Cyber security is a set of obligatory principles and rules that should be binding to every computer user and provider of internet services. Even though UP computer network is protected against internet attacks (port filtration, Intrusion Protection system). However, only our security precautions cannot prevent mutual damage of the computers within the UP network. Therefore, we appeal to students and employees to protect their computers against computer viruses and worms. Safety of UP network is provided by CESNET, who monitor their networks and alert administrators if they find any incident.

Safe password

Safe password should have a minimum lenght of eight characters, which should include at least three of following elements: at least one upper case letter, at least one lower case letter, at least one number and a special sign. Every user should change their password after 100 days to ensure safety of their account. Furthermore, network administrators of UP do not send any notification e-mails regarding password expiration. Report any suspicious e-mails to Helpdesk - | helpdesk.upol.cz.

Rules of password security

• Never respond to any e-mail that prompts you to enter your password
• Always check if you are entering your password to a correct website
• Use a non-trivial password
• Do not share your password and do not keep it in places available to others
• Do not enter the password on any untrusted devices
• Make sure your password is not seen by anyone when you're entering a system
• Do not use the same password for multiple systems

Security of network devices

Each insufficiently secured computer represents a risk not only for its users, but also for other users of the computer network. If your computer is infected by computer viruses or worms, it can easily become a target for computer hackers who might use your device to attack other network systems. Therefore, the computer security is a mandatory requirement for every UP network user. This is based in Rector's directive? "Every end instrument connected to UP computer network must be secured in appropriate manner, by suitable system configuration, by application of security patches, etc. Should there be an infected, insufficiently secured end instrument, computer network administrator can suspend the right to access to the UP computer network." Směrnice rektora UP B3-15/7-SR, Article 7, paragraph. 3

Employees: Computer network administrator will set up all the necessary security measures on employee's computers.

Students: All the necessary security measures must be set up by students themselves before connecting to university network.

Essential security measures:

You should use only updated antivirus program. Antivirus programs protect computers against most of the viruses, worms and Trojan horses. Palacký University uses MS Forefront. Students are advised to use AVG, Avast! or NOD32. Keep your operating system updated.Microsoft publishes list of updates on their website on regular basis. Apple publishes updates for their products regularly as well. These updates deal with existing security flaws, which can be used by hackers and computer viruses. Turn on your FirewallFirewall is a security gate between your computer and dangerous contents on the internet. Furthermore, firewall restricts users and programs to access your computer according to specific rules. If you're using Windows OS, your firewall should be turned on by default.

Basic antivirus security rules

1. Choose the websites you visit carefully, you can threaten your computer by visiting dubious websites voluntarily. Further, you should pay attention on what links you are actually clicking - do not click on warning windows of fake antivirus programs, fake dating sites, non-existent discounts in fictitious shops, pop-up windows posing to be social networks etc.

2. Do not respond to e-mails requesting your login details and passwords. Furthermore, do not open attachments from dubious e-mail addresses and do not click on links in spam e-mails.

3. Download only the most necessary programs (videoplayers, text editors, etc.). There is no need to download performance improvers for your computer, shareware, or so-called "entertainment" programs which are useless. Most of them are full of spyware, viruses and computer worms.

?4. Before using antispyware and other programs for removing malicious software, contact your computer network administrator first. Using more antivirus and antispyware programs at once might cause malfunction in detection of infected files. Furthermore, Windows OS might not work properly as well.

5. Update not only programs which use the internet network (Mozilla Firefox, Google Chrome, Opera, Skype, Spotify etc.), but also programs, which do not use the internet.

6. Back-up all the important data. Most of us have work, study or private data in our computers, which we do not want to lose. We recommend backing up your data at least once a month (and even more frequently files with higher-frequency of changes). You can back your files up to other computer, CD/DVD, cloud storage (OneDrive, Dropbox), large capacity USB flash drive or external drives. Your computer could become infected to such extent that operating system is vastly damaged and your data could not be recovered again. Furthermore, there might be a hardware flaw in your disk and you can also lose your data.

7. USB flash drive safety, everybody has at least one USB flash drive, but not everyone realizes, that flash drives are one of the causes of virus infection spread. To check if you flash drive is infected, go to "My Computer" right-click the USB drive you want to check and choose option check by antivirus program.

8. All university employees should contact their computer network administrator if they suspect any computer to be infected, contact Computer Center preferably through Helpdesk - at https://helpdesk.upol.cz

Types of cybercriminality

A cybercrime is the use of a compurer hardware or software for ilegal or criminal activity. There are new types of frauds emerging in recent years such as phishing and pharming. Some of the inexperienced internet users may be misled by these scams.

Phishing

This type of fraud that uses e-mail communications to retrieve sensitive user data. Received e-mail then looks as if it came from social networks or payment portals etc. These e-mails usually want user to enter their user name and password.

The attacker throws bait to his victim and waits to see if the victim takes the bait. The most common types of phishing messages are information about a failed payment, a request to update security details, a problem with a user account, email box, bank account or customer satisfaction survey. Attackers most typically target emotions such as fear, trust, authority. The email texts will try to scare you into taking some action as quickly as possible (e.g. enter your login details within 24 hours, otherwise your account will be deactivated).

The messages usually request a username and password or encourage you to log in to a fake website.

Phishing emails are usually sent from an address that does not match the sender's name. The email message usually has poor grammar, contains many typos, errors in word inflection, and punctuation is often incorrect. The links contained in the email have a suspicious domain (the domain is what is behind the @ sign - e.g. @upol.cz is the UP domain). The message encourages you to enter sensitive data, trying to scare the recipient into an immediate reaction.