Incident Playbooks
A security incident is stressful because every minute feels expensive. These playbooks keep the first response simple: contain the damage, preserve evidence, recover control, and then harden the weak point that was abused.
0 out of 8 (0%) complete, 0 ignored
| Done? | Advice | Level | Details |
|---|---|---|---|
Impact: HighEffort: Medium | Essential | From a clean device, change the password, revoke all sessions, remove unknown forwarding rules and app passwords, check recovery methods, enable strong MFA, then reset passwords for accounts that use this mailbox. | |
Impact: HighEffort: Medium | Essential | Use Find My Device or Find My iPhone to lock or erase it, revoke account sessions, suspend the SIM if needed, remove the device from MFA settings, and replace backup codes for accounts that depended on it. | |
Impact: HighEffort: Medium | Essential | Contact the bank through the number on the card or official app, freeze or replace the card, dispute transactions, change banking passwords, review devices and sessions, and preserve screenshots or messages. | |
Impact: HighEffort: Medium | Essential | Create a recovery plan with your national identity theft reporting service where available, place fraud alerts or credit freezes if relevant, file reports, and keep a timeline of accounts, letters, calls, and case numbers. | |
Impact: MediumEffort: Medium | Recommended | Use the platform recovery flow, revoke unknown sessions and connected apps, restore email and phone settings, warn contacts not to trust recent messages, and check whether the same password was reused elsewhere. | |
Impact: HighEffort: Medium | Essential | Disconnect from the network if active theft is suspected, avoid logging into sensitive accounts, scan from a trusted tool or reinstall the OS, rotate passwords from a clean device, and restore only trusted files. | |
Impact: HighEffort: High | Essential | If the vault, master password, or recovery material may be exposed, change the master password from a clean device, revoke sessions, rotate critical account passwords first, replace MFA backup codes, and monitor for account changes. | |
Impact: MediumEffort: Low | Recommended | Save emails, headers, URLs, screenshots, transaction IDs, account notices, and timestamps before deleting messages or wiping devices. Evidence can be useful for banks, platforms, insurers, employers, or law enforcement. |