Quick Tips

Here are the absolute super quick tips:

1. Use strong passwords that you don't save, write down or communicate.
2. Update your operating system, programs and anti-virus software regularly.
3. Do not install any programs, applications or software without permission from your IT department.
4. Do not open any links or documents that have been sent to you as an attachment in an e-mail whose sender you do not know or which you cannot classify.
5. Be careful when surfing the Internet and never click on links or banners that you do not trust 100%.
6. If possible, encrypt your data when saving and sending e-mails.
7. Avoid connecting your company end devices, such as notebooks, to unprotected public networks.
8. Never leave your end devices unattended in public places.
9. Lock your end devices when you leave your workplace.
10. Do not connect USB sticks or hard disks from third parties to your work PC. These could contain viruses or spyware.

Since usernames and passwords are the basic level of IT security, it is important to choose passwords that are difficult to guess. In the following list you will find characteristics for hard-to-guess passwords:

1. Use a combination of all 4 categories if possible: Upper and lower case letters, special characters and numbers.
2. Your password should be at least 12 characters long - the longer the password, the more difficult it is to hack.
3. A long and less complex password should have at least 25 characters.
4. Do not keep any default settings: Using the word "password" as a password is easy to guess. (Analogous to "admin" and "admin")
5. Do not use words from the dictionary, these are also easy to guess.
6. Do not write down your passwords and do not leave any notes near the device used to access the network.
7. Build mnemonic bridges, for example. First letters of a sentence: Mypasswordhasbeensecuresince2019!
8. Do not use personal details that are easy to find out, such as the name of your first child or your pet.
9. Use different passwords for private and business purposes, ideally choose a different password for each service.

You should also never share your password with third parties, including colleagues or IT administrators.
You can use password managers to manage the various passwords for all platforms.

KeePassXC, for example, is ideal for this. This program can be used to store passwords locally and generate secure passwords. You only need to remember one strong master password to access KeePassXC.

If you need to change your RPTU password, you can do this via the following page:
Password change

One of the most common ways of infiltrating computers with malware is through infected email attachments. The identifying details such as sender, subject and email text should therefore be plausible and consistent. Attachments with different file formats, which are often included, also require increased attention before double-clicking, as they may contain malware.

1. Inspect incoming emails carefully
   A simple way of checking the identity of the sender is to inspect your incoming emails very carefully. It is often possible to recognize a fraudulent email by its outward appearance.
   Read the sender's address carefully. This is because the sender's name actually displayed may conceal a completely inappropriate e-mail address, which will immediately reveal to you that this is an attempt to defraud you. Right-click on the sender's name displayed to see the email address behind it.
   
2. Check the email header
   If a close inspection according to the above-mentioned criteria shows that the sender appears to be legitimate, it may still be a scam email. To make sure that the sender really is who they claim to be, it is also a good idea to check the email header. Among other things, this contains information about the delivery route of the email. You can display the header in your e-mail program by clicking on "View" or "Options". Sometimes the header is also referred to as the source text.
   Under "Return-Path" you will find the sender of the email. If you find a cryptic e-mail address here, this is an indication of a phishing e-mail. This address is easy to manipulate and is therefore not necessarily correct. This is why a legitimate-looking address may appear here and it may still be phishing.
   You can read the correct sender in the header from the lines marked "Received From". This allows you to trace the path of the mail. The actual sender is then displayed in the last "Received From" line. However, this cannot be determined directly, but only via the specified IP address. Determining who was behind a specific IP address at a specific time is extremely time-consuming and can only be carried out by experts.
   
3. Be careful with links
   If an email contains a link, special care must always be taken. You should therefore always check that the links are correct. Here, too, you can click the right mouse button to find out whether the genuine-looking link may be hiding something completely different. Please also note that the website to which such links take you often looks deceptively genuine. This type of imitation of parts or an entire familiar website is also called "spoofing". In this way, attempts are made to "steal" your login data (so-called phishing = password fishing).
   In the meantime, secure connections, recognizable by the "https://" in the address line of the browser, are often used for such phishing websites in order to make potential victims believe they are secure. HTTPS is therefore no guarantee for the authenticity of a website.
   Always look out for the lock symbol in the status bar of all websites. It indicates that the SSL encryption method is used when transferring information. Clicking on the symbol opens a window with information about the operator of the website. The name of the website entered there must match the name in the status bar. Furthermore, the certificate must have been issued by a recognized authority. There are now a large number of private and public providers of certificates. The Federal Network Agency is the responsible authority and publishes the names of those providers that it has checked on its website. Your browser will display a warning message if a certificate has expired or has an insecure origin.
   
4. Attachments
   Special care should be taken with emails containing attachments. Pay particular attention to files with the extensions .com, .exe, .bat, .do*, .xl*, .ppt, .scr or .vbs. These often conceal Trojans. For example, the document "Bewerbung.pdf" may conceal the file "Bewerbung.pdf.exe".
   
5. Only use autoresponders in exceptional cases
   As soon as you receive an e-mail, an activated autoresponder automatically sends an e-mail with predetermined content. This process is also known as an autoreply. A typical application example is an out-of-office message [6]. Autoresponders do not differentiate between normal mail and spam. If you cannot avoid setting up an autoresponder, consider whether it is absolutely necessary to include your telephone number or address in the text of the automatically generated reply. This is because these details can also be sold and misused.

