You are here

Report an Information Security Incident

An information security incident is an event that compromises the confidentiality, integrity, or availability of an information asset-such as a file or data elements within-or an information system-a workstation, server, or application. An incident can occur through a variety of means, potential indicators include:

  • Alerts and warnings from anti-malware software,
  • Web page pop-ups that will not close or allow you perform other actions on your computer,
  • The computer is running extremely slow or experiencing unusual behavior,
  • Unexpected or suspicious log entries are present in your computer’s log files,
  • Someone, internal or external to the Institute, is reporting suspicious activity that has originated from your computer.
  • Follow the steps provided below for the incident type that best fits the circumstance.

What to do if you think your data or device has been compromised.

  1. Start documenting.
    It is imperative to gather as much information as possible if your system or data has been compromised. Do not unplug the power or network connection, as vital information that can assist during an investigation may be lost. The Tech Spot will assist you on the best course of action based on the details you provide.

    • What were the indicators you noticed?
    • Did the indicators appear after visiting a specific website, opening an email or document?
    • If it is a mobile device, where were you when it started?
    • Are you connected to public or campus WiFi?
       
  2. STOP using the device.
  3. Contact the Tech Spot
    The analyst will be able to assist you in determining if your device or data has been compromised and will talk you through the process to mitigate the effects of a potential compromise. Please follow the steps as directed and provide all necessary information as the information from one incident can help prevent and mitigate the effects of others.

What to do if your device has been lost or stolen.

  1. Contact Public Safety
  2. Contact the Tech Spot
  3. Change your Wentworth Network Account Password
    Even if you think your device is encrypted or has a strong password, a compromise is always possible. Best practices are to change your passwords for all accounts you accessed with that device.
  4. Locate the device.
    If you have a activated a location service or function on your device, attempt to locate the device and provide the information to Public Safety. If you have not activated a location service, skip to step 5
  5. Wipe the device.
    Work with your carrier, for applicable devices like tablets with data plans and smartphones, to remotely wipe the data on the device. The Tech Spot will be able to facilitate this for you for Wentworth owned devices.   

Policy Violations

If you suspect a potential violation of Institute policy or regulatory compliance, please email information to abuse@wit.edu.

General Inquiries

For general inquiries on this or any information security concerns, please email infosecurity@wit.edu.