In the first place I would recommend my boss to send a communication globally over the company network so that it reaches every employees mailbox and making them aware of the situation. The communication should have the information on how to avoid such security breach.
To avoid such incidents my recommendations are below
By considering the current incidents we should improve the employee security understanding skills. My recommendation would be providing training classes to all the employees every quarterly. And conduct a test based on the learnings. This will help the employee to understand how they have to react and what they need to do when such security threats happen to the company.
As we know that the attacker will not follow the same type of attack every-time , They will be coming up again and again with a new way until they succeed in getting the company valuable information, And this needs to be identified by the security team and should warn the employees, also adding these details to the training classes will help the employees to know about the ways of security breaches and information theft that can happen.
When an employee gets call from an unknown person asking about the company information, As we are not sure that it is a scam call or a real vendor who is trying to get the information in order to sell his product. In this case we can ask the person to come in person to the company office to get the information.
The actions that need to be taken in case of such incidents
1. Change passwords for email accounts and bank accounts.
2. Donot save the information like SSN, date of birth and personal security codes on the computer.
3.Clear the browsing history and passwords that are saved on the browser.