I will go for the aggressive system scan and also the access limitations will apply on critical databases. So, it can be secure from breach. However, i will also restrict that employee's system from accessing data or connecting from the company's network.

I have faced this situation before first thing we mailed the IT Team about that case and asked them to check the employee’s device and inform his manager about what have been done by the employee, Second thing I had a one to one conversation with that employee and I gave him a security awareness session to make sure that he will not do that again and if he faced any thing suspicious then he would send it to us to analyze and handle it and give him our recommendations about how to deal with that.

First, I would document the incident and gather evidence while seeing any potential security impact. Next, I would communicate with the employee to understand whether it was accidental or deliberate seeing past activity leveraging UBA and explain the risks and implications of their actions. Based on the findings, I would report the incident to the relevant authorities or management as per company policy and recommend corrective actions, such as additional training or disciplinary measures, to prevent recurrence. Maintaining confidentiality and ensuring the organization's policies are upheld would remain a priority throughout the process.