IT Security Newsletter

Why IT security?

Everyone uses them every day - whether in the office, working from home or on their smartphone while travelling: digital services and processes. In an increasingly digitalised and networked world, working without them has become unthinkable for most people. Although this development makes processes easier, it also brings with it new risks that are unfortunately all too often underestimated. Even seemingly harmless actions such as opening emails, clicking on links or using weak passwords can give attackers access to digital information and systems. This information and systems form the backbone of almost all business processes - from administration and communication to research and teaching. Even minor negligence can significantly impair or even completely prevent the operation of the university, which makes effective IT security essential.

Goals of IT security

IT security has the task of permanently ensuring the confidentiality, integrity and availability of information and IT systems. It encompasses all technical, organisational and personnel measures with the aim of protecting information and IT systems from unauthorised access, manipulation and failure. This is necessary to ensure that digital services and business processes function reliably and trustworthily.

What threats are lurking?

Cyber criminals usually pursue clear objectives: financial gain, espionage or sabotage. They steal or modify sensitive information such as research data, personal information or access data in order to use it for their own purposes, sell it or make ransom demands. Others simply want to damage the reputation of an institution or obstruct work processes, whether for political, economic or ideological reasons. What all attacks have in common is the search for weak points, usually favoured by carelessness in everyday life.

What can I do to protect myself and the University of Würzburg?

IT security is no longer an issue that exclusively concerns IT departments and experts, but rather a personal responsibility that each individual shares through prudent behaviour in everyday life.

Use strong passwords that are different for different services, check emails and links critically and carefully before opening them and always keep software and operating systems up to date. These and other measures can be found in the 11 golden rules for increasing IT security on the JMU website.

Probably the most important and most effective measure is awareness and conscious action. Many attacks do not succeed due to technical weaknesses, but through careless and uninformed use.

 

Published: 28.07.2025

Why (secure) passwords?

Despite the increasing use of additional security procedures such as multi-factor authentication (MFA) or FIDO standards, passwords are still often the first and, unfortunately, all too often the only security measure against unauthorized access to systems and data. In the same way that a physical key secures access to a room or safe, a password protects access to digital resources. Only those who have the corresponding key or know the password can access the protected content. As with keys, it is therefore extremely important that passwords do not fall into the wrong hands.

For that reason, it is essential to keep passwords safe and choose them in such a way that they cannot easily be guessed. This is because weak passwords are particularly vulnerable to the brute force method, wherein a large number of combinations are tried automatically over a short period of time in an attempt to guess the correct password. Once compromised, passwords often serve as a gateway for further cyberattacks and therefore pose a serious security threat.

What makes a password secure?

To prevent passwords from being easily cracked, they should always be chosen to be as complex as possible. For high complexity, passwords should contain a combination of different types of characters: numbers [0-9], upper- and lower-case letters [A-Z; a-z], as well as special characters [e.g., !, +, =, $, &, etc.]. Simple patterns such as names, common words, or dates should be avoided.

The length of the password is also crucial for security. Longer passwords are much harder to guess and provide significantly greater protection. Each additional character increases the time required to successfully guess the password many times over. We recommend using passwords with a minimum length of 12 characters – passwords with 16 or more characters are even more secure.

It is only by combining complexity and length that a high level of security can be achieved. A long but simple password as well as a complex but short password can be quickly determined through a brute force attack.

Furthermore, every password should be unique. Using different passwords for different services or accounts significantly reduces the potential damage if one of them were to be compromised. After all, you wouldn't use the same key for all your doors and safes. Losing that key would also have serious consequences.

Storing credentials

Remembering a secure password for each of your accounts can be challenging for most people. To still meet the requirements for secure passwords, you should therefore store your passwords in a secure place. For this purpose, we recommend using a password manager (also known as 'password safe').

A password manager is a tool that enables you to manage your credentials securely and efficiently. They are protected by strong encryption within the password manager, meaning that only those who know the master password are able to access them. This means you can use a unique, secure password for each service without having to remember them all. You only need to remember the master password for the password manager itself. Of course, the master password must meet at least the same security requirements as all your other passwords. Please note that, although some browsers offer similar features, they do not meet the security standards of a dedicated password manager.

Find out which password manager best suits your needs here.

 

Published: 04.11.2025