Sync+Share Sicherheitsempfehlungen

With the points listed here we want to give you basic recommendations to make the use of the LRZ Sync+Share service as secure as possible. Furthermore we want to sensitize you especially for the topic "responsible handling of data", because besides the security of the service and the stored data itself, which the LRZ takes care of to the best of its ability, your behavior especially with regard to sharing data with other people contributes to a large extent to the overall security.

  1. Take care of what you do when using LRZ Sync+Share! Personal behavior is often more important than any technology.
  2. Never pass on passwords and access data to third parties! LRZ employees will never ask you for this information in support requests - whether by ticket system, telephone, video conference or e-mail.
  3. Do not save a password in your web browser!
  4. Please do not use the "Stay logged in" option when logging in, as this will result in an automatic login based on a generated token. Especially if you are working on publicly accessible computers.
  5. It is recommended that you always log out, close the browser window at the end of your use of the website and not use it to visit other pages on the Internet. If possible, use the "private mode" of the web browsers or delete the browsing history after the work is done. Especially if you are working on publicly accessible computers.
  6. Change your password regularly! We recommend that you change your password at least once a year. Please use only secure passwords so that nobody can abuse your account by "simply guessing" your password! After changing your password, please close the clients and apps and log in again to generate a new token.
  7. Check regularly if your invitations and links are still "up to date"! Invitations and links that are no longer needed should be removed.
  8. When inviting other users to one of your folders, restrict access permissions as much as possible (e.g. read-only access)! Please avoid "public" shares or use them only consciously and purposefully.
  9. Provide links with an expiration date and/or a maximum number of downloads and/or a password! This is especially true for the reason of the possible global discoverability of links by means of search engines.
  10. Always try to keep the amount of shared data as small as possible when you use invitations and links! Do not release more data than absolutely necessary out of convenience! If necessary, create a new top-level folder to share selected data!
  11. Before sharing data, make sure that you have entered the correct recipient! Keep in mind that accidentally sharing (sensitive) data may not be reversible once it has been downloaded by another user!
  12. Remember that people invited to your folder can both synchronize data to their own system and store it locally on their own computer, so even after the invitation is removed, they still have the locally stored data!
  13. Please note that personal data has higher security requirements! Always encrypt sensitive data! There are a number of suitable encryption tools (e.g. Cryptomator).
  14. Before using LRZ Sync+Share, please check carefully if and to what extent data may be shared according to the specifications of your institution!
  15. Do not post links in social networks, because the circle of users can expand uncontrolled and strongly! If you want to do so, please provide the link with an expiration date, a maximum download number and/or a password!
  16. Be aware of the danger of distributing malware, crypto-Trojans or malware-infected files!
  17. It is recommended to perform a decentralized virus scan on the local device using suitable anti-virus software. It is explicitly pointed out that a central virus check is not performed at the LRZ.
  18. Please note that if you register via Shibboleth, you have to close your browser completely to log out. This is especially important if other people can use the computer used for Shibboleth login.
  19. Your computer should have no known vulnerabilities. Therefore use the (automatic) update mechanism of your operating system or web browser, which closes such gaps as quickly as possible.
  20. If necessary, transfer the data that is still required to other users before you leave your institution. You will no longer be able to access the service after leaving.
  21. Please review the LRZ Sync+Share service usage guidelines and privacy policy.

General safety instructions for the service itself:

  1. The service LRZ Sync+Share obeys to the German Data Protection Act (DSGVO).
  2. The LRZ and its employees are certified according to the ISO 20.000 (IT service management) and ISO 27.001 (IT security) standards.
  3. Your data is stored exclusively on storage systems in the computer rooms of the LRZ, to which only a very limited group of persons has access. The rooms are fully air-conditioned and equipped with optimal fire protection measures.
  4. The communication between your end devices and the service infrastructure of the LRZ is encrypted.
  5. The LRZ takes reasonable precautions to ensure the security and integrity of the data.
  6. The LRZ ensures with the means at its disposal that no unauthorized access from outside to the data stored in the storage system is possible.

Have fun using LRZ Sync+Share!