Personal digital security and passwords

1. Digital security

The security of personal data is in the interest of both individuals and the organizations that process that data. In order to assess the risks generated by any processing, it is first necessary to identify the potential impact on the rights and freedoms of individuals. Although organizations must protect data (personal or not) for their own interests, the emphasis is on protecting the data of individuals.

Data security encompasses three main components: protecting the integrity, availability, and confidentiality of data. Organizations therefore need to assess the risks to:

• unauthorized or accidental access to data - breach of confidentiality (e.g. identity theft after disclosure of employee payslips)
• unauthorized or accidental modification of data – violation of integrity (e.g. falsely accusing a person of altering access records)
• loss of data or access to data – violation of availability (e.g. inability to detect drug interactions due to unavailability of the patient's electronic medical record).

It is also necessary to identify sources of risk (i.e. who or what could be the cause of a security incident), taking into account human internal and external sources (e.g. IT administrator, user, external attacker, competitor) and other internal or external sources (e.g. flood, hazardous substances, accidental computer virus).

The identification of risk sources enables the identification of threats (i.e. circumstances that can lead to a security incident) related to assets (e.g. hardware, software, communication channels, paper), which can be:

• used inappropriately (e.g. abuse of rights, handling error)
• modified (e.g., keylogger, malware installation)
• lost (e.g., theft of laptop, loss of USB memory)
• observed (e.g., looking at a screen on a train, device geolocation)
• damaged (e.g. vandalism, natural deterioration)
• overloaded (e.g., disk full, denial of service attack)
• unavailable (e.g., case of ransomware attack).

It is also recommended:

• determine existing or planned measures to manage each risk (e.g., access control, backups, monitoring, physical protection, encryption)
• assess the severity and likelihood of the risk, using a scale (negligible, moderate, significant, maximum)
• implement and monitor measures, if deemed appropriate
• conduct regular security audits, each of which should result in an action plan whose implementation must be monitored at the highest level of the organization.

The General Data Protection Regulation (GDPR) introduces the concept of a Data Protection Impact Assessment (DPIA), mandatory for any processing of personal data that is likely to result in a high risk to individuals. The DPIA must contain planned measures to manage the identified risks, including safeguards, security procedures and mechanisms to ensure the protection of personal data.

2. Personal digital security and tips

In the digital age, almost every aspect of our lives is connected to the internet – from communication, work and education to banking, shopping and entertainment. This is why personal digital security is becoming as important as protecting your home or property. Every user leaves traces in the digital environment, and this data can become the target of various forms of abuse, such as identity theft, fraud or malicious attacks.

Personal digital security is a set of practices and habits that help us protect our data, devices, and online identity. It is not reserved only for experts – anyone, regardless of their level of technical knowledge, can take simple steps to reduce risks and increase security. From using strong passwords and regular backups, to being careful with emails and messages, to thoughtfully sharing content on social networks – these are all elements that form the basis of responsible digital behavior.

Understanding and applying the principles of personal digital security not only protects the individual, but also contributes to the wider creation of a safer digital environment.

1. Use strong, unique passwords

Creating strong and unique passwords for each account is a fundamental step in protecting your digital identity. Avoid easy-to-remember or predictable information, and consider using a password manager to store login information securely. Instructions for creating a strong password are at the link.

2. Turn on two-factor authentication

Adding an extra layer of protection through two-factor authentication (2FA) significantly reduces the possibility of unauthorized access. Whether via SMS or an authentication app, 2FA provides an additional barrier against cyber attackers. For tips on two-factor authentication, see the link.

3. Update the software

Regular software updates are essential as they often contain patches for security vulnerabilities. Set up automatic updates for your operating system and applications to reduce the risk of exploitation by cybercriminals.

4. Watch out for phishing scams

Phishing is a common method of stealing sensitive information. Be wary of emails or messages from unknown senders, especially those asking for personal or financial information. Always verify the sender's identity before clicking on links or downloading attachments. Read how to recognize phishing scams here.

5. Secure your Wi-Fi network

Protect your home or business Wi-Fi network with a strong password and encryption. Consider hiding your network's SSID to make it less visible to potential attackers. A list of steps you should take to secure your Wi-Fi network can be found here.

