Report an Information Security Incident
An information security incident is an event that compromises the confidentiality, integrity, or availability of an information asset-such as a file or data elements within-or an information system-a workstation, server, or application. An incident can occur through a variety of means, potential indicators include:
- Alerts and warnings from anti-malware software
- Web page pop-ups that will not close or allow you perform other actions on your computer
- The computer is running extremely slow or experiencing unusual behavior
- Unexpected or suspicious log entries are present in your computer’s log files
- Someone, internal or external to the Institute, is reporting suspicious activity that has originated from your computer
- Follow the steps provided below for the incident type that best fits the circumstance
What to do if you think your data or device has been compromised.
Documenting.
Do not unplug the power or network connection, as vital information that can assist during an investigation may be lost. It is imperative to gather as much information as possible if your system or data has been compromised. The Tech Spot will assist you on the best course of action based on the details you provide.
- What were the indicators you noticed?
- Did the indicators appear after visiting a specific website, opening an email or document?
- If it is a mobile device, where were you when it started?
- Are you connected to public or campus WiFi?
2. STOP using the device.
3. Contact the Tech Spot or the Information Security Office.
The analysts will be able to assist you in determining if your device or data has been compromised and will talk you through the process to mitigate the effects of a potential compromise. Please follow the steps and provide all necessary information as this can help prevent and mitigate other incidents.
What to do if your device has been lost or stolen.
- Contact Public Safety to report this.
- Contact the Tech Spot
- Change your Wentworth Network Account Password
Even if you think your device is encrypted or has a strong password, a compromise is always possible. Best practices are to change your passwords for all accounts you accessed with that device. Activate two-factor authentication. - Locate the device.
If you have activated a location service or function on your device, attempt to locate the device and provide the information to Public Safety. If you have not activated a location service, skip to step 5. - Wipe the device.
Work with your carrier, for applicable devices like tablets with data plans and smartphones, to remotely wipe the data on the device. The Tech Spot will be able to facilitate this for you for Wentworth owned devices.