Help With Security Issues

There are four main types of data security incidents:

1. Computing Devices Compromised bymalware.
2. Computing Devices Compromised by Unauthorized Access (includes any devices accessed without permission, either by stolen or compromised credentials, or other attempts to access a device without authorization)
3. Lost or Stolen Computing Devices containingConfidential Wellesley College data(refers to all computers [both College-owned and personal], servers, portable media, external hard drives or other mobile devices)
4. Lost or Stolen Paper Records containingConfidential Wellesley College data

Breach Reporting Procedures

1. Computing devices compromised by malware*

• Contact the Computing Help Desk immediately at x3333.
• Submit aData Incident ReportifConfidential College datawas stored on the compromised device.

*It can be difficult to tell when a computer has been infected withmalware. Here are some common signs to look for:

• Your computer is slower than usual
• You see a lot of pop-up windows when web browsing
• Your computer runs out of disk space
• Your computer crashes often
• You receive a message from anti-virus or anti-spyware software suggesting you have a problem

2. Computing devices compromised by unauthorized access

• Shut down the compromised computer immediately and call the Computing Help Desk at x3333.
• Submit aData Incident Report.
• The Information Security Officer (ISO) will contact Campus Police upon notification to coordinate the investigation.

3. Lost or stolen computing devices containingConfidential College data

• Contact Campus Police immediately at x5555.
• Submit aData Incident Report.
• Campus Police will contact Library & Technology Services (LTS) upon notification of the loss to coordinate the recovery effort. (The lost device may be recovered if it connects to the campus network. This may not be possible in all cases.)

4. Lost or stolen paper records containingConfidential College data

• Contact Campus Police immediately at x5555.
• Submit aData Incident Report.
• Campus Police will contact LTS upon notification of the loss to inform them of potential data breach.

In all of the above cases of known or suspected data breaches, the ISO will immediately inform the Deputy Chief Information Officer and the Chief Information Officer (CIO) who will alert the Chair of the Data Incident Team.