Takeaways

• Your primary and secondary passwords should be different and you should not use them on other sites and services
• Create and use phrase passwords
• Use a password manager, trust him with your passwords, he will take care of managing them and creating new ones
• Do not store passwords directly in the browser
• Never share your passwords, never pass on shared passwords (e.g. for systems) in open form
• Have unique passwords for important systems (IS, INET, e-banking) and definitely don't use them for less important services and sites such as e-shops and social networks

Relevant Resources

• You can read about the differences between primary and secondary passwords at it.muni.cz
• Our article about password managers
• Bitwarden password manager
• The Bitwarden extension for your browser can be downloaded here.
• KeepassXC password manager - an alternative to Bitwarden, but rather for more advanced users

Tasks

• My primary and secondary MU passwords are different and I don't use them elsewhere
  
  • You can change these passwords in IS MU.
• I have a password manager installed and I use it, its master passphrase password is unique
  
  • How to install Bitwarden
  • How to set up Apple Keychain
  • How to install KeepassXC

Takeaways

• Use multi-factor authentication at least for key services (IS, INET, e-banking)
• To increase security when using one-time authentication codes (TOTP), disable the display of message previews on the lock screen of your mobile device.
• If possible, prefer a security key over a one-time code
• Use a password manager

Relevant Resources

• Recommended TOTP applications
• How to disable showing message contents on the lock screen Android OS a iOS
• Where to buy security keys on Czech e-shops: Alza.cz, CZC.cz, TSBohemia.cz
• Test support of your security key through  this link.

Tasks

• I have activated multi-factor authentication for IS, INET and university M365
  
  • All about MFA for university services at it.muni.cz
  • Activate MFA for IS MU
  • How to enable MFA for M365 and other university services (prerequisity: activated MFA)
• I use multi-factor authentication for at least three other services
  
  • You are definitely fulfilled for your e-banking, other suitable services are e.g. social networks (Facebook, Instagram, X)

Takeaways

• Do not leave your devices unattended or lend them to other people
• Set a screen lock not only on your mobile devices, but also on your computer. PIN is the minimum, biometrics (fingerprint, face scan) are even better
• Don't use gesture screen unlocking on mobile devices
• When installing apps, check what they require access to and don't delay updates; the same applies to browser extensions
• Use antivirus on Windows, macOS and Android devices

Tasks

• I have screen lock set up on both my mobile devices and my computer 
  • How to do it on
    • Android OS
    • iOS
    • macOS - lock with a shortcut Cmd+Ctrl+Q or with active corners
    • Windows - lock with a shortcut Win+L
• My system and all applications are up to date, I have automatic updates enabled in the operating system settings
  • Set up automatic updates
    • on Windows, Android OS, or macOS
    • for apps from Play Store (Android OS)
    • for apps from App Store (iOS)
• I have an antivirus program installed on Windows/macOS (or I have Linux ;)
  • How to activate Windows Defender
  • ESET Antivirus homepage
• I have checked what accesses are requested by at least three apps on my phone
  
  • How to do it on Android OS
  • How to do it on iOS

Takeaways

• Use only university-provided storage for work data
• Set up sharing conservatively, only to authorized individuals
• Never share confidential or sensitive documents through public repositories
• Establish the "golden rule" of 3-2-1 backups
• Set up backups of work files to OneDrive, personal data to Google Drive or iCloud
• Activate disk encryption on your computers

Relevant Resources

• How to connect SharePoint and OneDrive to your devices
• How to check the access rights to files on SharePoint
• Recommendations for the use of storages at MU

Tasks

• My work files are only on the university's OneDrive/Sharepoint or one of the university-provided storage sites, not private (Dropbox, personal Google Drive)
  
  • OneDrive is primarily personal storage, useful also for backups.
  • SharePoint is suitable for sharing documents with the team members or across the organization
• For at least one week, I have consistently focused on setting up file sharing only with relevant people
  
  • How to share documents from SharePoint
• I have set up regular backups of work or personal data (preferably both)
  
  • How to set up backups to OneDrive, Google Disk a iCloud
• I have disk encryption activated on my computer (BitLocker, FileValut or similar solution)
  
  • BitLocker on Windows
  • FileVault on macOS

Takeaways

• Communicate work-related matters exclusively through university communication channels
  • Do not forward work mail to personal emails, if you have this forwarding activated cancel it.
  • Do not share work-related information on personal communication platforms (Messanger, WhatsApp, etc.) or on your social networks
• Use personal certificates at least in work email communications
• If you are connecting from unknown and open networks (without a password), use a VPN

Relevant Resources

• Information about personal certificates at MU
• Information about VPN at MU
• If possible, use Eduroam wi-fi; you can find it at many other schools, universities, institutions around Europe and even at some railway stations in Czechia ;)

Tasks

• I have not set up forwarding of work emails to personal addresses
  
  • Configure e-mail forwarding from UČO@mail.muni.cz in IS MU
  • Configure e-mail forwarding from UČO@muni.cz in INET
• I have created and use a personal certificate at least for signing emails
  
  1. How to create personal certificate
  2. How to import the certificate to Outlook
  3. How to sign and encrypt e-mails in Outlook
• I have a university VPN installed and have used it at least once
  
  • How to configure VPN on
    • Windows
    • macOS
    • GNU/Linux
    • iOS
    • Android OS

Takeaways

• Instead of sending attachments, share links to files located on the university repository
• Be consistent in checking the sender's address and links
• Do not open unknown or suspicious attachments; if you are unsure of the authenticity, contact the originator of the message through another channel
• It is a good idea to use a VPN on unfamiliar networks. The university offers VPN free of charge. Using it will allow you to access services that are only available on the university network

Relevant Resources

• For the curious: read our article on what can be read from email headers

Tasks

• I tried to detect phishing emails on Phishing Quiz by CSIRT-MU
• For at least one week, I have consistently focused on checking the sender's address and links when reading emails
  • Look for apparent typos (v/u, i/l, m/n) or mixed up letter order
  • Try to be more sensitive to psychological manipulations such as time or emotional pressure, unexpected behaviour and demands, suspiciously advantageous (even unrealistic offers) or other extreme insistence.

Takeaways

• Do not hesitate to report suspicious messages
  If you need advice or consultation on cyber security issues, CSIRT-MU team members are here to help.

Relevant Resources

• How to report phishing e-mail in Outlook

Tasks

• I have reported at least one phishing email, either by clicking directly in the mail client or by forwarding it to csirt@muni.cz.