accountability and vigilance in cybersecurity practices. Reporting is formal, sets an example for accountability, and may lead to corrective actions that ensure the security of the entire team or organization.