Go to main content | Go to main menu | Go to search

IT MU Rules of Use

IT MU refers to “a set of technical and software equipment, networks, and services intended for data processing at Masaryk University” – in other words, computer technology, software, and services managed and provided by Masaryk University to its employees and students.

These rules constitute a methodological directive that is binding for all employees and students of Masaryk University. They build upon the university’s internal regulations and existing recommendations. The rules are designed to offer users a clear interpretation and links to related guides. In one place, you will find all the key information necessary for the safe and effective use of IT at MU. Individual departments may further expand or tighten these rules, but not relax them.

By adhering to these rules and avoiding prohibited activities, you contribute to the safe, reliable, and efficient operation of Masaryk University’s information technologies. If you have any questions or require further information, please do not hesitate to contact IT support.

MU Official Notice Board IT Services Catalogue Contact IT Support Report a Cybersecurity Incident

Obligations

1. Use IT MU for work or study purposes

Reason: Protecting the institution's reputation and security and effectively using IT MU available resources. 
Reference: MU Directive No. 10/2017 - Use of Information Technologies, article 3.

What to do:

  • Use IT MU resources primarily for work or study tasks.
  • For communication and storing data related to your work or study responsibilities, use only official university platforms (your university e-mail, Microsoft 365 cloud environment, Google Workspace).

What not to do:

  • Do not use IT MU for personal commercial activities, political or religious advocacy, or any illegal activities.

2. Protect the confidentiality and integrity of login credentials

Reason: Unauthorised sharing or weak passwords may allow attackers to misuse your login credentials, which may also affect the functioning of IT MU.
Reference: MU Directive No. 10/2017 - Use of Information Technologies, article 4.

What to do:

What not to do:

  • Do not share your password or other authentication credentials with anyone.
  • Avoid using simple or easily guessable ones.

We recommend

Go through the online Cyber Compass course to familiarise yourself with the basics of cybersecurity. Start using a password manager – you will find out how in the Cyber Compass.

3. Report security incidents immediately

Reason: A prompt response enables swift remediation and minimisation of damages that could compromise IT MU security.
Reference: MU Directive No. 10/2017 - Use of Information Technologies, article 3, paragraph 3c.

What to do:

  • Immediately report any suspicious activity or incident that could threaten data security or system functionality to MU  Cybersecurity Team. This may include phishing, suspicious emails, unexpected system changes, and similar issues.

What not to do:

  • Do not ignore or postpone reporting incidents, even if they seem minor.
  • Do not attempt to resolve security incidents on your own.

We recommend

In addition to the linked form, you can also use a dedicated button in Outlook to report fraudulent e-mails.

4. Read emails regularly and respond to official communications

Reason: Responding immediately to official communications will ensure that you are always informed and able to prevent potential security risks.
Reference: MU Directive No. 10/2017 - Use of Information Technologies, article 3, paragraph. 4.

What to do:

  • Regularly check your university e-mail inbox (or inboxes) and react to important announcements regarding security, updates, or changes in regulations.
  • Strictly follow the instructions contained in official e-mails.
  • If you are unsure about what is being asked of you, do not hesitate to ask.

What not to do:

  • Do not ignore messages sent to your university e-mail. They may contain crucial information about changes in IT policy or alerts about security threats that could require your action (e.g. system updates or incident reporting).
  • Do not set up email forwarding to private accounts (e.g. Google, Seznam), nor configure sending from MUNI addresses via these private accounts. Due to security-enhancing technical measures, such messages may fail to be delivered.

We recommend

Check whether you have filtering junk email and spam in Outlook set up correctly.

You likely have multiple university email accounts. Set up forwarding to one of them.
If you use email clients on your devices, make sure to use only the recommended konfigurations for incoming and outgoing mail servers.

5. Follow the instructions and regulations of the MU's IT administrators

Reason: By following the prescribed rules, you contribute to the unified and secure management of IT at Masaryk University. The central administrator is the Institute of Computer Science (ICS), while the administrator of a specific IT MU component is an MU employee responsible for its administration (typically employees of faculties' centers for information technologies).
Reference: MU Directive No. 10/2017 - Use of Information Technologies, article 3, paragraph 3a.

What to do:

      • Follow all instructions and rules issued by IT MU administrators or other responsible parties (such as your supervisors or the MU Cybersecurity Team).
      • Use only approved and supported software and hardware resources.

What not to do:

  • Do not use unauthorized applications, software, or devices that have not been approved by the IT administrator.
  • Do not bypass technical restrictions or security measures put in place to protect IT MU systems

We recommend

Find out the contact information for your IT administrator so you know whom to reach out to in case of technical issues

6. Handle sensitive and personal data with care and discretion

Reason: Prevention of data breaches and protection of personal data in accordance with legislative requirements (e.g. GDPR). Using university-managed platforms for communication and data sharing reduces the risk of information leakage to third parties.
Reference: MU Directive No. 1/2018 - Protection and Processing of Personal Data.

