Compromised Computing Device Policy
For purposes of this policy computing devices include any device which can connect and communicate using the Macalester network. This includes all manner of desktop computers and servers, laptops, tablets, smartphones, POS (point of sale) devices, instrumentation, etc.
“Compromised” devices are those that have been infected by malware, or have been hacked. Devices can become compromised, often without the end user’s knowledge, when preventive software patches and antivirus updates are not regularly applied.
Because a single compromised device can cause many serious problems for all others on our network, the response must be immediate and thorough when one is identified.
Response to Compromised Device
- Infrastructure staff identify the compromised device and the name of its owner. Infrastructure staff blocks the device’s network access. Because of the potential disruption posed by such devices, network access blocking must occur immediately. Attempts to access resources other than the web will fail.
- Infrastructure staff notify the ITS Help Desk staff. An ITS Help Desk staff member contacts the owner of the compromised device and refers them to this policy.
- If the device is compromised a third time its network access is blocked permanently.