Hi Community,
I hope everyone is doing fine.
I think I could use the community's help and wanted to ask for your advice/best practices. We had a successful phishing attempt last week, one of our employees clicked on a link to open a document and entered his Microsoft credentials. Lucky enough, the attackers did not cause any major damage, but βonlyβ sent further phishing emails from his email account. Since the whole thing happened on a public holiday in most parts of Germany, and Microsoft quickly detected suspicious activity, blocked the employee's account and deactivated the link in the email, we seem to have got off lightly.
However, we realised that we need to work on our emergency plan for such incidents here and there.
Among other things, we had the problem that the affected employee did not know how to contact IT to report the incident, as his Microsoft account was blocked and he could no longer access anything. Additionally, we realised that some internal colleagues also received the phishing email from our colleague, but very few reported it and no one recognised the urgency of the situation and tried to contact IT directly (by phone).
Are there any ideas or best practices in the community on how to deal with this?
How do you ensure that employees know how to contact IT in such situations? We will of course follow up on the incident internally and will ask everyone to save the IT emergency number in their phones, but is that enough or can we do more?
And how do you ensure that employees know when it is sufficient to report the email (e.g. via the phishing button) and when they need to contact IT immediately, even if it's a holiday or the weekend? Of course, our IT is worried everyone will call all the time if we stress too much that they should do so in an emergency. How can we strike the right balance here?
I would really appreciate your thoughts on this π
