12 IT security commandments for users

04.07.2023

One of the tasks of the ZID is to implement measures for the security of the IT infrastructure of the University of Vienna. It is equally important to train users and raise awareness in the secure use of IT services. The ZID provides extensive information on this.

Multi-factor authentication (MFA) for VPN and Microsoft 365 was recently introduced at the University of Vienna as a further security measure to protect the IT infrastructure. When logging in to the service, not only a password but also a second, technically and physically separate factor must be entered to identify oneself. This makes it much more difficult for attackers to access these systems. In the future, further IT services at the University of Vienna will be secured with a second factor.

Despite high security standards, users should not lose sight of some basic rules when dealing with IT services. The ZID has formulated 12 important IT security rules:

  1. Choose strong passwords and keep them confidential.
    Use the ZID's password tips to choose a secure password.
  2. Use different passwords for different accounts and separate professional and private passwords.
    A password manager helps you to create, manage and apply your individual access data.
  3. Activate multi-factor authentication.
    Securing with a second factor is mandatory at the University of Vienna for VPN, Microsoft 365 and Microsoft Azure. Use the corresponding user guides for setting up a second factor.
  4. Protect your smartphone from unauthorised access - e.g. using a PIN code, password or biometrics.
    Read the tips for daily use of your smartphone and tablet.
  5. Be attentive when surfing the internet.
    On the ZID websites, you can learn how to make browser use safe on your PC, laptop, smartphone or tablet.
  6. Be careful when dealing with e-mails, attachments as well as downloads and exercise healthy skepticism.
    The IT Security Team of the ZID has compiled pracitcal tips and information for the secure use of e-mails.
  7. Keep your devices and software up to date.
    If necessary, activate the function for automatic updates. Also use the information under Daily work on PC and laptop.
  8. Only install and use software from trusted sources.
    For tips, see Using applications securely and Security updates for mobile operating systems.
  9. Use up-to-date virus protection for your desktop device or laptop and set up a firewall.
    Keep the virus scanner you use up to date and watch for any notifications from the system. Be sure to keep the firewall that comes with your operating system turned on. Also use the information under Daily work on PC and laptop.
  10. Create data backups on a regular basis.
    The ZID offers you the possibility to store files on the online storage space of the ZID. Data stored there is backed up regularly. Employees can also use the backup service.
  11. Be careful when handling USB sticks.
    Never plug a USB stick into your device that you do not know or trust. Fraudsters sometimes place USB sticks in public places and infect devices when they are used without hesitation.
  12. Keep professional data confidential and store or process it only on designated devices.
    Lock your screen so that no one can use your computer without authorization. Also find out about data encryption.

You can find all IT security tipps for users on the ZID websites in the IT world IT security.

[Translate to Englisch:] Illustration IT-Security