With the beginning of summer and vacations, we have prepared some tips for safe work and data security in Microsoft 365. Rest without worrying with our tips for secure mail, document sharing or group and team collaboration. Thanks to them, you will avoid a number of unpleasant situations and enjoy your free time with your data safe.
It is enough to follow a few simple rules that contribute to better cybersecurity at work and study, and you will immediately have less to worry about after returning from vacations and trips. We'll give advice on what to do about spam and phishing, teach you how to share documents safely, and show you how to work on someone else's device to avoid leaking your credentials. In short, let your summer be hot only at beaches, and not in terms of cybersecurity!
The first tip is very easy. Do not forward work emails to your private mailboxes. There is thus a higher risk of data leakage - and few people realize that if the message contains personal data, there is also a violation of the terms of their protection (e.g. GDPR), because after forwarding, this data is not found in the IT systems of the university or contractual partners. Simply keep your work mail in your work mailbox.
Although we have anti-spam and anti-phishing filters in the university, they are not always 100% successful and occasionally some unsolicited mail will reach your inbox. For such cases, there is a spam reporting tool in MS Outlook - if unrecognized spam or phishing arrives in your inbox, mark such a message as spam. In the case of spam, automatic filters will analyze the message and improve the results in the future. If you mark message as phishing, it will be reviewed by the CSIRT-MU security team.
Therefore, it is advisable to distinguish what is spam and what is phishing - not only from the point of view of danger, but also from the point of view of the burden on other colleagues who check the report. You can find more about phishing in the clear article.
If you need to permanently block one of the e-mail addresses, or if you do not want e-mails from it to fall into the junk category, you can use the list of blocked or safe senders in Outlook. You can also find more information about dealing with spam on our website.
If a document contains confidential information, always think about who you share it with. It's also a good idea to follow the safe sharing rules:
Need a reminder, how to share documents? Take a look at the clear instructions.
Collaboration is a daily bread for most of us, so it's normal to share files both from OneDrive and across various teams and workgroups from Sharepoint. After a while, we can easily lose track of who we've shared what with and who has access to what. Fortunately, there are ways to audit sharing and access.
Teams, Microsoft 365 Groups, and communities in Yammer (collectively referred to as Teams) have two access options – private or public. If the team is set to public, anyone can join it without the knowledge of the team owner, and the documents are also searchable and accessible to everyone in the university. We therefore recommend that you check your teams and possibly change the settings according to your preference using the instructions.
Often, the public setting of teams or groups has a clear purpose – for example, they are university-wide discussion groups or interest groups. Here, on the contrary, it is desirable that everyone can join them and that their owners do not have to approve new users. However, for most teams, they should be private.
As the number of projects grows, so do the number of teams, groups, shared boxes, and calendars that you own and share or are members of. That's why it's a good idea to check them once in a while to check who else is among the owners or members and how permissions for access or sharing are set. If you no longer need to be a member of a certain group, it is advisable to leave it.
If you work on devices that you (for example) share with other people, always log in to Windows system with your own account and remember to log out. If it is not possible to use your own accounts on the device (e.g. computers at scientific instruments or in lecture halls), access the services only via the web interface and in anonymous browser mode. You don't have to think about logging out and deleting your login information, but just close the anonymous browser window and it will forget your login information.
If you report any problem, only university employees will communicate with you - either colleagues from the faculty IT centers or from the Institute of Computer Science. You will never be contacted by Microsoft technical support. If someone calls you claiming to be Microsoft support, never give them any information and end the call.
Never share your login or other confidential information by email or phone. Technical support from CIT or Service Desk will never require them. If you are not sure who is contacting you (e.g. in the case of an external company), do not hesitate to verify the contact details (email address, phone number) on the company's official website.
Do you want to know the news about Microsoft 365 tools used at the university? What changes and improvements await us in 2024? We have prepared a webinar for you, where we will not only summarize all the current information, but also look at tips on how to work (together) more securely and efficiently in Microsoft 365.
Microsoft 365 is one of the basic tools for work and study at Masaryk University. That's why colleagues from the Institute of Computing Science have prepared a course for you that will help you become more familiar with it. Try it yourself!
