Fundamentals of cyber-security ****************************************************************************************** * ****************************************************************************************** DO DO NOT Do use a strongpassword and change it if you thDon’t give your password to anyone  been compromised Do report any loss or suspected loss of data  Don’t reuse your University password for an Do be on your guard for fake emails or phone caDon’t open suspicious documents or links  confidential information - report anything suspicious to the DD&T service desk at abuse(zavinac)cuni.cz [ MAIL "abuse(zavinac)cuni.cz"] Do keep software up to date and use antivirus oDon’t undermine the security of University devices Do be mindful of risks using public Wi-Fi or coDon’t provide access to University informat Do ensure University data is stored on UniversiDon’t copy confidential University informat permission  Do password protect and encrypt your personallyDon’t leave your computers or phones unlock ****************************************************************************************** * Login data ****************************************************************************************** Although data security on network and cloud storage is at a high level, the weakest link i end user or the method of authentication: If you use a weak password/a password shared wit etc. for access, and the password is the only element of authentication, then disclosing t unauthorized person will compromise the security of all data and services to which you hav You should never enter access information to work data into other people’s computers (in a friend’s house, etc.) for which you have no knowledge or guarantee of their security. Use phones, etc. To be able to use strong passwords unique to each service, it could be helpful to use a qu manager. ****************************************************************************************** * Private computers used for work ****************************************************************************************** Home computers or other devices used to access work data should be subject to the same sec requirements as work computers. Few people have a camera system or a gatehouse with 24/7 s home, so pay extra attention to physical security during your absence (e.g. when you are a Don’t forget about your children, who may not only forget to lock up when they leave the h often use the home computer together with you – strict separation of user accounts on the and personal purposes and inaccessibility of administrator privileges for children on a sh should be a matter of course. You should also install quality antivirus and antimalware so firewalls. Avoid installing games and suspicious software on the computer you use for work. Only inst software that you have authenticated. Think about software configuration (for example, ant often automatically send files they think suspicious to their manufacturer – in such a way sent from your computer without your knowledge that should not fall into the hands of a th Remember: you do not have to protect any data that are not on your home computer – leave y network and cloud storage, and download only the minimum amount of data to your home compu a period as possible. If possible, always encrypt confidential and sensitive data. ****************************************************************************************** * Obligation to report the loss of work devices ****************************************************************************************** Based on the instruction [ URL "https://cuni.cz/UKEN-905.html"] of the data protection off required to report to the officer any loss or theft of any device or data medium that may to personal or sensitive data for which CU is responsible. This instruction applies to any which data can be retrieved, for example, by breaking the protection (password) or removin and retrieving the data itself or passwords for accessing the university’s systems. Typica a laptop, tablet, computer from the office, or even a mobile phone with access data. The l reported as soon as possible by the employee who discovered it or by their superior to the gdpr@cuni.cz [ URL "mailto:gdpr@cuni.cz"] . ****************************************************************************************** * Reporting security incidents ****************************************************************************************** Coordination for resolving security incidents in the university networks has been handled by a security team for the Charles University computer network CSIRT-CUNI [ URL "https://c en/about/"] . You should send security incident reports according to the instructions [ UR csirt.cuni.cz/en/incident_reporting/"] by e-mail to abuse@cuni.cz [ URL "mailto:abuse@cuni