Account compromise procedure

When a user account has been compromised by a bad actor, being carless with your password or letting non authorized users access your account, or the IT department the procedure for securing the compromised account as follows:

Deem how the account was compromised
Alert the account holder with found evidence
Ask the account holder if that was them

If the account was logged in by them the account is no longer compromised

If the account wasn’t logged in by the account holder:

Tell the user you are going have them change their password
If necessary, go through the process with them
Mark the account for monitoring for a week

PreviousWhat is PAM (Privileged access management)NextEnd of life policy

Last updated 4 months ago