Safely to 2024

Enter the new year safely. The Cybersecurity Team of Masaryk University prepared ten resolutions for you that will help you to take better care of yourself in cyberspace.

12 Jan 2024

The attackers in cyberspace are constantly developing new and insidious methods to deceive their victims. They focus on humans - often the weakest link in a security system. Masaryk University is not exempt from their attention either – before the Christmas holidays, the umpteenth spear-phishing wave took place, leaving behind dozens of compromised accounts. How to effectively protect yourself from such pitfalls?

Experts from The Cybersecurity Team of Masaryk University (CSIRT-MU), who consider a secure cyber environment essential for a modern educational institution, deal with this. Therefore, they have prepared several basic recommendations for you, which are worth remembering. You can think of them as resolutions for 2024.

Ten resolutions for 2024

Cyber security is not rocket science for everyday users. A few steps that do not change much for ordinary users will help you protect yourself from significant inconveniences.
CSIRT-MU

Always verify the address of the message's sender and the address bar on the website.

Verify

Do not enter sensitive data when in public places.

Do not enter

Do not open e-mails and attachments from suspicious sources.

Do not open

Do not lend your identification cards and keys to anyone.

Do not lend

Always lock your devices if you walk away from them - even for a moment.

Lock

Create a secure passphrase.

Create

Avoid external media whose origin and content you are unsure of.

Avoid

Start using Multi-Factor Authentication .

Use

Always keep your operating system up to date.

Update

Report all suspicious messages to CSIRT-MU .

Report

It pays off to be vigilant

Now let's take a closer look at the attacks we have covered in the top ten tips. A common feature that attackers rely on is the inattention of users - it's often easier for them to fool humans rather than bypass technology security. So, in practice, they send fraudulent e-mails that lead users to fake login pages to lure from them their login details for essential accounts. At Masaryk University, we have noticed that fraudulent login pages were created, for example, for IS MU and the Portal.

Not only the visual of the fake login gateways but also the text of e-mails themselves tend to be elaborate. They often try to instill a sense of fear ("If you don't log in within 24 hours, you will pay a fine of 10,000"), curiosity ("You can find spicy footage from the Christmas party at this link"), or, for example, the desire to earn money ("You won 30,000, -, to choose a prize, log in through this link."). And that's why it's crucial to be careful and not get caught by similar techniques.

We recommend always verifying who is the sender of the e-mail (i.e. from which e-mail address the message was sent), especially if the message concerns monetary amounts. It is also useful to check the URL of the pages. Sometimes, the attackers change or add letters or numbers (www.portal.muni.cz -> www.portal.munii.cz – inconspicuous, right?).

Cyber security overlaps with the ordinary, physical world, so being vigilant also pays off here, especially in the case of tablets, laptops, or smartphones, whose security people often overlook. An attacker can copy the entire content of a hard drive in a few minutes. That's why it's important to never leave your devices unlocked in case of your absence. Additionally, if you need to transfer something to the device, do not use external media (e.g. flash drive) of which you are unsure of the content and origin. They may contain malicious software that you may transfer to the device without knowing it. This is also why it is crucial to have an anti-virus program installed and updated. Last but not least, be careful when logging into accounts in public, where attackers can easily gather the data.

The password as a key

The password unlocks all the secrets to the accounts it guards, so let's talk about them for a moment. You always prove your identity with a password. Therefore, once someone gets your password details, they access your personal data. Furthermore, internet bots and algorithms can try thousands of password combinations per minute, so having a strong password is essential.

The art of creating secure passwords does not lie in the use of dozens of special characters and symbols. Yet you can still come across this myth in many sources. The secret to strong passwords lies in a combination of easy-to-remember words. Such passwords are called passphrases, and cracking them would take millions of years. The inspiration for its creation can be the scenery on the way to work or a memory from childhood. It is enough to think of three to four words. We also recommend adding special characters (such as space, numbers, punctuation, and symbols) in random places.

Examples of passphrases: WH1Ashesaidyes, rating9*forGUT, never8say8never.

Tip: Every day, a user logs into many accounts and generally knows that each account's password should be different. To make your life easier, CSIRT-MU recommends installing the Bitwarden password manager (for Apple users of the Keychain device), which works as a safe chest of all your passwords guarded by one really strong password.

Antivirus, backup, internet scams, VPN... a lot couldn't fit into one article. That is why the education experts at CSIRT-MU are constantly working on informing you about everything happening in the cybersecurity world. At the same time, they also explain many cybersecurity topics in a user-friendly way through various courses and articles to raise cybersecurity awareness. You can find everything on the security.muni.cz website. In 2024, we also offer group training for students and employees of Masaryk University. If you are interested, do not hesitate to contact us at vzdelavani@csirt.muni.cz.