Cybersecurity Best Practises
In order to complement the information provided in the ICT Service webpages, you can adopt the following preventative measures to protect your data and keep your devices safe while contributing to keep EUI’s infrastructure and data safe.
Protect devices (laptop, tablet and smartphone)
Personally owned devices
To connect your personal devices safely to EUI’s infrastructure or to access email and cloud resources, it is of upmost importance that you keep your personal devices secure.
Protect your personal devices by applying patches and performing frequent data backups; encrypting it using the built-in tool (including USB drive). Protect devices using anti-malware software (see also free solutions available for all operating systems of smartphones and laptops).
You can refer to this online documentation for further information: Anti-Virus Protection
EUI service devices
Laptops and desktops are protected by anti-malware solutions and they are kept up-to-date and monitored to prevent malware infections as described in the following policy: Virus Protection Policy, User's Rights and Duties
Make sure to store your work-related data on the EUI servers (G: Drive, S: Drive, etc.) or on the EUI cloud (OneDrive for Business, Teams, SharePoint): Storage
Avoid pop-ups, unknown emails, and links
Beware of phishing. Phishers try to trick you into clicking on a link that may result in a security breach.
Phishers prey on employees in hopes they will open pop-up windows or other malicious links that could have viruses and malware embedded in them. So, be cautious of links and attachments in emails from senders you do not recognize. With just one click, you could enable hackers to infiltrate EUI’s network and infrastructure.
Never enter personal or company information in response to an email, pop-up webpage, or any other form of communication you did not initiate. Phishing can lead to identity theft or allow that ransomware attacks occur. Refer to additional documentation available in the Information security page.
Protect your digital identity
Criminals may try to get important pieces of personal information such as your name and address, date of birth and user account and password. You are advised to avoid sharing personal data, user accounts and password, ICT service will never ask your EUI password.
Enable multi-factor authentication when available (i.e. Facebook, LinkedIn, Dropbox offer additional verification methods to avoid profile’s compromise). You may check if your data in social media has been breached checking your personal email in one of the following sites:
https://haveibeenpwned.com/ (external lik)
https://cybernews.com/personal-data-leak-check/ (external link)
The risk of signing up to social media using EUI email
Users are advised to consider the risks of signing up to social media using EUI email and should not reuse password between accounts, especially regarding to EUI accounts. Information captured in social media leaks can be used to impersonate the victims, to identify their contact data, to allow threat actors to fine tune and highly target future phishing emails either to the individuals who had their data leaked or to their connections.
You can safeguard your personal details online, by checking your privacy settings and controlling what information you share. To keep your information secure:
- make sure your social media profiles are private
- always think carefully before sharing data with others
Scammers can sound genuine, as they may have gathered information about you online or in data breaches occurred in social media or in online shopping websites.
You may visit Europol link for further information on online frauds and Money Muling (external link).