© Lisa Schöne

  • Tips for recognising information security incidents and emergencies

    Every information security incident or emergency is unique, which makes it difficult to provide indications on how to recognise one. However, the following indicators could be a sign of an incident or (pending) emergency:

    • incident messages from your antivirus program or firewall
    • frequent, unexpected pop-ups without any recognisable reason
    • unknown program requests for no obvious reason
    • damaged or inaccessible files
    • device reacts unusually slow or doesn't respond
    • numerous email undeliverability messages

    We should note, however, that "healthy scepticism" is always warranted. Messages concerning alleged security incidents or problems can sometimes originate from fraudulent sources. Such messages can come in the form of calls or emails from the supposed IT services or website popups with supposed infection warnings.

  • IT emergency card

    In case of an IT security incident or emergency, you may no longer be able to search online for the responsible IT support staff. The University of Münster therefore provides an IT emergency card for important IT contacts and  information on what to do in the event of an IT incident.

    IT emergency card

    Print out the card. Enter the telephone number of your responsible IVV and/or the number of the responsible administrator. Add additional contacts, if necessary (e.g. your supervisor). If you use a work computer, it may be helpful to note the computer ID on the IT emergency card.

    Keep your IT emergency card where you can find it quickly in the event of an IT emergency.

  • My computer is acting strangely: What should I do?

    If you suspect your computer might be infected, do the following:

    1. Stop working.
    2. Leave the device switched on.
    3. If possible, disconnect the device from the Internet (switch off WLAN or pull the LAN cable).
    4. If external data carriers are connected, disconnect them.
    5. Report incident:
    • Faculty employees:
    1. Report to the responsible administrator or IVV.
    2.  CERT
    • Administrative employees:
    1. Report to the responsible administrator or IVV9/Service Desk (tel: +49 251 83-30303).
    2. CERT
    • Students:
      • If a device of the University of Münster is affected, contact the responsible administrator or IVV or the CIT hotline (tel: +49 251 83-31600).
      • If a private device is affected, contact the CIT user advisory service (tel: +49 251 83-31900).

  • I was asked to disclose sensitive information.

    Thank you for being alert to such requests! Please ask yourself the following questions and review the request if necessary:

    • How trustworthy is the request, and who is it (allegedly) from?
    • Verify via another channel (in person, by phone etc.) if the request is legit.
    • If in doubt, do not disclose any data and, if necessary, notify the Data Protection Office.

  • I sent an email with sensitive information to the wrong person.

    If sensitive data has gotten into unauthorised hands, please contact the Data Protection Office.

  • I have received a phishing email with reference to the University of Münster.

    Please report suspicious emails, e.g. phishing attempts, which reference the University of Münster (e.g. emails with a University of Münster address, someone pretending to be an employee of the University of Münster, fake login page of the University of Münster) to spam@uni-muenster.de. Be sure to forward the complete suspicious email as an attachment (in Outlook via the button "Forward as attachment" or via the key combination Ctrl + Alt + F) so that all necessary information is available for a quick response.

  • How to proceed after a security incident

    After you've contacted your responsible administrator and/or IVV following a security incident and followed their instructions, you can take additional steps to protect yourself and others: 

    • Change all passwords using another computer, if possible.
    • Identify other possibly infected computers or devices.
    • Have a new operating system image installed on the probably infected computer
    • Restore data, if applicable.

    Please discuss all further steps with your administrators and/or IVV.

  • Overview of all contact details

    Important: Before contacting the CIT hotline, CERT or the IT Security Department, first try to reach the administrator or IVV responsible for your faculty or department. Your IVV has access to your systems and often knows much better which systems are in use.