Enjoy Summer Days with Peaceful Mind and Secured Data

With the beginning of summer and vacations, we have prepared some tips for safe work and data security in Microsoft 365. Rest without worrying with our tips for secure mail, document sharing or group and team collaboration. Thanks to them, you will avoid a number of unpleasant situations and enjoy your free time with your data safe.

7 Jun 2023

It is enough to follow a few simple rules that contribute to better cybersecurity at work and study, and you will immediately have less to worry about after returning from vacations and trips. We'll give advice on what to do about spam and phishing, teach you how to share documents safely, and show you how to work on someone else's device to avoid leaking your credentials. In short, let your summer be hot only at beaches, and not in terms of cybersecurity!

Do Not Forward Your Work Emails to Your Private Mailbox

The first tip is very easy. Do not forward work emails to your private mailboxes. There is thus a higher risk of data leakage - and few people realize that if the message contains personal data, there is also a violation of the terms of their protection (e.g. GDPR), because after forwarding, this data is not found in the IT systems of the university or contractual partners. Simply keep your work mail in your work mailbox.

No description

No description

Spam and Phishing - How to Deal With Them

Although we have anti-spam and anti-phishing filters in the university, they are not always 100% successful and occasionally some unsolicited mail will reach your inbox. For such cases, there is a spam reporting tool in MS Outlook - if unrecognized spam or phishing arrives in your inbox, mark such a message as spam. In the case of spam, automatic filters will analyze the message and improve the results in the future. If you mark message as phishing, it will be reviewed by the CSIRT-MU security team.

Therefore, it is advisable to distinguish what is spam and what is phishing - not only from the point of view of danger, but also from the point of view of the burden on other colleagues who check the report. You can find more about phishing in the clear article.

If you need to permanently block one of the e-mail addresses, or if you do not want e-mails from it to fall into the junk category, you can use the list of blocked or safe senders in Outlook. You can also find more information about dealing with spam on our website.

Share Documents Smartly

If a document contains confidential information, always think about who you share it with. It's also a good idea to follow the safe sharing rules:

  • Consider carefully who needs to have access to the documents or folders. It is better to share targetedly to specific people than across the board.
  • Sharing via anonymous links is risky - you never know who else might get access to the document. Only one inattentive colleague unwittingly forward the link via an email, and the problem appears! If you are already using anonymous links, you can limit their validity.
  • Even if you choose the "People at MUNI" sharing type, that's a very wide range of users! If such a link starts to spread around the university, not only people from other workplaces can access the document, but also, for example, students or externs with a so-called sponsored account.
  • When sharing, consider what permission others need to access the document or folder - they don't always need edit rights directly! It is often enough that they can view the document or just suggest edits. Thanks to an appropriately set permission, you retain control over the document.
  • Don't forget that the recipient of the share content can also share the documents further!

Need a reminder, how to share documents? Take a look at the clear instructions.​

No description

No description

Conduct Regular Sharing Reviews

Collaboration is a daily bread for most of us, so it's normal to share files both from OneDrive and across various teams and workgroups from Sharepoint. After a while, we can easily lose track of who we've shared what with and who has access to what. Fortunately, there are ways to audit sharing and access.

Be Carefull with Public MS 365 Groups and Teams

Teams, Microsoft 365 Groups, and communities in Yammer (collectively referred to as Teams) have two access options – private or public. If the team is set to public, anyone can join it without the knowledge of the team owner, and the documents are also searchable and accessible to everyone in the university. We therefore recommend that you check your teams and possibly change the settings according to your preference using the instructions.

Often, the public setting of teams or groups has a clear purpose – for example, they are university-wide discussion groups or interest groups. Here, on the contrary, it is desirable that everyone can join them and that their owners do not have to approve new users. However, for most teams, they should be private.

No description

No description

Check Your Team Memberships

As the number of projects grows, so do the number of teams, groups, shared boxes, and calendars that you own and share or are members of. That's why it's a good idea to check them once in a while to check who else is among the owners or members and how permissions for access or sharing are set. If you no longer need to be a member of a certain group, it is advisable to leave it.

  • See an overview of teams, groups and communities where you are an owner
  • See an overview of the teams, groups and communities where you are a member

How to Behave on a Foreign Device?

If you work on devices that you (for example) share with other people, always log in to Windows system with your own account and remember to log out. If it is not possible to use your own accounts on the device (e.g. computers at scientific instruments or in lecture halls), access the services only via the web interface and in anonymous browser mode. You don't have to think about logging out and deleting your login information, but just close the anonymous browser window and it will forget your login information.

No description

No description

Be Careful When Communicating

If you report any problem, only university employees will communicate with you - either colleagues from the faculty IT centers or from the Institute of Computer Science. You will never be contacted by Microsoft technical support. If someone calls you claiming to be Microsoft support, never give them any information and end the call.

Never share your login or other confidential information by email or phone. Technical support from CIT or Service Desk will never require them. If you are not sure who is contacting you (e.g. in the case of an external company), do not hesitate to verify the contact details (email address, phone number) on the company's official website.

More articles

All articles

You are running an old browser version. We recommend updating your browser to its latest version.