1. Block all emails from external sources.

1. Conduct security awareness and phishing training for employees.

1. Purchase a new anti-phishing tool.

1. Restrict access to email for most employees.

1. Keep using it while restricting access.

1. Negotiate with the vendor for extended support.

1. Immediately replace it with an alternative.

Plan a migration to supported software.

Revise the incident response plan.

Conduct a post-incident review.

1. Penalize responsible employees.

Immediately notify customers.

Buy cybersecurity tools.

Define the ISMS scope and objectives.

1. Start employee training on cybersecurity.

Hire a security team.

Restrict access and review controls.

Delete the data.

1. Ignore, since it was internal.

1. Report to law enforcement.

1. Continue using the software while restricting access to it.

1. Seek an extension of support from the software vendor.

1. Immediately switch to an alternative without a risk analysis.

1. Plan and execute a migration to a supported software solution.

1. Assess the impact of the lost data and determine the breach's severity.

1. Ignore the incident if the laptop is password protected.

1. Immediately inform all clients about the potential data breach.

1. Suspend the responsible employee.