Tips for Recognizing Information Security-Incidents and -Emergencies

Every information security incident or emergency is different, which makes it difficult to provide indications by which you can recognize one. However, the following indicators could be a sign of an incident or emergency:

• Incident messages from your antivirus program or firewall
• Frequent, unexpected pop-ups without any recognizable reason
• Unknown program requests for no obvious reason
• Damaged or inaccessible files
• Suddenly unusually slow or no response of the device
• Numerous e-mail undeliverability messages

But be careful, because also messages about alleged security incidents or problems can be social engineering, such as calls or emails from the supposed IT services or website popups with supposed infection warnings.

IT Emergency Card

In case of an IT security incident or IT emergency, it may no longer be possible to research the responsible people to contact. The University of Münster therefore provides an IT emergency card on which you can enter people to contact and find out what to do in the event of an IT incident.

IT Emergency Card

Print out the card. Enter the telephone number of your responsible IVV and/or the number of the responsible administrator. Add another contact person if necessary (e.g., your executive). If you use a work computer, it may be helpful to also note the computer name on the IT emergency card.

Keep the IT emergency card where you can find it quickly in the event of an IT emergency.

I was asked to disclose sensitive Information.

Thank you for being alert to such requests! Please ask yourself the following questions and review the request if necessary:

• How trustworthy is the request and who is it coming from?
• Verify via another channel (in person, by phone,..) if it is a trustworthy request.
• If in doubt, do not disclose any data and, if necessary, involve the Data Protection Office.

I sent an e-mail with sensitive information to the wrong person.

If sensitive data has gotten into unauthorized hands, please contact the Data Protection Office.

I have received a phishing email with reference to the University of Münster.

Please report suspicious e-mails, such as phishing, with reference to the University of Münster (e.g. e-mail address of the University of Münster, a person pretends to be an employee of the University of Münster, copied login page of the University of Münster,...) to spam@uni-muenster.de. Please always forward the complete suspicious e-mail as an attachment (in Outlook via the button "Forward as attachment" or via the key combination Ctrl + Alt + F), so that all necessary information is available for a quick reaction.

Proceeding after a Security Incident

After you have been in contact with your responsible administrators and/or your IVV and followed the instructions, further steps after a security incident can follow: 

• Change all passwords with another computer if necessary.
• Identify other possibly infected computers.
• Apply (have applied) a new operating system image to infected computers.
• Restore data if necessary.

Please discuss further procedures with your administrators and/or your IVV.

All Contact Details as an Overview

Important: First try to reach the administrator or IVV responsible for you, before contacting the CIT-Hotline, the CERT or the Working Division IT Security. Your IVV has access to your systems and often knows much better which systems are in use.

• For scientific staff: IVVs of the departments
• For administrative staff: IVV9/ Service Desk
  • Phone: 0251 83-30303
  • E-Mail: it.servicedesk@uni-muenster.de
• For students: CIT-Hotline
  • Phone: 0251 83-31600
  • E-Mail: it@uni-muenster.de

• Computer Emergency Response Team (CERT)
  • E-Mail: cert@uni-muenster.de