Skip to main contentSkip to main navigationSkip to footer content

Account Compromise Policy

Policy Purpose

This policy is to define the procedures to promptly detect, investigate, and secure accounts that have been compromised, to prevent unauthorized access, data breaches, or other security incidents that could harm the University.

Policy Statement

It shall be the policy of the University of Arkansas-Fort Smith to promptly detect, investigate, and secure accounts that have been compromised, to minimize the risk of unauthorized access, data breaches, or other security incidents.

Applicability

This policy applies to all University employees, students, guest, and third-party vendors who have accounts that the University has created, manages, and owns.

Definitions

Compromised Account – An account that has been accessed or used without authorization or has been exposed to unauthorized access or disclosure.

Unauthorized Access – Access to an account or system by a person who does not have the necessary authorization, permission, or legitimate need-to-know to access the account or system.

Policy Procedure

1. Detection: Any employee or student who suspects that their account has been compromised should immediately report it to the IT service desk. If the IT Security Team believes an account is compromised, they shall take reasonable action to investigate and validate the suspicion.

2. Assessment: The IT Security Team shall assess the extent of the compromise and determine the appropriate course of action.

3. Response: The Security Team shall take appropriate steps to secure the compromised account, including resetting passwords, disabling access, and removing malicious software. The IT Security Team should also provide guidance to the affected employee or student to prevent further compromise.

4. Communication: Communicate with affected personnel to provide guidance and assistance in securing their accounts. If the compromise affects other accounts or systems, the IT Security Team shall communicate with other personnel who may be affected by the compromise to provide guidance.

5. Monitoring and Review: The IT Security Team shall monitor the compromised account for any suspicious activity and review the effectiveness of the response. These reviews shall include an assessment of any lessons learned from past security incidents or breaches and incorporate them into future security strategies and training programs.

6. Reporting the compromise: The IT Security Team reports the compromise to all parties listed in the Cyber Security Brech Incident Policy.

Enforcement

IT shall be responsible for enforcing the compromised accounts policy and its procedures and is aided by logs and alerts.

Policy Management

This policy is managed by IT Security Team. The IT Director and appointed IT personnel are the primary administrators of this policy. The responsible executive is the VCFA.

Exclusions

This policy does not apply to accounts not created, managed, and owned by the University.

Effective and Approved Date

This internal policy was approved by Terry Meadows – Director of IT/CIO on 09/06/2023

Last Updated

9/10/2025 – Added in information on the “Reporting the compromise” by Terry Meadows – IT Director/CIO on with
10/23/2025 – Replaced IT Department with “IT Security Team” and reformatted for accessibility by Terry Meadows Director of IT/CIO