Office of Information Security

About the Office of Information Security

The Information Security Office at West Chester University is dedicated to protecting the confidentiality, integrity, and availability of the university’s information systems and data. In addition to our core responsibilities of monitoring threats, managing risk, and enforcing security policies, we collaborate closely with our managed Security Operations Center (SOC) provider to ensure effective endpoint protection and timely incident investigation.

Our team also evaluates third-party risk as part of the university’s procurement and software adoption process, helping ensure new vendors and tools meet security standards. We administer the campus-wide multi-factor authentication (MFA) system, Duo, and play an active role in managing the university’s email security through Proofpoint. To promote a strong security culture, we provide end-user education via annual security awareness training and simulated phishing campaigns.

Information Security Incidents

If you suspect that a university account, device, or system has been compromised, or if you believe you’ve encountered a phishing email or other security threat, please report it immediately. Timely reporting helps us investigate and respond quickly to protect the campus community.

To report a potential incident:

Our office works closely with our managed Security Operations Center (SOC) to investigate incidents and ensure proper endpoint protection. Your awareness and prompt action play a vital role in maintaining a secure university environment.

🚨 Steps to Take if You Suspect Your Account or System is Compromised

    • Immediately stop using the affected device or account to prevent further damage.
    • Disconnect from the internet (if on a laptop or desktop) to isolate the system.
    • Report the issue to the Information Security Office:
    • If it’s a phishing email or suspicious message:
      • Use the “Report Phish” button in Outlook (if available), or
      • Forward the email as an attachment to helpdesk@wcupa.edu
    • Do not delete suspicious emails, files, or messages until instructed—this helps with investigation.
    • Make note of any unusual behavior you observed (e.g., unexpected pop-ups, strange email activity, logins from unknown locations).
    • Wait for further instructions from the Information Security Office or IT support before reconnecting or continuing use.