OVC Desktop Support Incident Response Procedures
The following procedures are taken in the event of suspicious activity by viruses, malware or other malicious behavior observed or reported.
If a user believes his or her computer might be infected with a virus or malware, or reports suspicious activity, or has been identified by IS&T IT Security to be under attack, they should do the following:
- STOP using the computer immediately.
- UNPLUG the (usually black) Ethernet cable from the computer or the network jack. Laptop users should turn off any WiFi adapters.
- CONTACT your Department IT Liaison and OVC Desktop Support as soon as possible.
- Leave the machine powered ON, and in the state that it was found. (Do not close any pop-up windows or other signs of notification. This gives OVC Desktop Support an opportunity to view the virus/malware behavior)
Any computer reported as possibly compromised must be reported immediately and examined by OVC Desktop Support to determine if any Personally Identifiable Information (PII) resides on the computer.
What is Personally Identifiable Information (PII)?
Personally Identifiable Information (PII) is legally defined as an individual’s Last Name + First Name or First Initial, along with one or more of the following:
- Social Security Number (SSN)
- Driver’s License or Mass. ID Number
- Financial Account Number
- Credit/Debit Card Number
- Medical Information
Examination for PII
OVC Desktop Support will run Spirion on the machine to search the for the legally defined categories of PII (SSN, Driver’s License/MA ID Number, Financial Account Numbers, Credit/Debit Card Numbers)
If no PII is found on the drive, the drive will be re-imaged, data restored and returned to the user.
If PII is discovered on the machine along with a virus or malware, the computer it will be considered a data breach and notification will be sent to the User, Department Head, IT Liaison and the respective OVC/DSL Director of Administration.
OVC Desktop Support will also send notification to DIRT (IS&T Data Incident Response Team) which consists of members from IS&T Security, Office of General Counsel, MIT Public Relations and Campus Police.
OVC Desktop Support will collect the PII found on the machine and provide it to the Office of General Counsel. The Office of General Counsel will determine who needs to be notified of the breach. Reportees may include the actual PII owners, Banks, Credit Card companies and the State Attorney General’s Office.
When will I get my computer back?
Generally, if the virus or malware is not a data collector, your machine may be returned to you in a couple of days. If the virus or malware is a data collector, it may take a little longer.