Body
Reporting a security incident is a serious matter. The following are terms account holders (both employees and students) should understand if they need to Report An Incident involving their university account or computer system.
Personal Information
Personally Identifiable Information (PII) is any information about a person that is maintained by an agency and can be linked to an individual. There are three classifications of PII.
Confidential information: Restricted information that is protected by law or university policy.
Restricted information: Information used to conduct university business not intended for public disclosure.
Public information: Information that has been designated for public use and there is no expectation of privacy or confidentiality.
Nonpublic Personal Information - a subsection of PII - is personally identifiable financial information, such as a user's social security number, bank account, credit history, address, etc. NPI is considered confidential information.
UCM Policy aids in the protection of personal information but users should also take steps to safeguard their information by choosing a strong password. A user should NOT share or disclose personal information to any unauthorized person. A user's password or PIN should NOT be shared with anyone.
Compromised System
A compromised system is a computer (laptop or desktop) that is behaving abnormally, indicating that it may be affected by a bad actor or a virus.
It can be difficult for a user to detect if a system has compromised. If a user thinks their system has been compromised, take the following steps:
- Immediately stop using the system. Do NOT power off the device or use the keyboard.
- Disconnect from the network by unplugging the network cable and disconnecting from WiFi.
- Report the incident and wait for further instructions.
Compromised Account
A compromised account is an account that has been affected by a bad actor (someone other than the account holder) that has gained access to a student or employee account.
This can include:
- Emails being sent from a UCM email address by someone other than the account holder.
- Financial information being altered by someone other than the account holder.
- An account log in that was not initiated by the account holder.
Bad actors gain access to an account through scam and phishing emails containing links. If a user receives a suspicious email, it is best to not click any links and mark the email as spam. This will alert the Office of Technology Security Team.
If a user believes their account has been compromised, it is best to Report An Incident or contact the Technology Support Center at 660-543-4357.
Acceptable Use Policy (AUP)
The Acceptable Use Policy is the framework for the acceptable use of all Information Technology at the University of Central Missouri. The policy is in place to protect all university employees, students and visitors. The policy applies to and must be observed by all employees, student and other individuals with a university account or system. Account holders have a responsibility to protect their account from unauthorized use.
The AUP outlines the scope and procedures of the policy as well as the compliance expected from all users. Users found in violation of the AUP may be subject to disciplinary actions and removal of access.
Violations of the AUP - such as theft, loss or unauthorized disclosure of protected and classified information - should be reported to the Technology Support Center at tsc@ucmo.edu or 660-543-4357.