6. Back up your data regularly

Backups ensure that you have a backup copy of your important data in case it is lost or stolen. Use physical storage media and cloud solutions to keep your backups up to date and available when you need them. A guide to backing up your data is available at the link.

7. Use antivirus and anti-malware software

Install reliable antivirus and anti-malware software to protect your devices from malicious attacks. Schedule regular system scans to detect and remove threats in a timely manner.

8. Practice safe browsing.

Avoid suspicious websites and be careful when downloading files. Use a secure browser and consider privacy-focused add-ons. Read a guide to safe browsing here.

9. Educating yourself and others

It is important to stay informed about the latest cyber threats and best practices. Share your knowledge with family, friends, and colleagues to foster a culture of cybersecurity awareness.

10. Monitor your digital footprint

Regularly review your online presence and check what personal information is publicly available. Adjust privacy settings on social media and other platforms to limit exposure and protect your information.

You can find more detailed information at this link.

3. Strong passwords

Why is it important to have a strong password?

Your password is the first line of defense for your personal and business data. A weak or simple password can be an open invitation to attackers who want to take control of your computer, steal your data, misuse your identity, or blackmail you. If you use your device’s default password, the same password for multiple accounts, or – worse – no password at all, the risk of an attack increases dramatically.

But what makes a strong password? Experts disagree on a single recipe – some emphasize length, others character complexity, and still others suggest easy-to-remember phrases. What there is consensus on is that a password must be long enough and difficult to guess.

When creating passwords, it is important to balance convenience and security. The stronger the password, the less comfortable it is to use, but the question arises: how important is the data you want to protect to you?

Practical tips for creating a strong password:

• Use at least 16 characters.
• Combine uppercase and lowercase letters, numbers, and symbols.
• Use a unique password for each account (separate private and business accounts).
• Avoid predictable phrases and strings like 123456789 or qwertz .
• Never share passwords with others.
• Do not send passwords via email, messages or insecure channels.
• If you write down passwords, keep them in a safe and invisible place.
• When possible, use random characters instead of real words.
• Avoid logging into public Wi-Fi networks.

4. Conclusion

Digital security in the educational environment is not only a technical issue, but also a pedagogical one. Teachers and students exchange sensitive data through digital systems every day – from personal information and grades to research materials and papers. That is why it is necessary to develop a culture of responsible use of digital tools, with each person taking an active role in protecting their own and others' data.

Effective protection is based on several key practices: the use of strong passwords, two-factor authentication, regular software updates, and careful handling of data and communication channels. Teachers have additional responsibility because they manage students' data, while students should be aware that their personal digital traces are also subject to risks.

In the European context, the General Data Protection Regulation (GDPR) clearly defines the obligations of educational institutions regarding the processing of personal data. This means that all activities, from keeping attendance records, grading and storing student work to the use of digital platforms such as the Moodle LMS – must comply with the principles of lawfulness, security and transparency.

For teachers and students, this means a double benefit in practice: compliance with the GDPR ensures greater privacy protection, but also strengthens trust in the digital educational environment. Only through shared responsibility and continuous education is it possible to create a safe digital environment that supports learning and development, while preserving the fundamental rights of all participants.

5. References

• CERT. Cybersecurity for students. https://www.cert.hr/sigurna-knjizica/
• Charoen, D. (2014). Password security. International Journal of Security (IJS), 8(1), 1-14. https://www.cscjournals.org/library/manuscriptinfo.php?mc=IJS-131
• Dalal, A. (2021). Cybersecurity and Privacy: Balancing Security and Individual Rights In the Digital Age. Journal of Basic Science and Engeneering 18(1), 205-223. https://doi.org/10.2139/ssrn.5171893.
• Li, J., Xiao, W. i Zhang, C. (2023). Data security crisis in universities: identification of key factors affecting data breach incidents. Humanities & social sciences communications, 10(1), 270. https://doi.org/10.1057/s41599-023-01757-0.
• Moustafa, A. A., Bello, A. i Maurushat, A. (2021). The Role of User Behaviour in Improving Cyber Security Management. Frontiers in Psychology 12. https://doi.org/10.3389/fpsyg.2021.561011.
• Wash, R. i Rader, E. (2021). Prioritizing security over usability: Strategies for how people choose passwords. Journal of Cybersecurity 7(1). https://doi.org/10.1093/cybsec/tyab012.