Report an Information Security Incident
An information security incident is an event that compromises the confidentiality, integrity, or availability of an information asset-such as a file or data elements within-or an information system-a workstation, server, or application. An incident can occur through a variety of means, potential indicators include:
- Alerts and warnings from anti-malware software,
- Web page pop-ups that will not close or allow you perform other actions on your computer,
- The computer is running extremely slow or experiencing unusual behavior,
- Unexpected or suspicious log entries are present in your computer’s log files,
- Someone, internal or external to the Institute, is reporting suspicious activity that has originated from your computer.
- Follow the steps provided below for the incident type that best fits the circumstance.
What to do if you think your data or device has been compromised.
STEP 1: Start documenting.
It is imperative to gather as much information as possible if your system or data has been compromised.
- What were the indicators you noticed?
- Did the indicators appear after visiting a specific website, opening an email or document?
- If it is a mobile device, where were you when it started?
- Are you connected to public or campus WiFi?
STEP 2: STOP using the device.
Do not unplug the power or network connection, as vital information that can assist during an investigation may be lost. Someone at the Help Desk will assist you on the best course of action based on the details you provide. This leads us to…
STEP 3: Contact the Help Desk at 617-989-4500.
The analyst at the Help Desk will be able to assist you in determining if your device or data has been compromised and will talk you through the process to mitigate the effects of a potential compromise. Please follow the steps as directed and provide all necessary information as the information from one incident can help prevent and mitigate the effects of others.
What to do if your device has been lost or stolen.
STEP 1: Contact Public Safety at 617-989-4400 or firstname.lastname@example.org
STEP 2: Contact the Help Desk at 617-989-4500 or email@example.com
STEP 3: Change your passwords.
Even if you think your device is encrypted or has a strong password, a compromise is always possible. Best practices are to change your passwords for all accounts you accessed with that device.
STEP 4: Locate the device.
If you have a activated a location service or function on your device, attempt to locate the device and provide the information to Public Safety. If you have not activated a location service, skip to step 5.
STEP 5: Wipe the device.
Work with your carrier, for applicable devices like tablets with data plans and smartphones, to remotely wipe the data on the device. In some cases, the Help Desk will be able to facilitate this for you for Institutional devices.
If you suspect a potential violation of Institute policy or regulatory compliance, please email information to firstname.lastname@example.org.
For general inquiries on this or any information security concerns, please email email@example.com.