Guest Expert: Reporting a Security Event
By: Jenny Blaine, Security Risk Analyst, University Information Security
At the University of Minnesota, we encourage everyone in the community to report any potential security incident or apparent problem or breach. See Recognize and Report Information Security Incidents for examples of potential security incidents and how to report them.
Do you ever wonder what happens to your report? How does the University Information Security team react to your reports? What is the journey of your report?
The answer depends on what type of event you are reporting.
The University’s Incident Response (IR) team fields all information security reports that come in to [email protected], [email protected], [email protected], through Technology Help ([email protected]), and others. In some cases, the first response from the IR team may be, “Call 911 if you fear for your safety.”
In the case of your phishing report, the IR team may ask you for the headers of the email to determine the real sender. There are many different kinds of spam. Spam is all unwanted bulk email and may include marketing or represent banks or other entities that are not the University. If the IR team determines that the email is indeed phishing that targets or represents the University, they will take action and block incoming and outgoing email for the sending address, request removal of any web sites with false UMN login pages, and report the attack to Google.
If you report that you are afraid someone accessed or “hacked” your account, the IR team will recommend you change your password right away, and or take steps to recover your account and protect your identity. They may examine logs to see if there are any unusual logins for your account (e.g. any logins that depart from normal patterns like offshore locations, etc.), and attempt to determine if any other accounts were accessed in the same way that might indicate account compromise.
To help protect the University’s data, report to [email protected] any theft or loss of a device (e.g. laptop, mobile phone) that you use to access University systems or data. The IR team will send you a list of questions to answer that can help determine whether, in the case of theft, it would be possible for the thief to retrieve University data from your device, resulting in a potential data breach, or whether the thief will simply need to wipe your data before selling your device.
The report may pass through various phases of investigation before being resolved.
The University’s Incident Response (IR) team, with the assistance and collaboration of the Technology Help team, the Health Sciences Center for Excellence, members of the University community, like you, and others, works tirelessly to protect the University’s community, data, and reputation. They can’t do it alone. Thank you for being a good partner!