Reporting IT security incidents
Please report any incidents and shortcomings or deficiencies regarding IT and information security to firstname.lastname@example.org as soon as possible.
In addition, report critical security-relevant incidents, especially those with potential publicity (e.g. data loss or data theft), to your supervisor so that any necessary measures can be initiated quickly and purposefully.
Keep all emails and other data after reporting an incident. Do not delete anything! Switch off the affected devices immediately and leave them deactivated.
An obligation to report immediately exists, for example, in the following cases
Loss or theft of documents or IT devices, e.g. smartphones, tablets or notebooks, or data storage devices such as USB drives
In the event of malware or strange device behavior, e.g. sudden system crashes or notifications of (alleged) malware infestation
Unusual emails or calls, especially when asking for passwords or information about colleagues
If unwanted data encryption occurs, e.g. associated with payment requests
Please do not hesitate to report incidents or security deficiencies. The aim is to minimize damage caused by security incidents and deficiencies and to rule them out in the future.