2020 Archdiocese of Atlanta Employee Policy Manual/September 2020 - Manual / Resource - Page 48
•
•
•
Specific action is required if a user suspects that a suspected cyber-attack has occurred. A
cyber-attack is defined by the following:
o All losses or disclosures of confidential or sensitive information,
o All information security violations and problems,
o All suspected information security problems, vulnerabilities, and incidents,
o Any damage to or loss of computer hardware, software, or information that has
been entrusted to their care.
The following five steps should be followed in the case of an actual or potential information
security breach:
o Do not turn off or reboot any systems, but unplug network cables IMMEDIATELY,
and/or disconnect the system(s) from the wireless network. Take notes (date; time;
who discovered; what tripped the alarm);
o Report the incident to the IT Department via ticket and phone call.
o After confirmation from the IT staff, secure the scene. Do not allow anyone to take
any action on affected systems; Preserve and protect the evidence.
o Determine if security of sensitive data was breached and, if so, what data elements
were included (e.g. name, age, DOB, SSN, medical information)
o Follow the instructions provided by the IT staff.
In the event the data breach includes the compromise of credentials used to access an
external resource related to the operation of the Finances or Human Resources of the AoA,
the following additional steps will be taken:
o Contact the external vendor and notify them to of the potential security breach and
to request they perform an audit to ascertain the extent the breach.
COMMUNICATE WITH THE BANK – telephone the bank to talk through what has
happened, and what actions you will be taking. If check fraud occurred, make sure
you activate “positive pay” security on the bank account. If wire fraud occurred,
request the bank help identify where funds were sent, and provide this information
when you communicate with the Police and FBI. If some instances where rampant
check fraud has occurred, you may need to close the bank account and open another
one; or you may want to verify all checks that clear each day until you feel the
security over the bank account is adequate.
o Change Passwords - make sure that you immediately change your own passwords,
and consider having all employees that have an account with this external resource
to do so as well.
o WRITE UP WHAT HAPPENED – to the extent you are able to, write up exactly
what happened, including emails, phone calls, banking instructions and
information (Number of individuals affected including numbers of AOA
employees, contractors and non-AoA employees involved) . If PII has been
compromised and identify by type ( full name, home address, email address, social
security number, passport number, driver's license number, credit card numbers ,
date of birth) and /or financial information. This should be a systematic summary
of how the fraud or attempted fraud occurred.
o RETAIN CORRESPONDENCE – Retain the original emails from any “imposter”,
which will prove helpful to your IT support group (as well as the Chancery’s), the
Police, and the FBI. E-Mail messages contain “header information” that can help
48 | P a g e
