Each insufficiently secured computer represents a risk not only for its users, but also for other users of the computer network. If your computer is infected by computer viruses or worms, it can easily become a target for computer hackers who might use your device to attack other network systems. Therefore, the computer security is a mandatory requirement for every UP network user. This is based in Rector's directive? "Every end instrument connected to UP computer network must be secured in appropriate manner, by suitable system configuration, by application of security patches, etc. Should there be an infected, insufficiently secured end instrument, computer network administrator can suspend the right to access to the UP computer network." Směrnice rektora UP B3-15/7-SR, Article 7, paragraph. 3

Employees: Computer network administrator will set up all the necessary security measures on employee's computers.

Students: All the necessary security measures must be set up by students themselves before connecting to university network.

Essential security measures:

You should use only updated antivirus program. Antivirus programs protect computers against most of the viruses, worms and Trojan horses. Palacký University uses MS Forefront. Students are advised to use AVG, Avast! or NOD32. Keep your operating system updated.Microsoft publishes list of updates on their website on regular basis. Apple publishes updates for their products regularly as well. These updates deal with existing security flaws, which can be used by hackers and computer viruses. Turn on your FirewallFirewall is a security gate between your computer and dangerous contents on the internet. Furthermore, firewall restricts users and programs to access your computer according to specific rules. If you're using Windows OS, your firewall should be turned on by default.

1. Choose the websites you visit carefully, you can threaten your computer by visiting dubious websites voluntarily. Further, you should pay attention on what links you are actually clicking - do not click on warning windows of fake antivirus programs, fake dating sites, non-existent discounts in fictitious shops, pop-up windows posing to be social networks etc.

2. Do not respond to e-mails requesting your login details and passwords. Furthermore, do not open attachments from dubious e-mail addresses and do not click on links in spam e-mails.

3. Download only the most necessary programs (videoplayers, text editors, etc.). There is no need to download performance improvers for your computer, shareware, or so-called "entertainment" programs which are useless. Most of them are full of spyware, viruses and computer worms.

?4. Before using antispyware and other programs for removing malicious software, contact your computer network administrator first. Using more antivirus and antispyware programs at once might cause malfunction in detection of infected files. Furthermore, Windows OS might not work properly as well.

5. Update not only programs which use the internet network (Mozilla Firefox, Google Chrome, Opera, Skype, Spotify etc.), but also programs, which do not use the internet.

6. Back-up all the important data. Most of us have work, study or private data in our computers, which we do not want to lose. We recommend backing up your data at least once a month (and even more frequently files with higher-frequency of changes). You can back your files up to other computer, CD/DVD, cloud storage (OneDrive, Dropbox), large capacity USB flash drive or external drives. Your computer could become infected to such extent that operating system is vastly damaged and your data could not be recovered again. Furthermore, there might be a hardware flaw in your disk and you can also lose your data.

7. USB flash drive safety, everybody has at least one USB flash drive, but not everyone realizes, that flash drives are one of the causes of virus infection spread. To check if you flash drive is infected, go to "My Computer" right-click the USB drive you want to check and choose option check by antivirus program.

8. All university employees should contact their computer network administrator if they suspect any computer to be infected, contact Computer Center preferably through Helpdesk - at https://helpdesk.upol.cz

A cybercrime is the use of a compurer hardware or software for ilegal or criminal activity. There are new types of frauds emerging in recent years such as phishing and pharming. Some of the inexperienced internet users may be misled by these scams.

Phishing

This type of fraud that uses e-mail communications to retrieve sensitive user data. Received e-mail then looks as if it came from social networks or payment portals etc. These e-mails usually want user to enter their user name and password.

The attacker throws bait to his victim and waits to see if the victim takes the bait. The most common types of phishing messages are information about a failed payment, a request to update security details, a problem with a user account, email box, bank account or customer satisfaction survey. Attackers most typically target emotions such as fear, trust, authority. The email texts will try to scare you into taking some action as quickly as possible (e.g. enter your login details within 24 hours, otherwise your account will be deactivated).

The messages usually request a username and password or encourage you to log in to a fake website.

Phishing emails are usually sent from an address that does not match the sender's name. The email message usually has poor grammar, contains many typos, errors in word inflection, and punctuation is often incorrect. The links contained in the email have a suspicious domain (the domain is what is behind the @ sign - e.g. @upol.cz is the UP domain). The message encourages you to enter sensitive data, trying to scare the recipient into an immediate reaction.

Spearphishing

This is a type of phishing attack where the attacker obtains all available information to best target his attack. The message is written in this way, i.e. tailored to the recipient, as this attack targets an individual, which means that the attacker focuses on a specific person and really gets to know them. Phishing attacks also occur on social networks or during a phone call!

Pharming

This technique is similar to phishing. Offenders receive sensitive data from victims by attacking DNS servers and rewriting IP addresses, redirecting the victim to a fraud online banking systems which are not recognizable from the original. If the website does not behave as usual and will require information it does not require usually, check the address line and if necessary, track your bank security certificates.

Ransomware

Ransomware is malicious code that locks access to a device or encrypts its contents. The attackers then demand a ransom, saying that after paying it, the data will be unlocked. However, unlocking the data is not guaranteed. The code can get into the device, for example by opening an unknown attachment in an email, but infection can also occur through another infected machine on the network. The device reports the need for repair and disk check, as soon as you confirm it, the data is encrypted and a ransom demand pops up.

You can protect yourself from this type of attack by regularly backing up your data. Ideally, back up to an external drive and to the cloud. Regularly update your operating system, applications and, most importantly, your antivirus program. Limit or disable the use of remote desktop, today attacks on devices are often conducted through the use of remote desktop, when the attacker takes control of your device right before your eyes.

Malware

The word malware is a combination of the English words malicious and software, i.e. malicious software. It is malicious software that is intended to provide an attacker with access to your device. The attacker wants to use it to obtain user data, damage or control the device. It is a computer program or any piece of program code created for the purpose of attacking - breaking into a system (infecting it) in order to damage it, control it, steal data, monitor the user, etc.

Keylogger

This is an attack using a program that records all the characters that the user types on the keyboard. It records passwords, credit card numbers, addresses, etc.

General rules for preventing cyber attacks

1. Use a secure Windows system (Mac, Linux).

2. Regularly install updates, including antivirus.

3. Do not ignore computer warning messages.

4. Only install safe programs from known sources.

5. Back up – or use cloud storage or network drives.

6. Protect your password, change it occasionally.

7. Do not use the same password for multiple systems.

8. Never respond to email requests for your password.

9. Lock your computer screen. Automatically.

10. Keep an encrypted disk on your laptop, use a phone lock.

And one more thing: If you are unsure about something, contact your network administrator.