Due to the measures taken by the Austrian Federal Government to combat the spread of the SARS-COV 2 (Covid 19) virus, the majority of TU Wien employees have been working from home since 13 March 2020. In times of crisis rapid action and improvisation is required, which is why data protection and information security may have been pushed into the background in recent weeks, as the focus is on maintaining ongoing operations.
However, data protection and information security should not be ignored even in times of crisis, as existing security gaps are used for attacks even when we work from home. The more security gaps there are, the more possibilities potential hackers have. A widespread attack on the systems of the TU Wien is a big problem even in quiet times and should be avoided especially now, in order not to restrict the operation even more.
Therefore you will find instructions and recommendations for use here, which make working from home as safe as necessary and as practical as possible. The recommendations regarding the use of private devices for professional purposes are valid until the buildings of the TU Wien are completely accessible again.
Data access and applications
Secure access to data stored at the TU Wien can be obtained via a VPN connection. This is a secure connection from any network to a network of the TU Wien.
Details on how to apply and install VPN can be found at https://colab.tuwien.ac.at/pages/viewpage.action?pageId=9439634
If the VPN connection is activated, you have access to the drives, data and applications at the TU Wien for which you have permission.
There is no permission to access computers of institutes via remote desktop from outside the TU Wien without VPN or SSH tunnel.
If your organizational unit uses its own firewall, you need a static IP address for VPN to access the resources. You can apply for this in Online Account Management at https://www.it.tuwien.ac.at/en/rights-and-roles/online-account-management. Your local firewall admin will then open the firewall for this IP.
You can get access to your e-mails via https://upTUdate.tuwien.ac.at.
Store and share data
If you want to exchange data with colleagues from other departments, it is recommended to use the TU Wien's owncloud (TUownCloud) available at https://owncloud.tuwien.ac.at/
If it is necessary to exchange data with external people external to the TU, use the proCloud of the TU Wien. Details on applying for and using the proCloud can be found at https://www.it.tuwien.ac.at/en/services/cooperation-and-communication/collaboration/tuprocloud-sync-and-share-for-projects/
Co-editing of documents
If you want to edit documents together with colleagues, use the application TUdocs: https://www.it.tuwien.ac.at/en/services/cooperation-and-communication/data-storage/tuowncloud-sync-and-share/tudocs/
Documents in the TUownCloud or TUproCloud can be co-edited with ONLYOFFICE.
Phone and Chat
With the application Cisco Jabber, you can make phone calls via PC just like you’re on your desk phone in the office. The instructions for setting up the application can be found here: https://colab.tuwien.ac.at/display/HOT/Softphone+Cisco+Jabber
TISS can also be used to change characteristics of the TUphone profile and the TUphone password. You can find instructions for this under: https://www.it.tuwien.ac.at/fileadmin/TUit/BILDERPOOL/service/TUphone_Festnetz/Anleitungen/Endanwender.pdf (available in German only. If you need help contact email@example.com)
With TUchat you can exchange information in groups (channels) or individually via a simple, intuitively operated platform and send files, pictures or videos.
For information on accessing these applications, visit https://www.it.tuwien.ac.at/en/services/cooperation-and-communication/collaboration/tuchat/access.
Webconferencing and scheduling
The TU Wien recommends MS Teams for internal meetings and discussions.
In some meeting rooms Cisco Jabber installations can be used.
Due to its high acceptance and ease of use, the tool of choice for teaching is ZOOM.
If you are invited to a videoconference, you do not have to provide any personal data as a participant and you can anonymize your IP address by connecting via a VPN beforehand. Further precautions for data security are to be set by the organizers. The most necessary security settings are mandatorily set by the administrator of the TU Wien's ZOOM client (at the TSC), recognizable by a grayed-out button; these cannot be changed by a meeting organizer. Other settings are preset to be privacy-friendly, but these can be changed. GoToMeeting can be used as an alternative to this, but it should be noted that GoToMeeting is not barrier-free and no privacy-friendly default settings can be made by the TSC or TU.it. Both tools in the current version are not suitable for the transfer of sensitive data, for this the tool MS Teams is suitable. More information about MS Teams can be found under Microsoft Teams (Skype for Business). In general, the following applies to these applications:
If you are invited to a videoconference, you do not have to provide any personal data as a participant and you can anonymize your IP address by connecting via a VPN beforehand. Further precautions for data security are to be set by the organizers. The most necessary security settings are mandatorily set by the administrator of the TU Wien's ZOOM client (at the TSC), recognizable by a grayed-out button; these cannot be changed by a meeting organizer. Other settings are preset to be privacy-friendly, but these can be changed.
GoToMeeting can be used as an alternative to this, but it should be noted that GoToMeeting is not barrier-free and no privacy-friendly default settings can be made by the TSC or TU.it. Both tools in the current version are not suitable for the transfer of sensitive data, for this the tool MS Teams is suitable. More information about MS Teams can be found under Microsoft Teams (Skype for Business).
In general, the following applies to these applications:
Data security at home
Just as the computer at the TU Wien has to be locked when leaving the workplace, the computer in the home office has to be locked when taking a break. It is best to activate a screen saver with password. If you have to work on a private computer that is also used by other family members, it is advisable to create a password-protected company account. You can find instructions for this here: https://support.microsoft.com/en-us/help/13951/windows-create-user-account
If you work with TUownCloud or TUproCloud, you should not automatically synchronize all data on your computer, but only those you need for your daily work.
If data from TU files is stored on the local computer for editing, you should save it back to TUfiles after finishing your work and delete it on the local computer.
If possible, do not use external data carriers to store data. Should it be necessary to use such media, they must be encrypted and kept in a safe place to prevent data from being lost or accidentally deleted.
