Recommendations and Guidelines

Take advantage of proven guidelines and recommendations to help you move more safely in the online world.

For Users

17 Apr

Secure your email: it’s the gateway to your accounts

Do you know what happens when you lose control of your email? The consequences may go far beyond a single inbox. We use email almost everywhere — from online shops and social media to cloud services. If an attacker gains access to your inbox, they can often use it to reset passwords for your other accounts and gain access to those as well. That is why it is worth paying special attention to your email security. Below, you will find out how to properly set your password, multi-factor authentication, and recovery details.

18 Nov 2025Threats

Put a stop to fraudulent websites with the TrafficLight extension

Install the TrafficLight browser extension, which helps you quickly distinguish legitimate websites from fraudulent ones.

16 Oct 2025Threats

Protect yourself from phishing in Outlook: creating a category and setting up a rule

Create a category and rule in Outlook to help you distinguish fraudulent emails from legitimate ones.

3 Oct 2025Threats

Protect yourself from phishing: set up anti-phishing in INET

Phishing is the most common form of cyberattack targeting users and does not spare Masaryk University. Attackers are increasingly imitating official communications from university systems, which can be difficult to recognize. For this reason, INET offers an anti-phishing feature that helps you distinguish legitimate emails from fraudulent ones.

6 May 2025

Malware on your device: how to detect and safely remove it

This guide provides a practical overview of how to detect and remove malware from various types of devices (Windows, Android, macOS, iOS). It takes into account the specifics of each platform and highlights common mistakes users make during malware removal. In addition to the step-by-step process, it also emphasizes preventive measures that can help avoid reinfection.

5 Mar 2025Threats

Infostealers in the device: how to recognize them and what to do?

Infostealer is malware that steals passwords and sensitive data. Whether you want to find out if you have it on your device or were referred to this page by members of the MU Cybersecurity Team, learn how to detect it and what to do next.

1 Oct 2024Threats

Device Security: Antivirus and Everything Around It

Why should we use antivirus software? And is it worth splashing out on premium features? In this article, we'll delve into the world of antivirus programs, which are more crucial than ever in today's online landscape. We'll uncover how these programs combat ever-evolving threats and safeguard your personal data. We'll explore how antivirus actually works and what other options you can employ against malicious files.

Passwords

Password Manager

Are you not using a password manager yet? In this article, you will learn why it is important, which one to choose, and also how to start using it.

Data Encryption

Learn to protect your data with encryption.

Threats

What if it catches fire?

We often write that preventing a fire is much better than fighting it. It is still valid. But what to do if a fire does break out? That’s the topic of the last part of the Cybersecurity series from CSIRT-MU.

Passwords

Take a moment to examine your passwords

Your passwords should be as important to you as your house keys.

For IT Admins

29 Sep 2025IT Admins

Exposure Reduction Guideline

The guideline provides opinionated recommendations on exposure reduction of the infrastructure.

1 Jul 2025IT Admins

Incident Response at MU: How to collect data from a compromised device

This guide outlines procedures for the effective collection of forensically relevant data from a compromised device in the context of security incident response. The guide applies exclusively to physical servers and workstations. It focuses on Windows and Unix-like operating systems. This is not a general methodological document – the guide is specifically tailored to the internal processes and technical requirements of CSIRT-MU.

7 Aug 2024IT Admins

Updates: why they are important and what are the risks

Updates are an essential part of any secure system. They prevent incidents and ensure the smooth operation of IT systems and services. This article compares the benefits and risks of manual and automatic updates, primarily in Linux distributions. To complement this, it provides an example of automatic updates for the current LTS versions of Ubuntu 24.04 and 22.04.

IT Admins

Recommendations for securing devices on the MUNI network

Do you have multiple services running on your device for different user groups? A report from our team warns of a vulnerability in an application under your management that cannot be updated or disabled for specific reasons? These are not the only cases that pose a serious security risk that need to be addressed proactively.

IT AdminsE-mail

How to prevent the spread of backscatter emails by email servers of MU

How do these types of malicious emails originate? Why do we need to prevent their spread and how?

For DevOps

25 Sep 2025DevOps

How to start with Dependency Scanning

This guide explores several approaches to dependency scanning.

30 Oct 2024DevOps

Secrets Management In a Software Development Lifecycle

Secrets management is the process of storing and distributing passwords, API keys, certificates, or other sensitive information that should not be publicly available. This guide is an introduction to the subject. We present reasons and options for how to implement it.

29 Oct 2024DevOps

How to automate secrets detection

In this tutorial, we will expand our knowledge of detecting secrets using GitLab hooks and its CI/CD pipeline.

29 Oct 2024DevOps

How to Start with Secrets Detection

Secrets are not secret if everyone knows them - especially hackers. Accidentally storing a password or access key in a remote repository can happen to even the most experienced developers. In this guide, we'll look at how to easily detect this problem using Gitleaks and TruffleHog.

25 Oct 2024DevOps

How to Start with Static Application Security Testing of Infrastructure as Code

Wondering how to get started with static application security testing (SAST)? Maybe this article will help you, presenting selected tools and examples of their integration into the CI/CD pipeline in IaC (Infrastructure as Code).

14 Aug 2024DevOps

How to start with SAST pipelines

In this guide for developers we describe how to easily run static application security testing (SAST) as part of GitLab CI/CD.