How to handle a suspected security incident

• loss or theft of equipment (laptop, mobile, USB drive),

• suspicious email or message that looks like communication from CU,

• discovering that you have logged in to a fake CAS website,

• unusual behavior of the computer (sends emails by itself, slows down, opens ads),

• sudden lock of files with ransom demand,

• suspicion that someone else is using your account.

• do not click on links and do not open attachments,

• forward the email to IT support or the security team for review.

• if the IT support does not say otherwise, disconnect the device from internet (Wi-Fi, cable)

• don't try to solve the problem yourself or install "cleaning" tools

• leave the device off or offline according to the IT support instructions.

Change your CAS password especially if:

• you have logged on to suspicious or fake sites,

• you suspect that your account is being misused.

Use another, trusted computer and choose a new, strong password that you don't use elsewhere.

• the sooner you report the incident, the easier it is to limit the damage.

• if you're not sure if it's an incident, you should better consult – even suspicion is important.

• don't install any "cleaning tools" or download suspicious software

• leave your device off or offline until an IT worker has checked it.

Should I report an email that "just" looked suspicious?

• Yes. Even if you haven't clicked on anything, it will help the IT department detect ongoing attacks and protect others.

I clicked on the link, but didn't enter a password - should I do something?

• Report the incident, just to be sure. Attackers can collect data or IP address information without entering a password.

Do I have to report the loss of a laptop with an encrypted disk?

• Yes. Although sensitive data cannot be leaked due to disk encryption, the university must keep track of such events, according to the GDPR.