Security Incidents

We rely on your support to quickly identify and address security incidents. Be vigilant and when in doubt, report your observations. The rule is:

It is better to be safe than sorry!

Should an IT security incident or IT emergency occur, it may no longer be possible to research the contact in charge. Therefore, the WWU provides an IT emergency card on which you can enter contacts and read up on what to do in case of IT iemergencies.

IT Emergency Card

Print out the card. Enter the telephone number of your responsible IVV and/or the number of the responsible administrator. Add another contact person if necessary (e.g. your manager). If you use a work computer, it may be helpful to also note the computer name on the IT emergency card.

Keep the IT emergency card where you can find it quickly in the event of an IT emergency.

  • Detect and report security incidents

    • Does something about your device seem strange or noticeable?
    • Unexpected popups are opening?
    • Unknown programs are running?
    • You have suddenly lost acces to files?
    • An device suddenly reacts unusually slow or not at all?
    • The antivirus program alerts you to a detection?

    WWU employees: Contact the person in charge immediately. Try to reach them in the following order:

    1. Responsible administrator
    2. Responsible IT Support Unit (IVV)
    3. Computer Emergency Response Team [en] (WWU-CERT)

    Students: If you suspect an incident on a WWU device, report it to the responsible IT Support Unit [en] (IVV) or the WWU IT hotline. If your private device is affected, the IT User Support [en] will advise you.


  • Behavior in the event of a security incident

    Stay calm and report the incident.

    1. Stop using the affected IT system.
    2. If a device is affected, leave it switched on.
    3. Disconnect from the WLAN or remove the LAN cable from the device.
      • Research the contact details of the persons in charge listed above via another device. In case of an emergency, it may help if you write down the contact information on a piece of paper that you keep at your workplace.
    4. If you have external storage devices (USB sticks, external hard drives) connected to the affected device, remove them.
    5. Report the incident. The following information will help the contact person:
      • Which IT system is affected?
      • How did you work with the system?
      • What did you observe?
      • Where is the system located?
      • If a corporate device is affected: What is the computer name?
    6. Initiate action as directed by the person in charge.


  • E-mail incidents

    Information about e-mail security can be found here

    If you have received an unexpected, suspicious e-mail and:

    1. clicked on a link and entered your access data, or
    2. opened an attachment (e.g. an Office document)

    please take immediate action!

    Act as described above as an security incident and report to a person in charge. In case 1, immediately change the password for the affected service. In cases 1 and 2, have your device checked to see if it is free of malware. To do this, contact the responsible IT Support Unit (IVV) [en] or the WWU IT hotline [en].

    • Have you received a suspicious e-mail?
    • An e-mail asks you to disclose your access data?
    • An e-mail attachment seems suspicious to you?
    • The suspicious e-mail seems to come from an official WWU address or to be directly related to the WWU?

    It may be an attempt to trick you (phishing) or to distribute malicious software. Please forward the original e-mail as an attachment to for verification.

    • You have received an unexpected and suspicious e-mail from a company (e.g. Amazon or PayPal)?

    Fraud attempts by e-mail often take place in the name of well-known companies. The e-mails are often very professional and designed in the company's corporate design. It is best to report such e-mails directly to the company concerned so that they can take action.