During a routine review, a security analyst observes large data transfers occurring outside of business hours from a high-level executive's account to an unknown external server. The executive usually accesses sensitive financial records during standard business hours. Which of the following actions should the analyst investigate as a priority to determine if this is an incident?
Verify if the executive was actually responsible for the transfers
Check the integrity of backup files for possible corruption
Examine the firewall rules for any recent changes
Immediately change the executive account's password