© Lisa Schöne
  • Tips for Recognizing Information Security-Incidents and -Emergencies

    Every information security incident or emergency is different, which makes it difficult to provide indications by which you can recognize one. However, the following indicators could be a sign of an incident or emergency:

    • Incident messages from your antivirus program or firewall
    • Frequent, unexpected pop-ups without any recognizable reason
    • Unknown program requests for no obvious reason
    • Damaged or inaccessible files
    • Suddenly unusually slow or no response of the device
    • Numerous e-mail undeliverability messages

    But be careful, because also messages about alleged security incidents or problems can be social engineering, such as calls or emails from the supposed IT services or website popups with supposed infection warnings.

  • IT Emergency Card

    In case of an IT security incident or IT emergency, it may no longer be possible to research the responsible people to contact. The University of Münster therefore provides an IT emergency card on which you can enter people to contact and find out what to do in the event of an IT incident.

    IT Emergency Card

    Print out the card. Enter the telephone number of your responsible IVV and/or the number of the responsible administrator. Add another contact person if necessary (e.g., your executive). If you use a work computer, it may be helpful to also note the computer name on the IT emergency card.

    Keep the IT emergency card where you can find it quickly in the event of an IT emergency.

  • My computer is acting strangely, how do I proceed now?

    If you assume that your computer is infected, do the following:

    1. Stop working.
    2. Leave the device switched on.
    3. If possible, disconnect the device from the Internet (switch off WLAN or pull the LAN cable).
    4. If external data carriers are connected, disconnect them.
    5. Report incident:
    • Employees of the scientific departments:
    1. Report to administrator or IVV.
    2.  CERT
    • Employees of the administration:
    1. Report to administrator or IVV9/Service Desk (Tel.: 0251 83-30303).
    2. CERT
    • Students:
      • If a device of the University of Münster is affected, report to the responsible administrator*in or IVV or the hotline of the CIT (Tel.: 0251 83-31600).
      • If a private device is affected, contact the CIT user advisory service (Tel.: 0251 83-31900).
  • I was asked to disclose sensitive Information.

    Thank you for being alert to such requests! Please ask yourself the following questions and review the request if necessary:

    • How trustworthy is the request and who is it coming from?
    • Verify via another channel (in person, by phone,..) if it is a trustworthy request.
    • If in doubt, do not disclose any data and, if necessary, involve the Data Protection Office.
  • I sent an e-mail with sensitive information to the wrong person.

    If sensitive data has gotten into unauthorized hands, please contact the Data Protection Office.

  • I have received a phishing email with reference to the University of Münster.

    Please report suspicious e-mails, such as phishing, with reference to the University of Münster (e.g. e-mail address of the University of Münster, a person pretends to be an employee of the University of Münster, copied login page of the University of Münster,...) to spam@uni-muenster.de. Please always forward the complete suspicious e-mail as an attachment (in Outlook via the button "Forward as attachment" or via the key combination Ctrl + Alt + F), so that all necessary information is available for a quick reaction.

  • Proceeding after a Security Incident

    After you have been in contact with your responsible administrators and/or your IVV and followed the instructions, further steps after a security incident can follow: 

    • Change all passwords with another computer if necessary.
    • Identify other possibly infected computers.
    • Apply (have applied) a new operating system image to infected computers.
    • Restore data if necessary.

    Please discuss further procedures with your administrators and/or your IVV.

  • All Contact Details as an Overview

    Important: First try to reach the administrator or IVV responsible for you, before contacting the CIT-Hotline, the CERT or the Working Division IT Security. Your IVV has access to your systems and often knows much better which systems are in use.