Incident Response Checklist 🚨 Immediate Actions (0-24 hours) Alert all university staff about the phishing campaign. Isolate compromised accounts immediately. Disable affected accounts' access to payroll systems. Notify Workday and other relevant HR software vendors of the incident. Implement a temporary block on external emails with suspicious characteristics. Activate enhanced monitoring for unusual login activities. 🔄 Recovery Actions Restore affected payroll profiles to their correct settings. Ensure all MFA settings are secure and legitimate. Reinstate email security measures and remove temporary blocks. Conduct a full review of security policies and update them as necessary. Communicate with affected staff to confirm restoration of services.
