Skip to main content

Information Security

Incident Response FAQ

Call the Technology Help Desk x5700 (408-554-5700) or visit the Technology Help Desk  on the first floor of the Learning Commons. 
If it's a laptop or tablet computer, please bring it with you.

Probably not. Try changing the batteries in your wireless mouse and/or keyboard. 
If the problem persists, call the Technology Help Desk x5700 (408-554-5700)

Call the Technology Help Desk x5700 (408-554-5700). The Help Desk will notify the Information Security Office (ISO) who will call you back with some questions (see example questions below)
  • Was university data stored on the computer?
    • Student records (names, ID numbers, grades)?
    • University financial information?
    • Student health records?

If it was stolen, file a report with the police
If it was a university owned computer, call the Technology Help Desk x5700 (408-554-5700). The Help Desk will notify the Information Security Office (ISO) who will call you back with some questions (see example questions below)

  • Was university data stored on the computer?
    • Student records (names, ID numbers, grades)?
    • University financial information?
    • Student health records?
  • Was your own personal data on the computer? (Tax, banking, health records)
    • Consider subscribing to a credit monitoring service.

Also, if it's a university owned computer, call the Risk Management Office to see if the computer is insured and can be replaced without incurring additional cost to your department.
 
If it's a personally owned computer and there was university data stored on it, call the Technology Help Desk x5700 (408-554-5700). The Help Desk will notify the Information Security Office (ISO).

Call Campus Safety x4441 (408-554-4441). They will ask you questions about the content of the messages and may contact the Santa Clara Police Department.

If you believe the email is part of criminal activity, DO NOT delete the email until you have contacted Campus Safety x4441.
If it is a garden variety spam that has slipped through Google Apps' spam filters, you can report the undesired spam email:
  • Click the checkbox next to the message in your inbox
  • Then find the icon that looks like a stop sign with an exclamation point on it in Google's icon bar. 
    • Click that icon and you're done! 
    • You will also be helping Google's spam filters "learn" about the spam that it has been missing.

Even if the email has our logo and all of the right colors, it may not be from SCU. Does it read strangely? Are there spelling or grammar mistakes?

DO NOT ENTER YOUR USERNAME OR PASSWORD. You have been phished.
  • Click the little down arrow just to the right of the email date stamp and below the little printer icon to the right of the email's subject line.
  • Click "Report Phishing"
    • You're helping Google's phishing filters to catch the phish that it has been missing
DANG IT! I ALREADY ENTERED MY USERNAME AND PASSWORD. It looked so real. Now what?
  • Change your SCU passwords immediately!
For more information about phish emails, look here. For more information about changing your SCU password, look here. 
 
SCU will NEVER request your credentials or login ID via email. All email messages that request this or other personal information are fraudulent. 

DO NOT turn your computer off. Stop all activities on the computer and contact the Technology Help Desk x5700 (408-554-5700). Tell the Help Desk analyst that you have an urgent issue, and that you suspect an information security incident has occurred. The Help Desk will contact the Information Security Office (ISO) who will contact you and begin investigating the incident. 

Call the Technology Help Desk x5700 (408-554-5700). Tell the Help Desk analyst that you have an urgent issue, and that you suspect an information security incident has occurred. The Help Desk will contact the ISO who will contact you and begin investigating the incident. 

  • Be prepared to provide a brief explanation of the suspected abuse or misuse.
  • When possible, please include the suspected SCU IP address or computer name, and the data and time when the suspected abuse occurred. The more specific you can be, the better the chance we have of tracking down the suspect.