Respond to Data Security Incidents: Faculty Staff

Any data security incident involving a University-owned devices or personal devices containing sensitive University data should be taken seriously. Responding to data security incidents promptly and efficiently helps protect the University's assets (e.g., data, computers, networks) and ensures compliance with state and federal law and University policy.

1. Compromised Computing Devices

If your University-owned or personal device containing sensitive University data is exhibiting symptoms of malware (the most common data security incident), or you suspect the computing device has been accessed without authorization (your user name and password have been lost or compromised, you respond to a phishing scam or suspect someone else has attempted to access your device without your permission):

1. Keep Detailed Notes.
   Depending on the severity of the incident, you may have to provide details about the incident, including how you first responded, to other staff, management, University Legal Counsel, or Internal Audit.
   
   
2. STOP using the device.
   If you suspect the device is infected with malware, STOP! Keep the system intact as changes can destroy valuable data related to the incident. Do not turn off the device, run anti-virus software, or attempt to back up data.
   
   
3. Contact UMass Dartmouth CITS.
   Call CITS at 508.999.8900 . Do not email UMass Dartmouth CITS or submit an online IT help request from a potentially-compromised device.
   
   

When calling the CITS, be prepared to provide information about the nature of the incident (e.g., response to a phishing scam), approximate date and time the incident occurred, your email address, and campus phone number.

2. Lost or Stolen Computing Devices

If a computing device, which includes departmental laptops, USB drives, cell phones, or other devices that may contain sensitive data, or personal computing devices with sensitive University data, is lost or stolen:

1. Contact the UMass Dartmouth Police Department.
   Report the lost or stolen device at 508.999.9191.
   
   
2. Contact Procurement.
   For University-owned devices, report the incident to the University Procurement Department at 508.999.8055.
   
   
3. Fill out the Lost or Stolen University-Owned Computing Device form.
   You will be asked to provide information on the nature of the incident (e.g., lost computer), the approximate date and time when the device was lost or stolen (or when it was discovered to be missing), your email address, and campus phone number.
   
   
4. Change your passwords.
   Be sure to change your UMassD Logon account password, and any other password that may have been exposed.
   
   
5. Mobile device only: Contact your mobile device service provider for a remote wipe.
   Contact the mobile device service provider and request that the contents of your device be wiped remotely. For University-owned mobile devices, contact CITS at 508.999.8900 for a remote wipe.

3. Related Documents

• ITS-001: Acceptable Use of Information Technology Resources Policy
• ITS-006: Information Security Policy
• ITS-008: Information Security Incident Response
• Data Security Incidents: Prevention and Response Procedures
• Respond to Data Security Incidents - Information for IT Administrators
• Respond to Data Security Incidents Caused by Malware - Checklist for IT Administrators
• Security Checklist for University-Owned Computers

The UMass campuses strive to maintain consistent IT policies. The Information Security Policy and related documents have been adopted with permission from UMass Amherst.