Action Steps for Threats against Phishing Attack
Description of Crisis
Objective
To efficiently respond to and mitigate the effects of a phishing attack.
Trigger
This playbook is triggered when a user reports a suspected phishing email or an email security system flags a potential phishing attempt.
Action Steps
Pre-Crisis
Preparation
- Regularly update anti-phishing training for all employees.
- Ensure all systems have the latest security patches.
During-Crisis
Identification
Confirm the phishing attempt:
- Verify sender information.
- Check for suspicious links or attachments.
- Analyze for urgency or pressure tactics in the email content.
Containment
If a phishing email is identified:
- Instruct the affected user to not interact with the email.
- Isolate the affected user’s account from the network if interaction has occurred.
Eradication
- Remove phishing emails from all user inboxes.
- If any systems were compromised, initiate a password reset and malware scan.
Recovery
- Monitor the affected systems to ensure they return to normal operational status.
- Conduct a review to confirm that the threat has been entirely eradicated.
Post-Crisis
Post-Incident Activity
- Record the incident’s details for future reference.
- Update defence mechanisms based on the attack’s nature.
- Provide additional training if necessary.
Communication
- Inform the IT security team and stakeholders about the incident.
- Communicate transparently with affected parties as appropriate.
Review
- Hold a post-incident meeting to discuss what was learned and how to prevent similar incidents.
- Update the playbook with any new findings.
More Information About Crisis Management Courses
To learn more about the course and schedule, click the buttons below for the CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].
|
|
|
|
|
|
|
|
Please feel free to send us a note if you have any questions.
|
|
|
|
|
|