Incident Response Management
Unfortunately, the hackers win sometimes, and you may be involved with a security incident. Don’t be ashamed, and don’t panic. The ATUS Help Desk and the Information Security Office are here to support you.
If you believe your workstation is infected:
Unplug it from the network or pull the power cord out (do not shut it down gracefully).
If you believe your account was compromised:
- Change your password immediately on the Microsoft self service password reset website.
- Sign up for multi-factor authentication.
For all incidents:
- Let your supervisor know.
- Contact the ATUS help desk (firstname.lastname@example.org or (360) 650-3333) and:
- Give them any information on how the incident may have occurred. The most common problems are clicking on a link or attachment in a phishing email.
- Let them know all the systems you normally access. The audit logs need to be checked to verify if an intruder successfully penetrated the systems.
- If it is after hours, you may also email the Information Security Office directly at email@example.com. If you don't get a quick response, and the incident is serious, you may contact University Police.
- The Information Security Office will coordinate with the Help Desk and with you directly for some incidents. Always start by reporting the incident to the Help Desk, however.