Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Procedure for Handling Potential Account Compromises

            Modified on Mon, 10 Feb at 1:42 PM

            This document provides guidelines for IT and other employees to follow when a user's account is suspected of being compromised. These procedures align with standards from recognized IT standardizing bodies such as ISO and NIST.

            Steps to Follow

            1. Identify the Compromise

              • Monitor Alerts: Regularly monitor security alerts and notifications from security systems.
              • User Reports: Take user reports of suspicious activity seriously and investigate promptly.

            2. Initial Communication

              • Preferred Methods: Contact the user via Microsoft Teams or Phone or other communications method to inform them of the potential compromise.
              • Alternative Methods: If the user is unreachable, send an email or use any other communication system requested by the user.

            3. Verify the Compromise

              • User Confirmation: Ask the user to confirm if they're aware of any suspicious activities or changes they did not authorize.
              • System Logs: Begin pulling system logs for unusual login attempts or activities.

            4. Secure the Account

              • Password Reset: Reset the user's password immediately, logging them out of all sessions as well.
              • Log Out of All Sessions: Tell the user you're about to forcefully log them out of all logged-in sessions.
              • Multi-Factor Authentication: Ensure multi-factor authentication (MFA) is enabled on the account.

            5. Investigate the Breach

              • Analyze Logs: Review pulled logs to determine the extent of the compromise, including them in documentation.
              • Identify Vulnerabilities: Identify and address any vulnerabilities that may have been exploited.

            6. Communicate Findings

              • User Notification: Inform the user of the findings and any actions taken.
              • Management Notification: Report the incident to management and relevant stakeholders.

            7. Prevent Future Compromises

              • User Education: Educate the user on best practices for account security.
              • System Updates: Ensure all systems are up-to-date with the latest security patches.

            References

            • ISO/IEC 27001: Information Security Management
            • NIST Cybersecurity Framework: Guidelines for Improving Critical Infrastructure Cybersecurity

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0