If your computer or electronic device is stolen always contact the police first. If it was stolen on campus, you need to contact University Police. Otherwise, report the theft to local law enforcement.
What is an "information security incident"?
Although “information security incident” might sound like it refers to something specific, it actually refers to a wide variety of events, problems, and activities. Simply getting an alert from an app that you do not recognize or losing your work laptop in public are concerns that you should report to InfoSec. If you notice anything out of the ordinary, report it immediately.
Examples of security incidents
- Phishing attacks where you click an unsuspecting link that turns out to be malicious
- Unauthorized alteration of University data, such as changing information on websites or in databases
- Unauthorized use of a computing account (Don’t give out your password to anyone for anything)
- Using information technology resources for unethical or harmful purposes
- If someone gets access to your email, they not only have to ability to read your emails they can also send emails on your behalf
How can we prevent information security incidents?
From anti-malware to firewalls, our office takes a lot of preventative measures to keep the University’s systems and data protected. Despite our best efforts, we still need your help to keep the University secure. Sec_rity is not complete without “U”!
Consider the following steps to protect your devices and data:
- Never leave your computer unattended in public…even if it is just for a second!
- Protect your mobile devices with remote device management:
- Apple’s iPhone has an application that allows you to track, remotely erase, and even lock out that device.
- Google offers an application called Find my Device that will allow you to track, remotely erase, and lock out. https://play.google.com/store/apps/details?id=com.google.android.apps.adm&hl=en
- Record the serial numbers of your devices in case they do get stolen so the authorities will know what they are looking for (e.g. external hard drive, USB drive).
- Use a secure network such as University VPN. Public Wi-Fi is a hotbed for hackers.
- Use stronger passwords, longer and more complex is always better.
- You wouldn’t give your ATM pin to anyone, so don’t give your passwords out either!
- Anti-Virus and Anti-Malware software such as or
- Do not store sensitive information such as SSNs or Banking Information on your computer, and if you must then encrypt your file drive.
- Run full system back ups often, you never know when you will need to restore a back-up.
Who do I contact to report an information security incident?
Depending on what happened and how you became aware of the security incident, consider the following steps:
Stolen device with University data:
- Report the theft to local law enforcement.
- Report it to InfoSec at
- Monitor your account for unauthorized changes.
- If you stored sensitive information for another employer, you need to inform them of the theft.
Unexpected device or account behavior:
- Contact your LSP or the ITS Help Desk.
- If they are unable to resolve or you have a more immediate concern, report it to InfoSec at https://security.virginia.edu/report-information-security-incident.
Potential threat to University data or IT resources:
- If it includes physical danger, contact local law enforcement.
- Report it to InfoSec at https://security.virginia.edu/report-information-security-incident.
Why report it?
- According to the Acceptable Use policy, you are responsible for anything done under your computing account or using your credentials.
- The incident reporting standard requires that you must report security incidents within one hour from the time an incident is discovered.
- The faster you open a dialogue with InfoSec, the faster we can get your accounts back up and running.
- InfoSec will help to keep your data safe.