The objective of the course is to build awareness and develop basic skills in cybersecurity among participants at a higher education institution. Participants will gain information on the safe use of computer hardware, systems, and other digital resources provided by the university. They will also learn methods for identifying and preventing cyber threats and responding appropriately to data and hardware security incidents.  

The training is intended for employees of higher education institutions. It is aimed at both non-technical individuals, who will be introduced to basic cybersecurity knowledge, and IT staff, who will be able to systematize their knowledge on the safe use of technology and learn the procedures for handling suspected incidents in the workplace.  

The course is delivered in an e-learning format using the Moodle platform. The training incorporates interactive methods and combines theoretical knowledge with practical examples, often set in the context of university work. Additionally, after each module, participants can test their knowledge through quizzes and tests that provide feedback explaining the answers.  

Course Objectives

The course aims to provide participants with:

·       Foundational Knowledge: Understanding cybersecurity fundamentals to protect personal and institutional data effectively.

·       Practical Skills: Implementing best practices in areas such as password management, multi-factor authentication, device security, and secure communication.

·       Awareness Building: Recognizing phishing attacks, handling data responsibly, and understanding the importance of encryption.

·       Incident Response: Learning how to identify and report security incidents within Masaryk University.

·       Ensure compliance with the minimum legal requirements for cybersecurity training as part of the implementation of the university’s Information Security Management System (ISMS). This training equips employees with the foundational knowledge and skills necessary to meet mandated standards, safeguard institutional data, and maintain a secure digital environment in alignment with the ISMS framework and applicable laws and regulations.

Course Program 

1.     Strengthening Password Security for MU Systems:

o   Understand the distinction between primary and secondary passwords at MU:

§  Primary Passwords: Used for critical services like IS MU, INET, and M365 (Microsoft tools).

§  Secondary Passwords: Used for less critical systems like Eduroam and faculty-specific tools.

o   Learn how to create strong passphrases and use password managers, such as Bitwarden, which is recommended for cross-platform users.

2.     Implementing Multi-Factor Authentication (MFA):

o   Educate on MFA's importance in enhancing account security.

o   Specific focus on enabling MFA for university systems, such as IS MU, INET MU, and Microsoft M365, with a preference for security keys for enhanced phishing resistance.

3.     Enhancing Device Security:

o   Learn best practices for securing personal and work devices.

o   Encourage enabling disk encryption using BitLocker (Windows) or FileVault (macOS), especially for devices accessing sensitive MU data.

o   Recommendations include keeping devices locked and updated to prevent unauthorized access, especially in MU workspaces where incidents of theft have occurred.

4.     Ensuring Proper Data Handling:

o   Guidelines on using university-approved storage solutions, such as OneDrive and SharePoint, for work-related files.

o   Encourage adherence to the 3-2-1 backup rule for critical MU research or work data.

5.     Maintaining Secure Communication within MU:

o   Use university email accounts (UČO@mail.muni.cz and UČO@muni.cz) exclusively for work-related correspondence.

o   Promote the use of encrypted communication tools like MS Teams, Zoom, or Google Meet, provided under the university's licenses.

o   Educate on using personal certificates for signing and encrypting emails, enhancing authenticity and privacy.

6.     Recognizing and Preventing Phishing Attacks:

o   Train participants to identify phishing attempts specific to MU systems, including examples like fake emails mimicking the university's branding.

o   Emphasize vigilance in distinguishing genuine MU domains (e.g., muni.cz) from typosquatting variants.

7.     Incident Reporting within MU:

o   Teach participants to report phishing or security incidents to the university's CSIRT-MU team via email (csirt@muni.cz) or through designated tools like the Outlook "Report Message" button.

o   Highlight the importance of detailed reporting, including full names, UČO (MU identification number), and evidence such as screenshots or forwarded fraudulent emails.

Key University-Specific Emphasis

• The course is tailored for Masaryk University staff and students, addressing their unique systems, such as IS MU, INET, and M365.
• Special focus on secure practices within the university environment, such as using MU-approved storage solutions and communication tools.
• MU's CSIRT-MU team provides a dedicated security support framework for resolving incidents and ensuring a safe digital ecosystem.

This approach ensures participants not only gain general cybersecurity skills but also understand how to apply them effectively within MU’s specific digital and operational context.

Course Completion 

To complete the course, employees must successfully go through the online self-paced training, which includes a detailed presentation on key cybersecurity concepts and practices. After finishing the training, participants are required to pass a test evaluating the skills and knowledge acquired. Additionally, the course offers a voluntary activity featuring 19 practical recommendations and measures that employees are encouraged to implement to enhance their cybersecurity practices further. However, only completing the training and passing the test are mandatory for course completion.