10.72 Security

System and software updates

  • Keep your operating system and software up-to-date, enable automatic updates
  • Regularly uninstall unnecessary software to reduce potential vulnerabilities
  • Run antivirus software
  • Lock the screen when you leave the room (enable auto-lock after 3 min)
  • Optional: Turn on disk encryption
  • Optional: Document your setup
  • Optional: Use sandboxing or virtualization for testing software or opening unknown files

Backups

  • Regular backups on an external device, at least weekly (e.g., Back-in-time (Linux) or Kopia)
  • Share Git repositories on GitHub and with the team (publishing and distributing data across multiple devices is a useful measure against ransomware attacks)
  • Test backups periodically to ensure data integrity and accessibility
  • Optional: Create a plan for quick recovery after data loss

Passwords

  • Use strong passwords
  • Use different passwords for different accounts
  • Understand phishing attacks targeting password theft
  • Optional: Use a password manager (such as KeePass)
  • Optional: Regularly change passwords, especially after suspected breaches

Confidential data and communication

  • Store sensitive data (such as grades) in directories with restricted access rights and do not postit online without consent
  • Use a Nextcloud directory for sharing data (TODO: link description)
  • Prefer end-to-end encrypted channels
  • Be aware of phishing and social engineering attacks
  • Optional: Classify confidential data in the handbook (see example)
  • Optional: Sign your E-Mails

Authentication and access

  • Use 2-factor authentication whenever possible
  • Give access to confidential data only when needed and revoke it when it is no longer required
  • For confidential data: Apply the principle of least privilege (users should have only the access necessary for their roles)

Spam or abusive language in open GitHub repositories

Travel

  • Do not leave your equipment out of sight
  • Do not log into your online accounts on other devices
  • Turn off your computer and phone completely when traveling across borders and checkpoints
  • Optional: Do not use public WiFi hotspots or charging stations
  • Optional: Use VPN and communicate through encrypted channels
  • Optional: Use privacy screens to prevent shoulder surfing when working in public spaces, do not work on confidential data when others can see your screen

General Security Practices

  • Educate team members with regular security training on the latest threats and best practices
  • Maintain a clear incident response plan for addressing breaches or malware infections

Resources