Crisis Management Cybersecurity Response Series
CM Ai Gen_with Cert Logo_9

Playbook: Threats against Phishing Attack

This playbook is triggered when a user reports a suspected phishing email or an email security system flags a potential phishing attempt.
Moh Heng Goh
Crisis Management Certified Planner-Specialist-Expert

Action Steps for Threats against Phishing Attack

Description of Crisis
Objective

Playbook: Threats against Phishing AttackTo efficiently respond to and mitigate the effects of a phishing attack.

Trigger

This playbook is triggered when a user reports a suspected phishing email or an email security system flags a potential phishing attempt.

Action Steps

Pre-Crisis
Preparation
  • Regularly update anti-phishing training for all employees.
  • Ensure all systems have the latest security patches.
During-Crisis
Identification

Confirm the phishing attempt:

  • Verify sender information.
  • Check for suspicious links or attachments.
  • Analyze for urgency or pressure tactics in the email content.
Containment

If a phishing email is identified:

  • Instruct the affected user to not interact with the email.
  • Isolate the affected user’s account from the network if interaction has occurred.
Eradication
  • Remove phishing emails from all user inboxes.
  • If any systems were compromised, initiate a password reset and malware scan.
Recovery
  • Monitor the affected systems to ensure they return to normal operational status.
  • Conduct a review to confirm that the threat has been entirely eradicated.
Post-Crisis
Post-Incident Activity
  • Record the incident’s details for future reference.
  • Update defence mechanisms based on the attack’s nature.
  • Provide additional training if necessary.
Communication
  • Inform the IT security team and stakeholders about the incident.
  • Communicate transparently with affected parties as appropriate.
Review
  • Hold a post-incident meeting to discuss what was learned and how to prevent similar incidents.
  • Update the playbook with any new findings.

 


BCMI Logo

Do You Want to Continue Your CM Professional Training with Certification Remotely?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

Reference Guide

A Manager’s Guide to Implementing Your Crisis Management PlanGoh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.

Extracted from Appendix 6D: Threats against Property

Note: This version is the draft 2nd Edition being updated in 2021. The numeric in the square bracket {C##] and [AX-#] is the cross-referencing of the actual chapter and appendices in the 2016 Edition.

More Information About Crisis Management Blended/ Hybrid Learning Courses

To learn more about the course and schedule, click the buttons below for the  CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].

New call-to-action New call-to-action New call-to-action
New call-to-action New call-to-action [BL-CM] [5] Register
New call-to-action

Please feel free to send us a note if you have any questions.

Email to Sales Team [BCM Institute]

FAQ BL-CM-5 CM-5000
New call-to-action New call-to-action New call-to-action

Comments:

 

More Posts

New Call-to-action