10.72 Security

System and software updates

• Keep your operating system and software up-to-date, enable automatic updates
• Regularly uninstall unnecessary software to reduce potential vulnerabilities
• Run antivirus software
• Lock the screen when you leave the room (enable auto-lock after 3 min)
• Optional: Turn on disk encryption
• Optional: Document your setup
• Optional: Use sandboxing or virtualization for testing software or opening unknown files

Backups

• Regular backups on an external device, at least weekly (e.g., Back-in-time (Linux) or Kopia)
• Share Git repositories on GitHub and with the team (publishing and distributing data across multiple devices is a useful measure against ransomware attacks)
• Test backups periodically to ensure data integrity and accessibility
• Optional: Create a plan for quick recovery after data loss

Passwords

• Use strong passwords
• Use different passwords for different accounts
• Understand phishing attacks targeting password theft
• Optional: Use a password manager (such as KeePass)
• Optional: Regularly change passwords, especially after suspected breaches

Confidential data and communication

• Store sensitive data (such as grades) in directories with restricted access rights and do not postit online without consent
• Use a Nextcloud directory for sharing data (TODO: link description)
• Prefer end-to-end encrypted channels
• Be aware of phishing and social engineering attacks
• Optional: Classify confidential data in the handbook (see example)
• Optional: Sign your E-Mails

Authentication and access

• Use 2-factor authentication whenever possible
• Give access to confidential data only when needed and revoke it when it is no longer required
• For confidential data: Apply the principle of least privilege (users should have only the access necessary for their roles)

Spam or abusive language in open GitHub repositories

• Optional: See block or report users

Travel

• Do not leave your equipment out of sight
• Do not log into your online accounts on other devices
• Turn off your computer and phone completely when traveling across borders and checkpoints
• Optional: Do not use public WiFi hotspots or charging stations
• Optional: Use VPN and communicate through encrypted channels
• Optional: Use privacy screens to prevent shoulder surfing when working in public spaces, do not work on confidential data when others can see your screen

General Security Practices

• Educate team members with regular security training on the latest threats and best practices
• Maintain a clear incident response plan for addressing breaches or malware infections

Resources

• Digital Self Defense
• Ratgeber, Digitale Gesellschaft
• personal-security-checklist