Financial services
After a phishing attack on an employee, we closed the gaps before any data left the building
Data leak prevented; incident response time under 2 hours from first contact
An employee clicked a phishing link and attackers gained access to their account. We locked down access and closed the gaps within hours.
The client called us mid-incident: an employee had opened a phishing email and entered their work credentials on a fake login page. The company had no monitoring for suspicious activity and no least-privilege access policy.
What we did
We immediately locked the compromised account, checked access logs for signs of data exfiltration, and reset passwords company-wide. Once the incident was contained, we rolled out two-factor authentication, restricted access by role, and set up monitoring for suspicious logins.
Result
No signs of a data leak were found — access was cut off before attackers could exfiltrate anything. The company now has ongoing security monitoring and an incident response procedure.