When an account is suspected of being compromised, abnormal file sharing is detected, or any other security incident occurs, follow the steps below to respond quickly and minimize potential risks.
Before You Begin
- Ensure that you have OSM platform administrator privileges.
- Initiate your organization's cybersecurity incident response process, if applicable.
- After the incident has been resolved, it is recommended to enable two-factor authentication (2FA) for the affected account and review the permission settings of all associated groups.
- If the incident involves infected files, navigate to Platform Management > File Release Management > False Positive Virus Release to review and handle the affected files.
Steps to Follow
1. Immediately Disable the Affected Account
Log in to OSM. Go to [User Management] > [User Management] > [Account Information].
Find the target account and click [Disable] on the account detail page.
2. Unbind Linked Mobile Devices
Please refer to "How to Manage Linked Devices" to unbind.
3. Terminate Abnormal Sharing Links
Go to [Share Management] > [User Share Management] > [Share Management and Query].
Filter the sharing records of the user.
Delete each abnormal share one by one.
4. Reset or Request Password Change
For local OSM accounts: assist the user to reset the password through the "Forgot Password" process.
For AD/LDAP or SSO accounts: contact the IdP administrator for assistance.
5. Retain Incident Records
Export relevant reports (user activity logs, platform management operation logs, deletion records) as references for post-incident review.