Security incidents require resolution and close collaboration between the user who reports them and the expert who analyzes them. At Masaryk University, incident response is managed by the CSIRT-MU cybersecurity team. Effective incident reporting by the user minimizes threats and is their responsibility. Below, we present a guide for effective incident reporting.
What incidents does Cybersecurity Team MU handle?
CSIRT-MU only addresses incidents within the IT environment and network of Masaryk University (e.g., web services ending with muni.cz). In practice, these can include (demonstrative list):
- theft of login credentials by an attacker (e.g., phishing);
- unauthorized access to sensitive data;
- attempts to crack passwords;
- downloading malware onto a device;
- unusual network activities.
On the other hand, issues such as a forgotten password for IS MU or a non-functioning VPN are not considered security incidents and should be addressed through technical support.
-
STEP 1: Choose a method to report the incident
You can report an incident in two ways:
- Send an email to csirt@muni.cz.
- Fill out the form (here).
In urgent cases, you can call +420 549 494 242 on weekdays (9:00 AM–5:00 PM) to directly reach the Cybersecurity incident response team. -
STEP 2: Provide the necessary information
Whichever form of reporting you choose, please always complete:
- First name, last name, UČO -> Cybersecurity experts dealing with the incident must verify your identity.
- Describe the problem in detail -> describe the problem as precisely as possible (example of possible signs of a PC attack), and we will ask you if necessary.
Reporting incidents via personal email without providing a UČO may delay the resolution process, so please use university email. -
STEP 3: Submitting of evidence
For the submitting of evidence, follow these guidelines:
- Email communication(e.g., phishing or malware) -> forward the email or attach the text with links, including attachments and headers - instructions for exporting headers can be found here.
- Other incidents(e.g. ransomware on a device) -> forward relevant supporting documentation, including images (e.g., screenshots) with the email text.
Screenshots can also be helpful for incidents within email communication but always make it a priority to forward the email text with headers.
What to do after reporting?
After reporting, Cybersecurity experts will contact you within 24 hours, during working days from 9:00 to 17:00, to provide further instructions. A quick response to their questions from you can speed up the resolution of the incident.