Which of the following practices should an incident responder follow during recovery of an email security incident?

Enquiring with the bank about the possibility of reverting a transaction is a critical step during the recovery phase of an email security incident, particularly if financial fraud is suspected. This action can help in mitigating the damage caused by unauthorized transactions that may have taken place as a result of the email incident. Communication with financial institutions may lead to the recovery of stolen funds, or at the very least, help establish a timeline of events and secure the account against further unauthorized access.

This measure emphasizes the importance of proactive engagement with external entities, such as banks, to trace and potentially reverse harmful actions taken as a result of the incident. It should be part of a broader recovery strategy that includes addressing technical aspects, user notifications, and future prevention.