Cybercrime and social engineering
The current exceptional situation and uncertainty is being abused by criminals. In particular, an increase in phishing attacks can be observed, by means of which criminals try to access user data via fake websites, e-mails or short messages.
Expect criminals to try to pass themselves off as trustworthy sources (e.g. health authorities). Under no circumstances give out user data or passwords when you are asked to do so. Check the URL ("the web address") before entering user information on a web page, and access login pages by manual input rather than following a link from an e-mail. Do not install software on your (work) laptop without permission.
Always question instructions that ask you to perform unusual actions or install various programs. Please bear in mind that an identity can be falsified. If you receive unusual e-mails, always check the identity of the sender address and compare it with the sender address of trustworthy e-mails from your colleagues.
You should also be particularly careful if you are asked to take urgent action in an e-mail. Criminals often try to entice you to take certain actions under the pretext of special urgency ("If you do not carry out verification within the next 2 days, your account/access will be blocked").
- You receive an e-mail asking you to install home office software.
- You receive an e-mail with an urgent request to verify your e-mail account for home office use.
- You receive an e-mail asking you to enter your user data or passwords to receive up-to-date information about the corona virus (COVID-19).
- A pop-up opens. An alleged security team informs you about the latest number of infection cases and asks you to install a new "messaging software".
- You receive a phone call. The unknown person pretends to be a health authority employee and asks you to give your credit card details so that a vaccine can be sent to you.
The first point of contact for IT security issues regarding firewalls, network security for servers, application security for workstations and various threat scenarios such as spam, phishing and malware (viruses) is the IT Security Department at TU.it (htthttps://www.it.tuwien.ac.at/en/services/advisory-services-and-service-desk/advisory-services/it-security).
Do not share passwords even within your family and use passwords that are as complex as possible.
If you send password-protected TUownCloud links to share important information, send the password via SMS or at least in a separate e-mail. The same applies to password-protected meetings or other applications where access is password protected and shared with others. If you want to send sensitive data to TU Wien employees, it is best to use TUownCloud. For data exchange with external persons you can use TUproCloud.
Make sure that you use different passwords for different applications. The password for logging on to the company account or the TU laptop should be different from the password for any other private services. The same applies to the password for upTUdate e-mail access. This password should never be identical with the password for other e-mail services.
Do not store passwords in accessible text files, e.g. on the desktop or in shared file shares, nor write them on Post-its and the like. Passwords should also not be stored in web browsers, even if this seems comfortable. The best way is to use a password manager. The TU Wien provides the password manager 1password in test mode. If you have any questions, please contact firstname.lastname@example.org. The TU.it is making every effort to make the service available as soon as possible via its website.
Instructions on how to change your TUpassword can be found here: https://www.it.tuwien.ac.at/en/rights-and-roles/accounts-tuw/accounts-for-employees
These laptops are usually administratively supported devices, either by TU.it in the case of a TUclient or by the IT admin of the respective organisational unit in the case of decentrally serviced devices.
Primarily these supervisors should be contacted for questions or help, since they usually have the possibility of remote access (for example via Teamviewer) to your client and can thus provide direct support.
Security applications such as antivirus protection, firewalls, endpoint security, etc. should be kept up to date. The same applies to your operating system and the software used.
Please note that only you are allowed to work on your TU Laptop! It is not allowed to let other family members work on this computer.
Private PC or laptop
If you use a private laptop or PC, create a separate, password-protected "company account" if possible. Instructions for Windows computers can be found here: https://support.microsoft.com/en-us/help/13951/windows-create-user-account.
If it is not possible to create a separate account, please make sure that you actively log off from all services of the TU Wien after you have finished your work. If possible, save sensitive data only in folders to which only you have access. You can learn how to protect a folder on a Windows computer using a password, for example, here: https://www.heise.de/tipps-tricks/Ordner-mit-Passwort-schuetzen-unter-Windows-3703169.html. (only in German). If this is not possible, save documents that you have edited locally in the TUowncloud or in your TUfiles folder and delete all data stored locally on your computer, as soon as you have finished your work.
If you are using the Windows operating system, it must be version 8.1 or higher, as there have been no security updates for Windows 7 and 8 for over a year. You can still upgrade from Windows 7 and 8 to version 10 free of charge (https://www.microsoft.com/en-gb/software-download/windows10). Also make sure that your anti-virus software is kept up-to-date. With Windows 10 this happens automatically.
Similar to Microsoft Windows, Apple products offer onboard options for hard disk encryption. You can find more information about this here: https://support.apple.com/en-euro/HT204837.
Please make sure that the device you are using is encrypted.
If you encrypt external data carriers with the onboard programs, the data can usually not be read on other operating systems, because mostly the file system on the data carriers is used for encryption.
If you want to work across operating systems, then the program Vera-Crypt is recommended. It can be installed on Windows, MacOS and Linux and can also create readable encrypted external data media for everyone. https://www.veracrypt.fr/en/Home.html
To synchronize data over "insecure" and mostly free cloud fileshares, the program Cryptomator is recommended, which generates a virtual drive and stores the data encrypted in the background in the cloud. This program is also available for Windows, MacOS and Linux. https://cryptomator.org/
Detailed tips and instructions on how to make your private PC or laptop more secure can be found here in coLab at the following link: For users.
If possible, only download certified apps to your phone. If you have a company mobile phone, this may only be used by you. If you retrieve company e-mails via your private phone or synchronize your TU Wien address book, make sure that your phone is not used unattended by other people. Many mobile phones and tablets offer the possibility to create your own profiles (for example for children). Please check whether this is possible on your devices and set up separate accounts if your device is also used by other people. Make sure that your devices are encrypted.
For example, you can find instructions on how to encrypt Android devices here: https://www.heise.de/tipps-tricks/Android-Daten-verschluesseln-so-geht-s-4049575.html. (only in German).