Incident Response Management

Unfortunately, the hackers win sometimes, and you may be involved with a security incident. Don’t be ashamed, and don’t panic. The ATUS Help Desk and the Information Security Office are here to support you.

If you believe your workstation is infected:

Unplug it from the network or pull the power cord out (do not shut it down gracefully).

If you believe your account was compromised:

  1. Change your password immediately on the Microsoft self service password reset website.
  2. Sign up for multi-factor authentication.

For all incidents:

  1. Let your supervisor know.
  2. Contact the ATUS help desk ( or (360) 650-3333) and:
    • Give them any information on how the incident may have occurred. The most common problems are clicking on a link or attachment in a phishing email.
    • Let them know all the systems you normally access. The audit logs need to be checked to verify if an intruder successfully penetrated the systems.
  3. If it is after hours, you may also email the Information Security Office directly at If you don't get a quick response, and the incident is serious, you may contact University Police.
  4. The Information Security Office will coordinate with the Help Desk and with you directly for some incidents. Always start by reporting the incident to the Help Desk, however.