Security

Create a strong password for your account

A strong password is especially important if you use a Microsoft/Google email address. Many services now use your email address to verify your identity. If someone gains access to your Microsoft account, they may be able to use your email address to reset passwords for other accounts, such as banking and online shopping.

• make your new password significantly different from your previous passwords,
• use a sentence or phrase replaced by a sequence of initials, numbers and symbols,
• make it hard to guess, even if someone knows a lot about you (avoid names and birthdays of your family or your favorite band),
• if you have too many passwords to remember, you can use special programs such as: LastPass Password Manager, KeePass Password Safe, Myki Password Manager or 1 Password. These programmes have powerful identity authentication mechanisms and allow you to securely store and access your passwords whether on your computer at work, at home or on your mobile device.

Use multi-factor authentication

Multi-factor authentication means confirming our identity not only with a password but also with additional means. These solutions are known to every bank customer, where we confirm operations with a scratch card, SMS code or a special authentication code. Many applications and social networks also allow this type of authentication. Google and Microsoft have their own applications for mobile devices, the process of confirming our identity is done by entering a series of numbers given by the applications or indicating a number displayed in the mobile application.

Use the Microsoft/Google Authenticator phone app

The Authenticator phone app not only adds another layer of security to your Microsoft/Google account, it also allows you to log in to your account from your phone without a password.

Ensure your account is recoverable

Add security information to your account to make it easier to recover your account in the event of a hack. Since this information can help keep your account secure, it is important to keep it updated.

Make sure your operating system has the latest security patches and updates installed

Most operating systems have free software updates to improve security and performance. Since updates make your computer more secure, we strongly recommend that you configure your computer to download these updates automatically.

Never respond to emails asking for your password or to log in to a service

Neither IT departments of UWr nor the service provider Microsoft/Google will ever ask for your password in an email, so never respond to any email asking for personal information, even if it claims to be from IT staff or the Microsoft/Google service.

Check your recent activity

If you receive an email notifying you of unusual activity, check when and where your account was accessed – including successful logins and security challenges. Microsoft/Google learns how you typically log into your account and flags suspicious events.

Manage trusted devices

Verify all trusted devices assigned to your accounts on an ongoing basis.

Be aware of information phishing scams

Phishing for information about us or the organisation in which we work is a type of common online scam. Criminals will send you a message that appears to be from your bank, energy company or local IT department. In this email, you will be asked to click on a link or open an attachment such as an invoice. If we do this, we may become a victim of an attack on our computer or phone. As a consequence, criminals may obtain our data, which we use to log in to our company network or bank. It is also possible that data on our computer could be encrypted and the attacker could demand a ransom to decrypt it or that our computer could become part of a larger farm of compromised computers used, e.g. for Bitcoin mining (cryptocurrency).

Be especially careful if:

• the Internet address from which the email comes does not correspond to the sender,
• if there are spelling or grammatical errors,
• if the content sounds unusual or appears to be poorly translated.

Always check the source from which you are downloading software

All files downloaded from various websites or torrent services may contain trojans, spyware, viruses or other types of malware. While downloading files verify that your anti-virus software is checking the downloaded files. If you are not sure of the source of a file, do not download it.

Always verify requests for confidential information

If someone asks for confidential information (phone number, login details etc.) contact the sender of the information by phone and confirm the authenticity of the email or organisation requesting the information.

Do not use public Wi-Fi networks

When you are away from home or work, use mobile data to access the network. If you decide to use Wi-Fi, use a VPN (Virtual Private Network) service, which allows you to encrypt your traffic, limiting the possibility of “eavesdropping” on your data transmission. On the other hand, your own hotspot at your place of residence is a guarantee that only you are using a given network and this protects you from potential attacks by people connected to the public network.

Leave as little trace of your online activity as possible

Use appropriate privacy settings to do this:

• use a VPN (Virtual Private Network),
• search for data in incognito/anonymous mode.

Protect your data

Encrypt your computer’s hard drive but also your portable memory and smartphone memory cards. Regardless of encrypting your data, it is worth keeping in mind to back it up so that you can access it in case of theft, loss or media damage. When you delete files from your computer or memory stick, you do not delete them completely. To make sure that no one can read the deleted files you should use software that “blurs” the files. Examples of applications include:

• CCleaner,
• Evidence Nuker,
• Free File Shredder,
• CBL Data Shredder.

Remember to surf the internet safely

Always use browsers that are known to be safe and trusted. Configure your browser, install the necessary add-ons.

Use built-in firewall and antivirus software

You can use the built-in solutions for Windows and MacOS but if that is not enough, you can always install additional software.

Use accounts with restricted privileges

Do not use administrator privileges as part of your daily tasks. Accounts with lower privileges allow you to work and surf the Internet safely, and you can be more confident that the software running in the background will not install malware in the event of an attack. Any such activity will end with a message window asking for administrative privileges. In this case, the user can stop a possible attack himself.

While leaving your computer, block it

This will prevent an unauthorised person from accessing your data. Turn off the Bluetooth protocol on your computer and mobile device if you are not using it. Turn on the screen lock on your mobile device, use security features such as PIN, fingerprint, face recognition.