An employee receives an urgent email from what appears to be the IT department requesting immediate access to their cloud storage service to resolve a system issue. What is the most appropriate action to ensure data protection and GDPR compliance?