IT Security – reporting procedures

Important contacts

IT Service Desk

Data Protection Team

How to report spam/scam/phishing email

Contact IT Services with the following information:

  • If possible, forward the email as an attachment to preserve all the original information to; if you are unsure how to do this contact IT Service Desk
  • If you have responded to the scam or login were passed on please provide further details
  • Have you changed your password? If you have given your login details to a suspected phishing site, change your password right away.  Also, if you used the same details for other sites to change them as well

How to report a cyber attack on a server e.g. evidence showing up on logs

Contact IT Services with the following information:

  • Was there any personal, sensitive or confidential data on the server?
  • Is there evidence of data being extracted from the server? Please provide details
  • Have any suspicious files or scripts been found on the server? Please provide details
  • Are there any local accounts on the server with weak credentials, have they now been changed?
  • Attach or forward specific parts of the log files which highlight the attacker details that could assist to investigate further e.g. IP address of who is trying or has attacked the server, dates and times, ports used.

How to report a lost University owned device (laptop, mobile, tablet)

You must fill in the "Reporting a lost or stolen University laptop form" as soon as possible which is available on the Data privacy and information security website, please see link below.

Once filled in it should be forwarded to IT Services.

How to report malware/virus/ransomware that has infected your machine

Contact IT Services with the following information:

  • Did you click on a link or download software? If so, please provide details
  • Have you seen any unusual activity on the PC since for example a modified desktop background or random popup
  • Are any files stored either on your local hard drive, shared network drives or external hard drives now inaccessible
  • Do you have an up to date data back up? This would need to be restored after a re-installation of the Operating System if the infection has corrupted the data

How to report an insecure internal webpage e.g. login over http or personal data being sent

Contact IT Services with the following information:

  • Provide the exact link to the webpage and if you know who owns the page
  • Was any personal or confidential data submitted on the page
  • Do you know if the site hosted at University or in the cloud/external company

Webpage owner can request security certification - SSL Certificates - which can be installed on the server to secure data transfer using encrypted https.

How to report a social engineering phone scam e.g. someone asking to remote control your PC

Contact IT Services with the following information:

  • What was the first point of contact? For example email, phone call, text
  • Did you give any login details to the scammer or allow anyone to connect to your PC remotely
  • Has there been any unusual activity on your machine

How to report information breach e.g. if confidential or sensitive information has been lost are emailed to the wrong person

Contact IT Services with the following information:

  • What information was breached, to whom and how
  • Confirm the classification of data by referring to information governance, policy3 - Responsibilities of All Staff and Doctoral Researchers (link below)
  • Has anyone been informed about the breach
  • If the data was on USB pen or external hard drive, was it encrypted and/or the files password protected