What is a Security Incident?
An security incident is an event that may affect the confidentiality, integrity or availability of the College’s IT infrastructure through unauthorized access, accidental disclosure, or other, including:
The presence of any form of malicious software (malware, viruses, worms, etc.).
The presence of any abnormal software that was not previously present on a computer or server.
Suspicion that a user account has been compromised, or used in a manner which is against Acceptable Use Policies.
Intentional or accidental exposure of sensitive information.
Web browsers re-directing automatically or producing popup messages or advertisements unexpectedly.
File types, formats, or naming conventions changing unexpectedly or files not opening as expected.
Slow computer performance, applications hanging, or any unexpected behaviour.
Notifications that anti-virus or firewalls are not running or are disabled.
Clicking a link that directs to a malicious or suspicious site, opening an attachment which is suspicious, or providing credentials in response to a suspicious e-mail.
Sending an e-mail with sensitive information to the wrong destination address or sharing information with the wrong person or group.
Misplacing or losing sensitive information in physical form such as paper or notebooks.
Lost or stolen devices including but not limited to laptops, mobile phones, desktop computers, portable storage devices, switches, etc.
How to Report an IT Security Incident
- Disconnect the network cable from the computer and/or disable Wi-Fi.
- Do not power off the computer.
- Contact the Mohawk College IT Service Desk immediately by phone if you believe you are experiencing an IT Security incident regardless of your location: 905-575-2199
- Inform your immediate manager of the current status.
- Make notes about the IT incident to make sure that you can provide clear and accurate information to IT staff. When making notes, consider the following:
- What happened?
- What websites have I visited recently?
- Have I received any suspicious e-mails that were actioned recently?
- When did it happen? (specifically at what time)
- Where did it happen (Physical Location and Network Location (ex: Wireless)?
- Who was involved?