| Action | Timeline | Owner | |--------|----------|-------| | all Padlocked workbooks with an external tool (e.g., VeraCrypt containers) | 48 h | IT Security | | Audit Add‑in Marketplace : disable all third‑party add‑ins not vetted by your security team | 24 h | Endpoint Management | | Deploy Microsoft’s Emergency Update (KB‑2026‑001) – a hot‑fix that randomizes the GCM nonce and switches to RSA‑OAEP | 72 h | Patch Management | | Conduct a forensic review of shared OneDrive folders for suspicious file patterns (identical nonces) | 1 week | Incident Response | | Communicate to staff about the breach and provide clear guidelines on handling Excel data | 12 h | Corporate Communications |