When verification fails, is refused, or the caller is not in your Circle:
Step 1: Do not comply with any pending request.
Step 2: Document the interaction—time, caller ID, name claimed, request, challenge result.
Step 3: Notify your direct manager by phone or in person (not email).
Step 4: Report to the SOC via the official incident reporting channel.
Step 5: If financial—immediately notify the CFO’s office and banking contacts to freeze pending transactions.
Post-incident: security team debriefs within 48 hours, anonymized lessons are shared org-wide, and incident data feeds into program metrics.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article