IT security recommendations


Martin Nehls

IT security officer of the UR


The term "home office" is used to refer to forms of work where members of the UR do not carry out their work tasks in the buildings of the UR. It is also often referred to as mobile working, teleworking or distributed working; one works at home, on the train, in a conference room or a library. Almost always, access to the internal IT infrastructure of the UR is provided from the home office and the internet is used for this connection.

All kinds of home office have the same, they are not in the safe environment of UR but they are in potentially unsafe environments. It is therefore particularly important to pay attention to data protection and IT security and to protect oneself from risks in the best possible way. After all, nobody wants confidential data to become public, the IT infrastructure of the UR or private end devices to be hacked or to fail for a long time. Therefore, it is recommended to pay special attention to the following things at present.

Status: 03.04.2020


Please note: This translation was made with DeepL. No guarantee can be given for the content.

Recommendations for the working environment in the home office
  1. For telephone calls or videoconferences with confidential content, select your location so that unauthorised persons cannot listen in on the conversation.
  2. Always keep your device, files and mobile data media in a safe (locked) place.
  3. If necessary, only use encrypted mobile data carriers (e.g. hard drives, USB sticks).
Recommendations for protecting your own end devices
  1. Always keep the software and hardware (e.g. operating system or office applications) of your business or private end device (notebook, PC, tablet or similar) up to date.
  2. Use an antivirus program and a firewall.
  3. Operate your terminal device only with the supplied adapters for power supply.
  4. Always comply with the license terms of the software you use.
Recommendations for working with your own end devices
  1. Set up the screen or terminal device so that only you can read the contents on the screen.
  2. While you are not using the terminal device, you can prevent unauthorized persons from illegally accessing your terminal device and thus information by blocking or logging off.
  3. Protect your device from damage, loss and theft. In particular, do not leave mobile devices unattended - even for a short time.
Recommendations for handling passwords
  1. Always use a user name and password for authentication or login to the terminal device.
  2. The login data assigned to you for the technical IT infrastructure of UR (consisting of user ID and password) is personalised to you and may not be passed on to other persons.
  3. Use different passwords and do not use private passwords in an official context.
Recommendations for handling official data and documents
  1. Save your data regularly and only on the network drives provided for this purpose (e.g. home drive). Do not save data locally or directly on your private device.
  2. Create a data backup regularly. For the home drive and network drives set up by the ITMZ, this is done automatically.
  3. Do not load business files into freely available cloud systems (such as Google Drive or Dropbox), but use the SharePoint provided by the UR or alternatively the Unibox.
Recommendations for handling e-mails
  1. Never open incoming e-mails and any file attachments or links they may contain carelessly. This minimizes the risk of infection by malicious software or the spying of login data. Antivirus programs cannot always protect against damage caused by malicious e-mails or similar. Your particular attentiveness is very important here.
  2. Use electronic certificates for secure (encrypted) e-mail transport when transmitting confidential or personal data.

Please observe the university-applicable regulations on data protection and IT security. Please report problems or incidents in connection with your work in the home office in any case and as quickly as possible to the IT manager responsible for you or alternatively to the staff unit for data protection and information security.