Responding to Unauthorized Access Attempt

Summary

This article outlines how to respond when an unauthorized login attempt is detected on a secure system. It explains the risks and provides steps to secure accounts and prevent future incidents.

Body

Question/Issue

What should I do if an alert is triggered for an unauthorized login attempt to a secure system?

Cause

An external party may be attempting to access the system using stolen or guessed credentials.

Resolution

  1. Immediately block the suspicious IP address or source of the login attempt.
  2. Reset credentials (passwords, security questions) for any affected user accounts.
  3. Notify users of the incident and advise them to monitor for unusual activity.
  4. Review system logs for additional unauthorized attempts or suspicious behavior.
  5. Increase monitoring of the affected system for a period after the incident.
  6. Consider enabling multi-factor authentication (MFA) if not already in place.
  7. Report the incident to your organization’s information security team.

Details

Details

Article ID: 687
Created
Tue 12/9/25 4:41 PM
Modified
Thu 12/11/25 3:44 PM