Working in digital environments has always been challenging from a security perspective. Starting with the COVID-19 pandemic and lockdown measures, even more citizens had to depend on digital means, for both personal and professional purposes – a context in which security has become an ever-increasing concern. The current Guideline is dedicated to both individuals (teachers, students, teleworkers, parents or everyday digital citizens) and organisations (Civil Society Organisations, Small and Medium Enterprises, freelancers) – aiming to ensure minimum safety measures for everyone, explaining the basics and providing examples that could make the digital transformation more accessible to all users.
Long passwords / 2FA
- Six or more WORDS for PC / six or more numbers for your phone
- Turn on “two-factor” or “two-step” authentication on online accounts
- Safeguard your passwords
- Don’t reuse passwords
- Use a password manager if possible.
Be aware of who has access to your data and which data you share
- Assess the tools you use.
- Check your privacy settings on your social network accounts.
- Monitor your accounts for suspicious activity.
- Read more about how to better control your data traces.
Pay attention to what you click on
- Avoid clicking on suspicious links and email attachments.
- Avoid submitting sensitive information through links sent by unknown third-party.
- If possible, manually type the website URL in your browser instead of clicking a link in order to avoid phishing.
- Only install apps from trusted sources.
Backup your data
- PC – use USB sticks, external hard disk or NAS.
- Smartphone – check settings and decide what, where and how often you save your data.
- Organisation’s website – local copy, backup policies provider and CMS.
- Find the pros and cons of each option and more.
Keep Your Device Secure & Updated
- Keep your device’s operating system updated.
- Use web browsers that receive frequent automatic security updates.
- Encrypt sensitive data.
- Don’t use the Internet on PCs without antivirus.
- Use a firewall in order to protect your PC from external attacks. Read more about what a firewall does.
- Use a VPN – Virtual Private Network. If your organisation doesn’t have one, you should read this guideline.
- Organisation’s website – local copy, backup policies for provider and CMS.
Protect sensitive data
- Be aware of sensitive data, personal information and GDPR rules.
- Keep sensitive data in a secure place.
- Use encryption when storing or transmitting sensitive data. Read more on this topic.
Know what to do if you become a cyber victim
- First thing change your password.
- Control other accounts connected with the attacked profile.
- Report to national competent authorities, for Romania CERT.RO and Romanian police.
- Alert the bank if you have issues with your credit card or you shared information about Internet banking with suspect entities.
- Report the scam/fraud directly on the platform you used to open “the offer”.
Separate your private life from your professional life
- Don’t use your social media private profile for your association/organization too.
- Don’t use your personal email address for work-related activities.
- You should not use Yahoo, Gmail or other generic email platforms. If you have the resources, invest in a personalized domain name.