OVERVIEW
Target audience: McGill community
In this article:
- What's considered a McGill IT security incident?
- Unauthorized use or access of McGill resources, devices, and/or data
- Misuse of McGill IT-provided resources (policy violations)
- Device security
- McGill website or IT service security issues
- Non-email phishing or scams
- How do I report an IT security incident?
- What isn’t considered an IT security incident?
Report crime, bullying, harassment or other potential risks to health and safety
If the incident involves on-campus crime, bullying, harassment or other potential risks to the health and safety of individuals, please immediately contact McGill Security Services at 514-398-3000.
For lost or stolen devices, visit the Security Services Lost and Found site.
What's considered an IT security incident?
Any situation where McGill’s IT services are used in a way that:
- goes against McGill policies and standards, and/or
- could harm the security, privacy, or proper functioning of our systems, the data they hold, or the people who rely on them.
If you notice something suspicious or concerning, it’s important to report it right away. Quick reporting helps us investigate what happened, take action to protect the McGill community, and prevent similar issues in the future.
Below are common examples of incidents. If you’re unsure, it’s always better to report!
Unauthorized use or access of McGill resources, devices, and/or data.
This includes:
- A McGill account(s) becoming compromised*. Attackers use compromised accounts for many different types of malicious activities, including:
- sending out spam and phishing.
- gaining access to systems that store personal and/or sensitive information.
- Intentionally sharing your McGill credentials with another individual.
- The sharing of files or data containing personal or confidential information with unauthorized individuals (i.e. suspected or confirmed data leakage/breaches). This can be accidental or intentional. For example,
- when browsing a McGill website, you notice that you can open a file with personal information that you shouldn’t be able to access.
- a helpful colleague shared Banner data with a fellow employee who can’t access Banner.
*When an account is referred to as "compromised", it means that it has been accessed without the owner's permission. Logins from new devices, locations, or browsers could indicate a compromised account.
Misuse of McGill IT-provided resources (policy violations)
For example:
- mining cryptocurrencies on the McGill network,
- downloading, sharing, or storing pirated or illegal content on the McGill network, devices, or in McGill-provided services,
- using McGill contact lists and other resources for non-McGill activities, such as promotion of a private business.
- Storing McGill data in solutions that have not been vetted and approved by McGill. Vetted solutions ensures they have proper data protection policies, security controls, and comply with regulations.
Harassment or non-consensual explicit/violent content shared using McGill IT-provided services.
If these types of incidents occur through any McGill IT-provided services or equipment, such as McGill Wi-Fi, email, Teams, public computers, or by leveraging McGill-owned data, they should be reported:
- Harassment or cyberbullying,
- Threats to self-harm,
- Threats to harm or abuse others (through physical, reputational, financial, or other means).
- Doxxing, i.e. to “publicly identify or publish private information about (someone) especially as a form of punishment or revenge” (source: Merriam-Webster.com).
- Non-consensual publishing, dissemination, or receipt of explicit content such as pornography or violent imagery.
Device security
- Malware, including ransomware or viruses, was discovered on a device that stored or had access to McGill data
- USB keys, laptops or other digital devices, including mobile phones or internet-connected devices, found abandoned on campus. Note: if you discover one of these, please do not attempt to assess the contents, and do not connect them to the Internet or to any other device as it could contain malware. When found, report it to us and wait for instructions, or drop it off at Campus Security.
McGill website or IT service security issues
- A McGill website has been hacked, defaced, or appears to host malicious content.
- You discovered a vulnerability in a McGill website or service.
Non-email phishing or scams
Email phishing targeting McGill users counts as an IT security incident. There is a simple, 1-click process to report it, allowing us to effectively respond to protect our community. For more details, see Report suspicious emails.
Additionally, please report the following types of non-email phishing and scams as soon as they occur:
- You received a suspicious phone call AND provided personal or confidential information, including your McGill password and 2FA credentials, to the caller.
- You received AND interacted with a suspicious text (SMS) on your McGill work cellphone.
- You spotted a poster or other physical media on campus with a malicious link or QR code.
- You spotted or interacted with a malicious link in an official post on McGill social media.
- You are an external IT security consultant reporting phishing sent to your organization from a McGill account or using McGill branding.
How do I report an IT security incident?
Important: How do you report an IT security incident?
To report an urgent IT security incident, contact the IT Service Desk by calling 514-398-3398.
To report suspicious emails or Teams messages that you have not interacted with, see Report suspicious emails.
Otherwise, please submit the IT Security Incident Report form. To avoid delays in investigating incidents, please provide as much information as possible to make sure your issue is routed to the appropriate team.
What isn’t considered an IT security incident?
Some incidents might seem to be related to IT security but aren’t actually in the jurisdiction of McGill’s Information Security team. For instance:
- If you came into conflict with another individual or account on social media who isn't a member of the McGill community and it resulted in harassment or threats, you’ll need to report it to public authorities such as the police (SPVM).
- If you have questions or comments about the University’s privacy practices, including requests for access to, or correction to your Personal Information, or you wish to make a complaint, please visit https://www.mcgill.ca/privacy-notice.
- Information about you that is publicly available on the internet, including on social networks and professional pages, was re-used without your authorization on a site or service that isn’t owned or managed by McGill. In this type of situation, you should consult with legal counsel to determine your best course of action.
- A non-McGill account you own was compromised. IMPORTANT: if you used your McGill password for that account, change your McGill Password right away and then check to see that no new 2FA methods have been registered for you. See How do I change or reset my McGill Password and View and modify 2FA and SSPR account settings for instructions.
