Why and How to Report Security Incidents

In a highly digital world, security is often at the forefront of our concerns when it comes to personal devices and data. University Information Security (UIS) has created many resources to help prevent, identify, and report security incidents to ensure your information is secure.

What is a security incident?

The University defines a security incident as the following:

• Misuse of technology resources, compromise of integrity or loss of confidentiality of University data (electronic or paper-based).
• Threats to availability of resources (i.e., cyber attack), misrepresentations of identity, or harassment of or by individuals using technology resources.
• Loss or theft of a University-owned computer (or a personal computer/device storing University data).

Some examples of security incidents include:

• Suspected abuse/misuse of UMN Internet password and Duo access.
• Electronic files have been mistakenly posted on the Web or e-mailed to the wrong recipients.
• Spam and email forgery that originates from or is relayed through umn.edu. For real examples, visit https://z.umn.edu/phishing.

Additional resources about how to prevent, recognize, and report security incidents:

• Recognize and Report Information Security Incidents
• Report Suspected Data Breach
• Practice Safe Computing

Why should I report a security incident?

As a community, we are all responsible for taking measures to ensure the security of our own personal data and University data and devices to create a safe environment for all and preserve the confidentiality, integrity, and availability of information. Importantly, reporting security incidents is required to meet legal and regulatory obligations as well as University policy.

How do I report a security incident?

If you do encounter a security incident, report it immediately to University Information Security. Call 911 if you fear for your safety.

1. Send email with details to [email protected].
2. If a specific computer, device or server is involved:
   1. Leave the device powered on.
   2. Disconnect the device from the network (unplug network cable and turn off WiFi).
   3. Do not use or clean the device. Attempting to "fix" a compromised system may interfere with determining the severity of an incident.
3. UIS will contact you with next steps.

If in doubt, reach out by contacting Technology Help or the University Information Security team at [email protected].

We are all responsible. Remember, the sooner you report, the better.