HIGHLY IMPORTANT
Maybe: internet banking, social network profiles, (work) e-mail, work or school information systems.
NOT SAYING GOODBYE
Because this is not the end of the road
Not every user at Masaryk University will read this course. But you’ve gone so far! What does it mean?
You’ve learned that in cyberspace, the possibility of an attack on your treasures (money, devices, data, photos, messages, the reputation of you, your company, or family) is much higher than in the physical world. You've learned how to face those threats using simple and effective precautions. You’ve found your security priorities (what, why, and how to secure the most critical data). Therefore, you’ve got far away from inexperienced users who rely only on seemingly strong passwords, nothing more. Congratulations! We guarantee you won't regret it.
At the end of our course, we prepared a summary of the basic rules of secure behavior in cyberspace. You can return to the key information from individual lessons using the links below.
Which topic would you like to review?
Securing devices
SECURING DEVICES
Working on a notebook and PC
Lock your screen manually (shortcut Win + L). Always open the anonymous browser mode on devices that are not yours or are shared by many people. Does your device contain sensitive data? Then you must start with encryption.
Updates
Never postpone updates, they will eventually run automatically anyway (in the most unfavorable moment). An outdated system is full of security holes, rendering your other precautions useless.
Caring for a smartphone (and tablet)
Set a screen lock: ideally use a PIN code, but at least a fingerprint or a gesture. Set an automatic lock after a few minutes of inactivity. Let the notification previews show you just the essential parts (e.g., name of the sender, not the content). Encrypt the device and the SD card in the device settings. Don't forget, specialized apps can help you find and block a lost device.
Antivirus
Antivirus should be installed on mobile devices too. It can filter dangerous apps that you may accidentally download even from the official store.
Back-ups
If you treasure your data and their irreplaceability, perform regular backups. Choose one or more data storages (consider money and space), then select types of files to backup. Cloud, as an online solution, is ideal for present smaller files. An external disk is better for a vast amount of not-so-irreplaceable data (like movies). The most precious data should conform to the 3–2–1 rule. That means three copies on two media, one of them outside your home. Consider comfortable automatic backups. At MU, you can use Microsoft OneDrive.
Passwords
PASSWORDS
Passphrase
The passphrase is the most secure password. It consists of a phrase (more or less random sequence of words) and ideally numbers and symbols. Remember the examples?
WH0Ashesaidyes, rating9*forG0T, never8say8never, ittakes2totanG0, oncebittentwiceshy...
Password manager
Simple and secure cloud-based solution (therefore, you don’t need to download the app, you can log in online). It can store an arbitrary number of passwords to your accounts. You decide whether to save passwords for Facebook, e-mail, or bank. If needed, review the LastPass password manager installation tutorial.
Stop your bad habits
No more writing passwords on a piece of paper, no more re-using one password for all services from Instagram to a bank, no more sharing passwords among the whole family. Remember what you safeguard, manage, or follow online. Protect your treasures.
Self-defense
SELF-DEFENSE
Spectrum of manipulation
The attackers tend to be creative, prepared, and knowledgeable about you and your workplace. They rely on humanity, rush, curiosity, confusion, trust. Be careful, and don't hesitate to confirm the information with the corresponding service or institution. Three basic rules are:
- Never click on URL call to action links (password change, distraint order, etc.).
- Never open unknown attachments.
- Always check requests.
Phishing
Phishing is a popular attack based on distributing bulk fake e-mails that try to push you into some action. View our phishing guide and remind yourself how to recognize a phony e-mail.
Address bar
Always check the address bar, especially when typing private information or when logging into apps. The slightest change (hyphen instead of a dot, swapped letters, etc.) is almost invisible and, therefore, effective trick of attackers.
Public Wi-Fi
On public Wi-Fi without a password, everyone connected to it can see what you’re doing (including your password or other private data). On password-protected public Wi-Fi, private information is visible only to an administrator. Turn off automatic logging to public Wi-Fi without passwords.
VPN: truly secure internet connection
VPN makes you (almost) invisible, which assures a more secure Internet connection. All you have to do is download the VPN app and keep logging into it regularly.
Differentiating the importance of accounts and shared information
Categorize your accounts (and shared data) into three categories. The red box contains the most critical data with a severe risk of misuse. The yellow box information has some dangers of abuse but smaller than the red one. The green box includes not so essential or public information. Review some examples visible on our switching cards.
MORE OR LESS
Maybe: telephone number, permanent residence address.
NOT SO IMPORTANT
Maybe: e-mail with advertisement offers and spam.
Sharing private information
You involuntarily leave some information behind in the cyberspace (cache, browser history, cookies – although proper settings and an anonymous browser mode reduces their amount). Voluntarily shared information, typically on social networks, should be well-guarded. Set a private profile, communicate with people you know, and consider what information you really want to share with the whole world (e.g., the date of vacation or ID card number shouldn’t be on that list).
Communication
COMMUNICATION
Eduroam
Eduroam is an international network. Therefore, as an involved member from MU, you can connect to the Internet from many places, not just from Brno. For a genuinely secure connection, install Eduroam CAT (assures the correct configuration) and a VPN (ensures your privacy).
File Depository
File Depository offers secure sharing of research or private data. Each uploaded file will be saved for 30 days. You can share files within MU or publicly, and your identity of the sender or receiver is guaranteed. An alternative solution is OneDrive in O365.
Encrypted e-mails
A signature is not the same as encryption. The signature guarantees that you personally are really sending the message. Encryption, in turn, ensures that just the intended recipient and no one else will read the message.
Incident reporting
INCIDENTY
To report or not to report?
The answer is always to report, even if you're unsure. Specialists from the CSIRT-MU will evaluate and resolve the situation. User reporting improves the security of the MU cyberspace.
Some of the new rules and principles are easy to follow; others are not. But keep trying and never give up! You don’t have to change everything at once. Return to the course from time to time and remind yourself why you wanted to change in the first place. Cybersecurity is not a one-time product, but a mindset.
We believe in you.
Thank you all for your time and trust.
The Cyber Compass team