Wi-Fi
Most people are happy to have free Wi-Fi when they are out and about. In public networks, in cafés or at the airport, access is usually unencrypted. Increased caution is required here. If possible, use a secure connection, which can be recognized by the abbreviation in the address bar.

Browser
Browsers are used very frequently when surfing the internet and are therefore a popular gateway for cyber criminals. You can find out how to make your browser secure on all your devices on the help pages of your respective browser. Make sure you always keep your browser up to date.
Additional tip: Do not store any passwords in your browser.

Secure data transmission
Sensitive data should be transmitted in encrypted form when surfing. The browser uses a technology called SSL/TLS protocol for this purpose. It establishes a secure network connection between the website and your computer.

When using external workstations in particular, a large number of obligations must be observed, meaning that employers may well ban employees from working from home if safety standards are inadequate. Furthermore, the necessary equipment is often not provided, meaning that employees are embarrassed to use their own devices.

It is also important to note that working from home is of course also subject to data protection regulations. The use of private software entails considerable risks, as data may be stored locally, and should therefore be avoided. The use of portable hardware entails a high risk of loss or damage. Personal or other confidential data should therefore always be encrypted. Portable devices should always be transported in lock mode.

If home office work is not carried out exclusively without media disruption, i.e. fully electronically, suitable domestic premises and work equipment should be available for the secure storage and confidential handling of documents and data carriers with personal data.

Public network access (e.g. on the train, in a café or hotel) should only be used via mobile devices if access is via a virtual private network (VPN), which protects the connection to the company/authorities' internal network with sufficiently strong encryption.

When working on the move in public areas (e.g. on a train journey), employees should also ensure that the screen and keyboard of the mobile devices used cannot be seen by fellow travelers, passers-by or video cameras.

Like confidential business calls, personal business calls should only be made in public areas if the possibility of eavesdropping can be safely ruled out.

Here are a few signs to help you recognize whether you may have been the victim of a cyber attack:

1. The device feels hot to the touch.If you accidentally download malware, the workload of the internal device components will immediately increase to support the malware or virus that has been introduced. This can cause your device to feel hot or even overheat.
2. It's all kind of strange, much like our own bodies are affected in the case of a virus infection, a digital virus can degrade the performance of a device in every way. For example, it can cause websites to load more slowly, apps to crash or the battery to constantly run out. Overall performance remains sluggish no matter how many times you reboot or how many large files you delete.
3. Lots of random pop-ups and unknown new apps. If there is a malicious app or virus on your device, you may see an increase in pop-ups (more than usual). And if you take a closer look at your app library, you might even spot icons of apps you never downloaded.
4. Fraudulent links sent from your accounts.Malware often gains access to your contact list and then uses your phone to send messages to your friends - an effective tactic to spread like a chain letter. This can happen via email and, more commonly, through your social media accounts. If you notice anything like this, change your passwords immediately and scan all your devices for malware that may be active in the background.
5. Unexplained charges are popping up.If you notice unauthorized charges on your credit card bills or bank statements, investigate further. It could be a malicious app going on a shopping spree in your name or malware making fraudulent purchases with your personal information.

How can you remedy this? How can you protect yourself preventively?

• Install updates regularly.In addition to using comprehensive security software that blocks malware and viruses, you should also always install the latest updates for your device. These often include improvements that are provided in response to specific attacks.
• Use strong, unique passwords.Each device should be protected with a strong password and a unique username. This means that you should immediately edit the settings and encourage the whole family to change their passwords regularly.
• Get an overview of your apps.Only download apps from trusted sources and avoid third-party downloads. Also find out about the app's security precautions before installing it and read reviews. It's best to stick to apps from the official stores or from verified affiliated providers.
• Do not click on any suspicious links.Take your time and navigate the digital world carefully. Does this link look suspicious? Phishing attacks, which load malware and viruses onto devices, often find their way to victims via email, SMS or familiar social media channels.
• Increase security settings and restrict app permissions.A good way to defend against malware is to keep all accounts as private as possible and restrict app permissions. Instead of selecting the "Always active" option in an app's permissions, specify that you must give the app permission each time. If an app requests access to your contacts or connection to other apps, you should decline this. Every time you allow an app to connect to other aspects of your digital footprint, you are revealing personal data and opening the door to various new risks.
• Delete your browsing history.Takethe time to go through your saved history and remove any suspicious links you find. Delete the history using the appropriate setting in the browser.
• Remove malware. If you are unfortunate enough to find malware on a device in your household, there are several appropriate measures that can remove the malware. The increase in malware attacks is a clear signal to all families: if we want to continue to enjoy the fantastic benefits of a connected life, we need to work together at home to ensure online security and malware protection at all times.
  • Install security software to help with malware detection so that you can clean up the device and better protect yourself from malware in the future.
  • Delete any apps you haven't downloaded, as well as risky text messages and all browsing history, and clear the cache too.
  • You may also need to reset and restore your device(iOS or Android) due to the malware. However, you should inform yourself about the process beforehand and make sure you have backed up all photos and important documents.
  • After cleaning up your device, don't forget to change the passwords for all accounts.