Security

System and software updates

Keep your operating system and software up-to-date, enable automatic updates
Regularly uninstall unnecessary software to reduce potential vulnerabilities
Run antivirus software
Lock the screen when you leave the room (enable auto-lock after 3 min)
Optional: Turn on disk encryption
Optional: Document your setup
Optional: Use sandboxing or virtualization for testing software or opening unknown files

Backups

Regular backups on an external device, at least weekly (e.g., Back-in-time (Linux) or Kopia)
Share Git repositories on GitHub and with the team (publishing and distributing data across multiple devices is a useful measure against ransomware attacks)
Test backups periodically to ensure data integrity and accessibility
Optional: Create a plan for quick recovery after data loss

Passwords

Use strong passwords
Use different passwords for different accounts
Understand phishing attacks targeting password theft
Optional: Use a password manager (such as KeePass)
Optional: Regularly change passwords, especially after suspected breaches

Confidential data and communication

Store sensitive data (such as grades) in directories with restricted access rights and do not postit online without consent
Use a Nextcloud directory for sharing data (TODO: link description)
Prefer end-to-end encrypted channels
Be aware of phishing and social engineering attacks
Optional: Classify confidential data in the handbook (see example)
Optional: Sign your E-Mails

Authentication and access

Use 2-factor authentication whenever possible
Give access to confidential data only when needed and revoke it when it is no longer required
For confidential data: Apply the principle of least privilege (users should have only the access necessary for their roles)

Spam or abusive language in open GitHub repositories

Optional: See block or report users

Travel

Do not leave your equipment out of sight
Do not log into your online accounts on other devices
Turn off your computer and phone completely when traveling across borders and checkpoints
Optional: Do not use public WiFi hotspots or charging stations
Optional: Use VPN and communicate through encrypted channels
Optional: Use privacy screens to prevent shoulder surfing when working in public spaces, do not work on confidential data when others can see your screen

General Security Practices

Educate team members with regular security training on the latest threats and best practices
Maintain a clear incident response plan for addressing breaches or malware infections

Resources

Digital Self Defense
Ratgeber, Digitale Gesellschaft
personal-security-checklist
Scicomm-Support (Wir unterstützen und beraten Wissenschaftlerinnen und Wissenschaftskommunikatorinnen bei Angriffen und unsachlichen Konflikten in der Wissenschaftskommunikation.)

--- title: "Security" --- ## System and software updates - Keep your operating system and software up-to-date, enable automatic updates - Regularly uninstall unnecessary software to reduce potential vulnerabilities - Run antivirus software - Lock the screen when you leave the room (enable auto-lock after 3 min) - *Optional: Turn on disk encryption* - *Optional: Document your setup* - *Optional: Use sandboxing or virtualization for testing software or opening unknown files* ## Backups - Regular backups on an external device, at least weekly (e.g., [Back-in-time](https://github.com/bit-team/backintime){target=_blank} (Linux) or [Kopia](https://github.com/kopia/kopia?tab=readme-ov-file){target=_blank}) - Share Git repositories on GitHub and with the team (publishing and distributing data across multiple devices is a useful measure against ransomware attacks) - Test backups periodically to ensure data integrity and accessibility - *Optional: Create a plan for quick recovery after data loss* ## Passwords - Use strong passwords - Use different passwords for different accounts - Understand phishing attacks targeting password theft - *Optional: Use a password manager (such as [KeePass](https://keepass.info/){target=_blank})* - *Optional: Regularly change passwords, especially after suspected breaches* ## Confidential data and communication - Store sensitive data (such as grades) in directories with restricted access rights and do not postit online without consent - Use a Nextcloud directory for sharing data (**TODO**: link description) - Prefer end-to-end encrypted channels - Be aware of [phishing and social engineering attacks](https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Social-Engineering/social-engineering_node.html){target=_blank} - *Optional: Classify confidential data in the handbook (see [example](https://digital-work-lab.github.io/handbook/docs/10-lab/11_hr.html){target=_blank})* - *Optional: [Sign your E-Mails](https://www.uni-bamberg.de/its/dienstleistungen/iam/zertifikate/e-mail/){target=_blank}* ## Authentication and access - Use 2-factor authentication whenever possible - Give access to confidential data only when needed and revoke it when it is no longer required - For confidential data: Apply the principle of least privilege (users should have only the access necessary for their roles) ## Spam or abusive language in open GitHub repositories - *Optional: See [block or report users](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam){target=_blank}* ## Travel - Do not leave your equipment out of sight - Do not log into your online accounts on other devices - Turn off your computer and phone completely when traveling across borders and checkpoints - *Optional: Do not use public WiFi hotspots or charging stations* - *Optional: Use VPN and communicate through encrypted channels* - *Optional: Use privacy screens to prevent shoulder surfing when working in public spaces, do not work on confidential data when others can see your screen* ## General Security Practices - Educate team members with regular security training on the latest threats and best practices - Maintain a clear incident response plan for addressing breaches or malware infections ## Resources - [Digital Self Defense](https://defendourmovements.org/5-tips-for-online-self-defense/){target=_blank} - [Ratgeber, Digitale Gesellschaft](https://www.digitale-gesellschaft.ch/ratgeber/en/){target=_blank} - [personal-security-checklist](https://github.com/Lissy93/personal-security-checklist/blob/HEAD/CHECKLIST.md){target=_blank} - [Scicomm-Support](https://scicomm-support.de/){target=_blank} (Wir unterstützen und beraten Wissenschaftler*innen und Wissenschaftskommunikator*innen bei Angriffen und unsachlichen Konflikten in der Wissenschaftskommunikation.)