Report An Information Security Incident

Overview

  • Minnesota State is committed to protecting the security and privacy of its information resources and to make information accessible to fulfill its mission of providing high quality higher education.
  • We want to hear from you any time an information security incident is suspected, attempted, successful, or there is an imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information to include interference with information technology operations.

Phishing

The most frequent incidents reported are suspected email phishing attacks. You should not create a ticket for a phishing email messages unless you believe your account has been compromised as a result of a phishing attack. 

  • If you receive a suspicious email message that asks for personal information,
    • Outlook.com: If you receive a suspicious email message that asks for personal information, select the check box next to the message in your Outlook inbox. Select the arrow next to Junk, and then select Phishing.
    • Microsoft Office Outlook: While in the suspicious message, select Report message from the ribbon, and then select Phishing.
    • If you don’t have a report option:
      • Create a new, blank email message with the following recipient: phishing@stcloudstate.edu
      • Drag and drop the phishing message into the new message. This will save the junk or phishing message as an attachment in the new message.
  • Indications of an account that is already compromised can include emails being sent from your email account that you did not send. Suspicious activity is an indicator that someone has unauthorized access to your account user name and password.

Examples of information security incidents you should report:

  • Suspected unauthorized use of a computer system.
  • Unauthorized use of another user’s credentials or impersonating another University user.
  • Malicious threats, include computer viruses, trojans, worm and spyware.
  • Social engineering scams, compromised accounts
  • Loss or theft of computer equipment or other data storage devices and media (e.g., laptop, USB drive) used to store private or potentially sensitive information
  • Unauthorized access to sensitive information, such as Social Security numbers or restricted research data, whether intentional or accidental.

Benefits

  • It is important to report actual or suspected security incidents as early as possible so the University can prevent or limit the impact.
  • Trend analyses of the collected information can be performed, allowing the University to focus preventative efforts on areas of most concern.
  • Investigations (where appropriate) can be performed, and action is taken to prevent a recurrence of the incident.

Resources

 
Report to IT Security

Related Articles (6)

How to stay ahead of potential Phishing and what to do if caught
Tips on password creation
How to reset your supplemental account password
How to install the MFA Authenticator for Android
How to stay safe from scams/phishing, malware, viruses and more.