After a phising attack, or an unallowed log in into the system, it would be helpful when MEWS sends immediately a note to the affected user and parallel to a defined admin user and a general mailaccount. We made the experience that after a phising attack there was lost a lot of time.
6 days after the attack to a login from a user we got the information to one undefined Admin User who is working part time on Friday Evening. 10 more days later we got further information also to non specifc Admin user. In case of a cyber attack the process has to be defined more strictly and faster. I would apreciate to get a note to defined Admin users! Loking forward to your reply.