Containment
Prioritise accounts and systems that hold or can access financial or personal data.
Verify that any accounts with key privileges are secure and have not been compromised. You can do this by having your technical team or service provider audit account access and verifying only the legitimate user has access to their account.