Steps for Faculty and Staff
Steps to Take If Your System Has Been Attacked for Faculty and Staff
- Disconnect the machine from the network. This will prevent an attacker from doing further damage to your system, and from using your system to attack others. To disconnect your machine, simply unplug the ethernet cable, or if the computer uses a wireless connection, either deconfigure the wireless card or physically pull the card out of the socket. If you are not sure how to disconnect from the network, contact your IT Support Provider.
- Note: Do NOT turn the machine off or reboot unless instructed to do so by Information Security. It is possible that processes left by an attacker may not get restarted after rebooting, which will make it more difficult for Information Security to determine the cause of your problem. Furthermore, other hacks left on the machine may take effect during reboot. Leave your computer powered on and disconnected from the network unless otherwise instructed.
- Contact your IT Support Provider so they can come evaluate the situation. Be sure to include the machine name, operating system type and version, contact person, and any other information relating to the suspected event.
- If follow-up is needed, either your FSP or a representative from Information Security will get back to you.
- To preserve system logs and other data, DO NOT use the machine after it has been disconnected from the network. Await follow-up from your FSP or Information Security.
- You will receive a response from your FSP or Information Security with further inquiries and instructions regarding your case. Once your system is secure, notification will be sent letting you know that it is safe to reconnect your machine to the network.
Adapted with permission from the MIT Knowledge Base