Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

In recent One Step Ahead tips, we reminded you of steps to prevent incidents like phishing. But what if you suspect you fell for a phishing email, an unauthorized individual accessed your sensitive data, or your computer froze, slowed down, or could not access files and systems? To respond to a suspected computer and data compromise:

1. Disconnect your computer from the network by unplugging the ethernet cable or turning off Wi-Fi to forestall an attack and to prevent unauthorized access to your computing device.
2. Do not log off your computing device to avoid losing information and identifying whether malicious activities have occurred. 
3. Do not run anti-virus and anti-malware software until your device has been examined by your computing support staff; maintain information on possible malicious activities. 
4. Contact your computing support staff to run diagnostics to determine the source of the attack. Contact your ISP to report a possible attack on their network. 
5. Make a list of sensitive data stored or handled by your computing devices to ensure you did not lose information or unauthorized access occurred. 
6. Preserve backups stored externally and prevent overwriting or “rolling off.” 
7. Contact the Penn Office of Information Security (OIS) at (215) 898-2172 or security@isc.upenn.edu. 

For additional information, please visit: https://www.isc.upenn.edu/security/procedure/compromise#Steps-to-Take.

--

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.