There are four main types of data security incidents:
- Computing Devices Compromised by malware.
- Computing Devices Compromised by Unauthorized Access (includes any devices accessed without permission, either by stolen or compromised credentials, or other attempts to access a device without authorization)
- Lost or Stolen Computing Devices containing Confidential Wellesley College data (refers to all computers [both College-owned and personal], servers, portable media, external hard drives or other mobile devices)
- Lost or Stolen Paper Records containing Confidential Wellesley College data
Breach Reporting Procedures
-
Computing devices compromised by malware*
- Contact the Computing Help Desk immediately at x3333.
- Submit a Data Incident Report if Confidential College data was stored on the compromised device.
*It can be difficult to tell when a computer has been infected with malware. Here are some common signs to look for:
- Your computer is slower than usual
- You see a lot of pop-up windows when web browsing
- Your computer runs out of disk space
- Your computer crashes often
- You receive a message from anti-virus or anti-spyware software suggesting you have a problem
-
Computing devices compromised by unauthorized access
- Shut down the compromised computer immediately and call the Computing Help Desk at x3333.
- Submit a Data Incident Report.
- The Information Security Officer (ISO) will contact Campus Police upon notification to coordinate the investigation.
-
Lost or stolen computing devices containing Confidential College data
- Contact Campus Police immediately at x5555.
- Submit a Data Incident Report.
- Campus Police will contact Library & Technology Services (LTS) upon notification of the loss to coordinate the recovery effort. (The lost device may be recovered if it connects to the campus network. This may not be possible in all cases.)
-
Lost or stolen paper records containing Confidential College data
- Contact Campus Police immediately at x5555.
- Submit a Data Incident Report.
- Campus Police will contact LTS upon notification of the loss to inform them of potential data breach.
In all of the above cases of known or suspected data breaches, the ISO will immediately inform the Deputy Chief Information Officer and the Chief Information Officer (CIO) who will alert the Chair of the Data Incident Team.