What to do:

  • For storing and sharing data related to your work, use only university-recommended storage solutions.
  • Share information exclusively with individuals who are authorized to access it, and only through university-managed channels (e.g. MS Teams or university e-mail).
  • When handling sensitive and personal data, maintain confidentiality of the information you process.
  • Comply with all obligations under GDPR, MU Directive No. 1/2018 - Protection and Processing of Personal Data, and follow the principles and recommendations for data handling.

What not to do:

  • Do not use personal communication platforms (such as private e-mail, Messenger, WhatsApp, Signal, Telegram, Discord, Slack, etc.) to share sensitive or personal data.
  • Do not share internal work-related information, sensitive or personal data via public cloud services (such as uschovna.cz, leteckaposta.cz, ulozto.cz, webshare.cz, etc.) or your private accounts.
  • Do not use personal e-mail accounts or communication platforms not managed by the university to transmit or share sensitive or personal information.

We recommend

Complete the Processing and Protection of Personal Data for MU Employees course in the IS MU.

Recommendations

To enhance security and ensure more comfortable use of MU’s IT environment and services, it is advisable to follow a few additional recommendations.

1. Use a password manager and multi-factor authentication

Reason: These measures significantly reduce the risk of unauthorized access, even if one of the authentication factors is compromised.
Reference: Recommendations for safely navigating the cyber world, NCISA.

We recommend:

  • Use a password manager to help you create and securely store complex, unique passwords.
  • Enable multi-factor authentication (MFA) for university services.
  • Use MFA on your personal accounts as well, especially for email, social media, and banking. You can find links to the most common ones in the Cyber Compass.

We do not recommend:

  • Do not reuse the same password across different services.
  • Avoid using weak and easily guessable passwords.
  • Whenever possible, steer clear of single-factor authentication based solely on a password or PIN.

2. Regularly update both your software and operating system

Reason: Updates fix security vulnerabilities that could be exploited by attackers, thereby enhancing the safety of your device and the entire IT MU infrastructure.
Reference: Recommendations for safely navigating the cyber world, NCISA.

We recommend:

  • Enable automatic updates for your operating system and software wherever possible.
  • Regularly check for and install available updates for systems and applications where automatic updates are not supported.
  • It's advisable to restart computers running MS Windows occasionally (e.g., once a week).

We do not recommend:

  • Do not postpone installing updates, especially when they include security patches.
  • Avoid using outdated software and hardware that are no longer supported by the manufacturer, including the lack of security fixes and updates.

3. Protect your device account with authentication and an automatic screen lock

Reason: An automatic lock and strong account authentication protect your device from misuse if left unattended.
Reference: Recommendations for safely navigating the cyber world, NCISA.

We recommend:

      • Enable an automatic screen lock that activates after a short period of inactivity (we recommend 5 minutes).
      • Use a strong password or biometric authentication (such as fingerprint or facial recognition) for your device’s user account.

We do not recommend:

      • Do not leave your device unlocked when stepping away from your workstation.
      • Under no circumstances should you use an account without a password or another adequate authentication method.
      • Avoid using gesture-based unlocking for phones or tablets, as it can be easily observed and replicated.

4. Automate the backup of your data

Reason: Regular backups ensure that your data is protected against loss caused by hardware failure, ransomware attacks, or other unexpected events.
Reference: Recommendations for safely navigating the cyber world, NCISA.

We recommend:

We do not recommend:

  • Do not underestimate the importance of backups; avoid performing them manually and irregularly.
  • Do not store work data solely on local devices (such as your computer’s hard drive) without regularly backing it up to a secure location.

5. Secure your home network

Reason: A secure home network provides a safe environment for working off-campus and ensures that data transmission occurs without the risk of misuse or unauthorized access.
Reference: Recommendations for safely navigating the cyber world, NCISA.

We recommend:

  • Make sure your home network is secured with a strong password and uses up-to-date encryption standards (ideally WPA3, at minimum WPA2).
  • Regularly check that your router’s firmware is up to date and that security settings are properly configured (e.g., disable WPS, hide the ESSID).

We do not recommend:

  • Do not use default passwords or weak, easily guessable passwords.
  • Do not rely on the default router configurations.

6. Use a VPN when connected to public Wi‑Fi networks or while abroad

Reason: Public Wi‑Fi networks and foreign environments pose an increased risk of communication interception and data misuse. Using a VPN (in combination with antivirus software and a firewall) helps mitigate these risks.
Reference: Recommendations for safely navigating the cyber world, NCISA.

We recommend:

      • When connecting to public Wi‑Fi networks (whether password-protected or not), or accessing the internet abroad,especially in countries with a higher risk of cyberattacks (e.g., Russia, China, Iran, Belarus), always use eduVPN (Virtual Private Network) to encrypt and secure your data transmission.
      • Use antivirus software and ensure your firewall is activated (typically included as part of antivirus programs).

We do not recommend:

      • Do not use public Wi‑Fi networks without protective measures such as a VPN or other encryption methods, as these networks are often targeted by attackers and can be exploited to intercept your data.
      • If you are not connected via VPN, under no circumstances should you handle sensitive information on public Wi‑Fi networks.

You are running an old browser version. We recommend updating your browser to its latest version.