InformationBasic IT security rules for users

All users bear a high degree of responsibility and liability for security in information technology. Everyone should be concerned about IT security. The following basic guidelines can help you keep your devices, systems and accounts secure.

Do not carelessly disclose sensitive information

Be wary if you are asked to share sensitive information, such as your password, even with a (seemingly) plausible reason. University employees will never ask you to disclose sensitive information (such as passwords). If you are asked to provide such information, when in doubt, you can verify the identity of the caller by calling them back at the extension listed in the official telephone directory.

Use secure passwords

Simple and short passwords are easy to remember, but they are not secure. For your university accounts, use a password with sufficient complexity, based on the password rules for Uni IDs. You can also create and store passwords with a password manager like KeePassXC.

Think first, then click!

Recognize fraud attempts & take action

Are spam, phishing und social engineering foreign words to you? They are scams that use modern communication channels such as email, phone, texts, etc. to obtain information, money or access data. Learn more about the methods and tricks used by scammers on the linked sites (with explanatory videos). The German Federal Office for Information Security (BSI) recommends answering three small questions before opening emails:

  1. Do you know who the sender is and whether the sender is really the person they are claiming to be?
  2. Do the subject line and the text make sense and what is the purpose of the message?
  3. Are you expecting an attachment?

Keep software up-to-date

Operating systems and applications will always have vulnerabilities that can compromise your computer’s security. Regularly install security updates, patches and service packs from the manufacturers to eliminate any vulnerabilities.

Do not work with administrator rights

If you work with administrator rights on your computer, malicious programs will also have unrestricted access to your system. This is when are they be able unleash their full effect. For everyday use, work with a user account that has limited rights. Administrator rights are only required for tasks such as implementing configuration changes.

Be cautious of unknown email attachments

A large proportion of malware (harmful software such as viruses, worms or Trojans) are spread via email. You should not carelessly open email attachments if you do not know the sender or if you are not expecting an attachment. Every attachment that you open can compromise the security of your computer, regardless of how trustworthy it may seem.

Protect sensitive data with encryption

Secure your private data from unauthorized third-party access by encrypting it. This especially applies to data on portable devices and data carriers. Modern operating systems (Windows, Linux, Mac OS X) already offer integrated mechanisms for this - on Windows Professional, for example, there is the BitLocker tool. Alternatively, free and open source software such as VeraCrypt can be used. You can also encrypt individual archives with the 7-Zip software. In turn, don’t forget to securely store your passwords for the encrypted data. If  these passwords are lost, the data will be rendered unusable.

Regularly save your data

Regularly backing up your important data protects it from being lost and is your lifeline should you need it. Most operating systems (Windows, Linux, MacOS) come with built-in features for easy data backup.

Ad and tracking blocker

Many malware and phishing campaigns use ads on websites as a means of entry. For this reason, we recommend installing add-ons for your browser, such as uBlock Origin, which is an ad and tracking blocker.

Use an up-to-date virus scanner

An up-to-date virus scanner is an essential part of protection for any computer. Make sure it is enabled and kept up to date.

Stay alert, vigilant and informed

Security is not a product that you can buy, install and then forget about. Keeping your system up to date and using a virus scanner and firewall only provides basic technical protection. 

Stay alert, vigilant and informed when it comes to the security of your computer. Thoughtlessness or negligence will undermine any technical protection. If someone wants to install malicious software on your computer or is after your money, they will try every trick in the book to achieve their goal.