Read out

IT Security Recommendations

IT-SER­VICES provides ad­vice for the re­spons­ible hand­ling with IT re­sources. Please con­sider our IT dir­ect­ives and policies.

IT se­cur­ity is bor­ing? So are in­sur­ances! But just as long as they are not needed. There is no dif­fer­ence if someone cracks your safe or steals your note­book. In both cases, con­fid­en­tial and im­port­ant data / doc­u­ments are lost. So make your di­gital en­vir­on­ment safer!

Please mind the fol­low­ing re­com­mend­a­tions for the re­spons­ible hand­ling with IT re­sources – at WU as well as at home. Fur­ther­more, when work­ing / study­ing at WU it is im­port­ant to con­sider the cur­rent IT dir­ect­ives and policies.

If you want to learn more about prac­tical IT se­cur­ity, please take a look at the re­com­mend­a­tions in the IT Se­cur­ity Manual for Em­ploy­ees (Ger­man only) by it-safe.at.

Mind your lo­gin data

Your di­gital life can eas­ily be ac­cessed with a user­name and a pass­word. Every­one that knows your lo­gin data gains im­me­di­ate ac­cess to your per­sonal data.

Show more
Why is this im­port­ant?

Re­spons­ible hand­ling with lo­gin data does not only pro­tect your com­puter and your data, it also pro­tects sens­it­ive data of the uni­versity ad­min­is­tra­tion, i.e. rights of em­ploy­ees and stu­dents.

What can I do?

Al­ways mind the fol­low­ing points when us­ing your WU lo­gin data.

  • Lo­gin data con­sist of a user­name and an ac­count pass­word. You must NEVER pass them on to a third party.

  • NEVER use your WU lo­gin data on po­ten­tially cor­rup­ted devices such as on hotel devices or in In­ter­net cafés.

  • Al­ways log out AND take your USB flash drive after work­ing on pub­lic com­puters (e.g. teacher’s PCs in teach­ing rooms).

  • Do not use your WU ac­count pass­word for log­ging in to other sys­tems (e.g. amazon, eBay, Wr. Linien, google, gmx etc.)

  • Choose com­plex pass­words which con­sist of let­ters, num­bers and sym­bols.

  • Change your pass­words reg­u­larly.

  • NEVER write down your pass­word on the com­puter or leave notes with it any­where nearby the com­puter.

  • NEVER save pass­words when log­ging in, par­tic­u­larly not on the browser.

  • Use WU lo­gin data ONLY for WU web-ser­vices.

  • NEVER trans­mit WU lo­gin data via un­en­cryp­ted in­ter­net con­nec­tions.

  • Only use web­sites start­ing with “ht­tps”.

  • Do not use apps which re­quest WU lo­gin data but are not of­fi­cial apps of WU.

  • Do not answer emails which ask you - for whatever reason - to en­ter WU lo­gin data on linked web­sites.

In case of fur­ther ques­tions, please send an email to in­fosec@wu.ac.at.

Choose strong pass­words

Your pass­word is the most im­port­ant key to di­gital sys­tems. So choose safe pass­words and change them reg­u­larly.

Show more
Why is this im­port­ant?

If your pass­word is easy to guess or is re­lated to your per­sonal life, third parties can eas­ily ac­cess your di­gital life. In ad­di­tion, stolen pass­words can be misused for vari­ous pur­poses right away or later on – this is for as long as they have not been changed.

What can I do?

Change your pass­word reg­u­larly (we re­com­mend: after 42 days at the latest). You should un­der no cir­cum­stances pass it on!

You can change your WU pass­words in the Con­trolpanel ap­plic­a­tion.

Re­com­mend­a­tions for choss­ing strong pass­words

  • Do not use names or char­ac­ter strings which are re­lated to your per­son. Examples of bad pass­words are your date of birth, your name or parts of it, the names of re­l­at­ives, friends or pets and your tele­phone num­ber. Avoid char­ac­ter strings which re­peat them­selves several times or ob­vi­ous char­ac­ter strings such as ab­cdef, qwert, 12345 etc.

  • A strong pass­word con­sists of at least 10 char­ac­ters which are a com­bin­a­tion of let­ters, num­bers and sym­bols and can­not be found in dic­tion­ar­ies or lex­ica. They should also con­tain up­per and lower­case let­ters. An example of a strong pass­word: bFeD­8erx0!p An example of an in­sec­ure pass­word: susi1234

  • Mem­or­ize your pass­word. Do not write it down!
    A hint: Think of a phrase. Then pick the first let­ter from each word and sub­sti­tute one or two let­ters with a num­ber. For example: “A lot of new stu­dents start their stud­ies at WU in the win­ter semester :)” If you re­place “new” e.g. with the num­ber 9, your pass­word is “alo9sst­saW­itws:)”. This pass­word can hardly be guessed, but you can re­mem­ber it eas­ily.

  • Pass­words which are used for sens­it­ive ap­plic­a­tions should not be used for trivial ap­plic­a­tions as well. So DO NOT use your WU ac­count pass­word for log­ging in to other sys­tems (e.g. amazon, eBay, Wiener Linien, google, gmx etc.)

Mind your mobile devices

Your mobile devices prob­ably know you bet­ter than your friends do. Cal­en­dar­ing, emails, pic­tures and other private data are saved on them.

Show more
Why is this im­port­ant?

Al­ways mind your mobile devices be­cause they can eas­ily be stolen or lost. Apart from los­ing your data, they can also be misused by third parties.

What can I do?
  • Set up a per­sonal ac­cess code
    The code or the pass­word must al­ways be entered be­fore us­ing the device. Some devices sup­port bio­met­ric iden­ti­fic­a­tion (finger­prints) which makes the hand­ling easier. Avoid num­ber com­bin­a­tion that can eas­ily be guessed such as 0000, 12345, your date of birth, your post code, etc. The web­sites of the pro­du­cers of­fer re­spect­ive in­struc­tions:

  • Use the auto­matic lock func­tion
    The wait­ing period should be as short as possible, e.g. one or two minutes on the smart­phone. Lock activ­a­tion can usu­ally be done manu­ally when turn­ing on and off the device.

  • Save your data reg­u­larly
    for example on an­other device (laptop, ex­ternal hard disk, etc.) In­stall any ne­ces­sary soft­ware on your private device. Then de­lete data that you do not use from your mobile device.

  • Only save the most im­port­ant in­form­a­tion on your mobile device
    Con­sider which data and apps you really need (e.g. Face­book, private emails, apps). Only save pass­words for ser­vices which you fre­quently ac­cess. As regards other ser­vices, en­ter your pass­word manu­ally if re­ques­ted.

  • In case of loss: Use loca­tion and de­le­tion ser­vices
    A lot of pro­du­cers of devices of­fer these ser­vices. In order to make use of these ser­vices, you must re­gister your device first – and the device has to be in your pos­ses­sion.

  • Al­ways store con­fid­en­tial data en­cryp­ted on your device.

  • In ho­tels, put the devices in the room safe when you leave – even if it is only for a short time.

  • Never leave your mobile devices in your car or at any places where they can eas­ily be seen (e.g. on a table in pub­lic cafés).

Em­ploy­ees can find ad­di­tional ad­vice for the hand­ling with em­ployee cell phones on the in­tranet.