Tips for safe digital working

Request your Bitwarden password manager with your VU email now!

Did you already know that only one in three people use strong passwords? While a large proportion already know that they should use strong passwords.

To protect yourself and your data, it is important to change and/or strengthen your passwords from time to time. A simple way to make passwords stronger is to replace letters and numbers with punctuation, e.g. "W@kk3rW0rd3n!" instead of "WakenWorden!". This can simultaneously help as a reminder to unlock or 'wake up' your laptop, for example.

Password Checkup
In addition, a Password Checkup makes it easy to find out which of your accounts are no longer safe due to data breaches or hackers.

• On your iPhone, you can go to Settings → Passwords → Security Recommendations
• Google/android has a Password Checkup for this: https: //passwords.google.com/

More information on a secure workplace can be found on VU's modern workplace page

Test your phishing knowledge with these 8 questions from the central government's Digital Trust Centre!

Being able to properly weigh up whether to open an email safely is easier said than done. It is often very difficult to spot fake emails, especially if they are targeted attacks. Below is some advice on how to spot possible fake emails.

1. E-mail from bank or government
   Many phishing attacks happen in the name of banks or Government, such as the tax authorities or DigiD.
2. "Click here to log in"
   Always be alert to e-mails with links. Avoid links by going to the relevant website yourself.
3. "Something is about to expire"
   Pay close attention if this is in the e-mail. It may be a tactic to hunt you down so that you are less alert.
4. "Attention! Important"
   With this text, malicious people can try to lead you astray. So be vigilant.
5. "Urgent" or "urgent"
   Always be vigilant with these words and don't let them rush you, causing you to make mistakes.
6. Exclamation mark on e-mail
   A colleague can give urgency to an e-mail by adding a (red) exclamation mark to the e-mail. Phishing scammers also use this.
7. No personal salutation
   An important e-mail often contains a personal salutation. If this is missing, it may indicate a phishing attack.
8. Sender's e-mail address looks strange
   Always check the sender's e-mail address. If it looks different from what you are used to, give the sender a call.
9. Unexpected request from someone you know
   Do you receive a strange or unexpected request from someone you know? Then check with this acquaintance via another channel. It could be a scam (spoofing).
10. Quote or invoice as an attachment
    Attachments (e.g. PDFs or Word documents) are often used to install malware. So be critical when opening attachments.
11. Language errors
    Although becoming less and less, many phishing messages still contain language errors and sloppiness.
12. Current world news
    Current events are often used in phishing campaigns, such as fake corona messages that appear to come from the government.

Software updates plug security holes that hackers can exploit. By installing updates immediately, you protect not only your own data, but also that of colleagues and fellow students. So don't put them off: a few minutes updating will prevent a lot of hassle.

A simple reboot does more than you think. Restarting your laptop, phone or tablet every week ensures that security updates are properly installed and temporary vulnerabilities are fixed. This keeps your device faster, more stable and better protected against digital threats.

Public Wi-Fi networks, such as in cafés or trains, seem convenient but are often insecure. Hackers can easily watch what you do or even intercept your passwords. Rather, use your mobile hotspot or a VPN (such as EduVPN) to stay safe online wherever you are.

Pause? Make it a good habit and lock your screen.

Windows shortkey: Windows Key + L
Mac shortkey: Ctrl + Cmd + Q

Make sure your computer is locked or closed when you walk away from your workstation and can only be unlocked again with the password.

It's happened, there's malware on your laptop. Just because you went to get a coffee. Should be possible, you thought. But in those few minutes, you fell victim to a coffee break hacker. Someone who infects your computer with a few clicks. And so effortlessly read through your entire inbox.

For a complete overview, see the International Travel Fact Sheet.

If you are traveling for VU and this work requires access to VU services, please note the following points to avoid a security incident causing damage to the VU network:

At other educational and research institutions, you can usually use institutional access through Eduroam, always be sure to check if this is a legitimate point and check with that institution if necessary! Consider using the Eduroam app.

Do not rely on public or hotel wifi, even if an Eduroam point is available: use your phone's 4G network or EduVPN where possible.

• Try to log on to VU systems as little as possible. The less often you use your account information, the less likely your data will be captured.
• Secure your devices with passwords and encryption.
• Use VU Onedrive for file storage and sharing. Under no circumstances use commercial storage services!
• Do not use public computers, for example in hotel lobbies.
• Watch your surroundings when logging in, avoid having someone looking over your shoulder.
• When you return, change your passwords that you used during your trip. You can change your password by clicking on your profile in the dashboard.
• Call (+31 20 5980000) the VU if your laptop or other VU devices are stolen/lost or email the IT Service Desk

We advise you to send large confidential data in a file via SURFfilesender (up to 500GB) or Zivver (up to 5TB) with encryption.

If you know that another party is going to send you a confidential file, ask if they also use SURFfilesender. You can also send people who don't have an account for SURF services a voucher for SURFfilesender.

Does a confidential document arrive by e-mail anyway? Copy that file to a trusted environment (e.g. Zivver) and delete the original from the email.

Don't panic, but report it right away! That way we can help you the best we can.

Ransomware is a type of malware that encrypts your files and only releases them after you pay a ransom. This poses a great risk to both employees and students: you can lose important documents, and even entire systems can be taken down.

How do you prevent ransomware?

• Don't just click on links or attachments in emails, especially from unknown senders.
• Use strong passwords and change them regularly.
• Keep backups of important files in a safe place.
• Update your device and software to close vulnerabilities.
• Alwaysreport suspicious emails to the IT department.

Together, we keep our study and work environment safe. You play an important role in that!

At work, your files are safe in the cloud. But what about your personal laptop, phone or tablet?

Think about your own laptop, phone or tablet: what happens if it crashes, gets stolen or becomes infected with ransomware?

What can you do?

• Back up regularly, such as via a cloud solution or external drive.
• Set up automatic backups.
• Keep at least one backup separate from your device.

Make sure your data is safe, even outside of work.

Whether you are downloading a new app or buying an accessory for your laptop: always choose reliable suppliers.

Why?
Illegal or fake software, unknown webshops or fake devices can contain malware such as spyware or ransomware as well as pose a risk to your device and data. So:

• Download apps only through the official appstores.
• Buy hardware from authorized (web) stores. When in doubt, check TrustPilot reviews.
• Avoid "too good to be true" deals from unknown sites.

By choosing consciously, you avoid digital risks. Safe use starts with a safe source.