With the summer season approaching, activity at higher education and research institutions slows down, but digital threats don't take a break. Quite the contrary: Periods of reduced vigilance, with fewer experts in the field available and systems that remain inactive or out of date can represent opportunities for cyberattacks.
Therefore, at this time of year, it becomes even more important to strengthen a culture of digital prevention and accountability throughout the academic community. Being prepared means not only protecting servers and infrastructure, but also ensuring that researchers, faculty, and students adopt best practices on their own devices and remote access.
To support this preparation, The FCT CSIRT, a digital service developed by FCCN, presents a set of practical recommendations, adapted to different profiles of the academic community, which contribute to a more peaceful and safe vacation.
For technical and support teams
For this break, these teams must ensure that:
- All systems, servers and software are functional and have the latest security updates;
- There are backups complete, stored in safe locations, and properly tested;
- Remote monitoring mechanisms are configured with automatic alerts for suspicious activities;
- There are clear and accessible emergency contacts in case an incident occurs during the holiday;
- Preventative tests were carried out, such as simulations of phishing or vulnerability audits;
- Critical procedure documentation is reviewed and accessible to those remaining in office.
For faculty, staff, and researchers
Even outside the institution, safe digital behavior among faculty and staff remains crucial. Some measures that make a difference:
- Use only legitimate versions of software, other versions may have backdoors that provide remote access to computers in exchange for improper use of the software;
- Avoid accessing or visiting unfamiliar websites. Little-known websites can often contain malicious code that should be avoided at all costs;
- Do not respond to emails from unknown senders that request inappropriate or urgent information;
- Use strong and unique passwords for each institutional service;
- Enable multi-factor authentication whenever possible;
- Back up important data, such as articles, projects, or research data;
- Avoid using unprotected public Wi-Fi networks, opting for reliable VPNs when necessary;
- Disable automatic connections (such as Bluetooth and Wi-Fi) in unknown locations;
- Check if the remote location and lock feature (“Find My Device”) is active.
For students
Even if they are not directly connected to the institution's infrastructure, students are also responsible for protecting their data and access:
- Use only legitimate versions of software and avoid unknown websites;
- Do not respond to emails from strange senders;
- Update all devices and applications;
- To create passwords strong and, ideally, enable two-step authentication;
- Perform backups important content, such as academic work and contacts;
- Confirm the legitimacy of Wi-Fi networks before connecting and avoid unsecured public charging points;
- Pay extra attention to what you share on social media – especially regarding your location or prolonged absence;
- Review the privacy settings on your digital accounts.
Cybersecurity is a collective responsibility
The digital security of the academic community depends above all on people. Preparing the infrastructure is important, but educating users about safe behavior is what truly reduces risk.
The CSIRT is available year-round to support institutions and users of the national academic and scientific network. With planning, collaboration, and a culture of active prevention, it's possible to ensure a safe summer break.
