If you suspect a computer security incident, please contact:

• Pop-ups or warnings from Symantec Endpoint (even if they seem insignificant)
• Computer is on when you are sure you turned it off
• Unexpected user’s name is shown on login page
• Files or folders are changed, missing, or appear without your knowledge
• Cursor moves around without you touching the mouse
• Password suddenly no longer works but did not expire

What to do:

• Leave the computer running
• Disconnect computer from network by removing the Ethernet cable from wall port or from back of computer
• Do not call the IT help desk; call one of numbers above, or send an email to itsecure@uccs.edu
  
• Give as much of the following information as possible:

1. Person who detected the incident
2. Date and time detected
3. System/service involved
4. Location (bldg/room) of system/service
   
5. Department responsible for the system/service
6. Type and scope of data compromised (if known)
7. Brief description of the event (or of the weakness exploited)

Guidelines for Reporting:

• UCCS Incident Reporting Guidelines

UCCS Incident Response Plan can be found here: UCCS Computer Security Incident Response Plan