- Education within the scope of the rules of safe behaviour
Many studies show that the weakest link in the IT security system is, unfortunately, the human being. This is due to the fact that no system is able to secure data in 100%. Figuratively, it can be presented based on an example of the spread of viruses. First viruses are created, then vaccines and there is always a certain period of time when the antivirus system may not be able to detect the threat. There are also a number of other types of attacks, such as phishing, which are based solely on the ignorance of their victims. Correct behaviour is therefore crucial. Some time ago, the University IT Centre provided all employees and students with remote IT security courses, which provide the necessary knowledge in this area at the basic level . They are available in the E-education tab on the university website. - Creating backups of your most important data.
There is no need to convince anyone that data contained in IT systems is often the result of long and hard work - so it has a measurable and high value. The core principle must be the custom of storing a backup in a safe place. The UITC provides two such places: a network drive and an E-disc – a private file cloud. Files placed in these places are archived daily and backups from the last 14 days are available. Information about these services is posted on the UITC website. If you find it difficult to configure the services, please contact your local administrator for assistance. - Maintenance of a current antivirus system and other software used in IT systems.
The fight against cyber criminals is often a race - malware takes advantage of loopholes that manufacturers or developers try to "fix" as quickly as possible. It is therefore obvious that it is in the interest of every user of an IT system to have the most up-to-date version of software. This is especially true for antivirus software (and files with virus definitions), operating systems, all kinds of web browsers and related programs, document readers and office software. Therefore, Windows XP computers should not be connected to the UCN network, as the system is no longer updated. It is also essential to install the antivirus system purchased by WPUT as it has more advanced protection mechanisms than free software. - Creating hard-to-guess and frequently-changing passwords.
This principle is among the most important ones. You need to be aware of the fact that there is a password cracking software that will always be successful if you have a simple password. Our data will be vulnerable to destruction and the account in the computer system will be used for other criminal activities. Passwords must not contain words that can be found in dictionaries, must contain upper- and lower-case letters, special characters (e.g. !@#$) and digits. The password length must not be less than 9 characters. Passwords should also not be remembered in browsers or other programs. - Installing software only from reliable and legal sources.
Some computer users may be able to install software on their own computers. You should be aware that there are many programs in the Internet resources that can be dangerous for their users. This is particularly true for illegal copies of commercial software. In addition to criminal liability, there are also consequences associated with high probability of infecting such an illegal copy. Free, commonly available software may also be dangerous if "downloaded" from an uncertain website. It is a good practice to download software directly from the website of the creator or producer and to verify the checksum of files, if available, with the assistance of a local administrator. - Exercising caution while using the e-mail account.
Email is one of the services most frequently used for criminal activities. Any letters that require a password in response for the purpose of e.g. account verification should be ignored. Messages that require "clicking" on the link contained in them should also be treated with a large degree of mistrust. This is the way to bypass the anti-virus system on the mail server. The link may lead to a very harmful program that can destroy our data. Messages supposedly sent by banks, debt collection or courier companies should be approached with particular mistrust. In case of any doubt, you can ask for advice from your local administrator. - Restricting the use of removable data storage devices such as USB flash drives.
Such a device may easily be lost and, when used to transfer data between several computers, it increases the risk of virus infection. The USB drive can be successfully replaced with the E-Disk service mentioned in point 2. Using this service, you can transfer files to other WPUT employees or people outside the University.
The above rules do not exhaust the subject; therefore, you are strongly encouraged to take advantage of the IT security courses available in the E-education tab on our website.