Always use the latest browser version, check the address, phone number and e-mail in the contact section of the pages, check the real destination of the links by passing the mouse cursor over them before accessing them, pay attention to the extensions installed in the browser, do not click on the unexpectedly opened windows and make sure that the website you are accessing is secure by checking if there is mention https at the beginning of the link. When you access a site that uses https, the site's server uses a certificate to prove to browsers the identity of the site.

Install only the necessary applications and pay attention to the permissions you give these applications, do not respond to messages that require you to communicate personal data (passwords, details about bank accounts, etc..), set a pin code or password that blocks access, installs updates related to phone security, does not allow saving passwords for banking applications or other important data, encrypts the phone memory by accessing the security settings of the mobile phone and activates the remote wipe function in case of a theft.

Avoid communicating sensitive data through e-mail, check the links in the e-mail before accessing them by passing the mouse cursor over them, copy links in the browser bar instead of clicking directly on them, use an e-mail solution that has a powerful spam filter, delete emails that seem suspicious from your inbox, carefully check the sender's e-mail address and scan attachments with an antivirus product when you download them.

Phishing is a type of cyber attack through which the attacker sends an email or text message trying to convince users to share personal data such as bank account details or passwords. If we access a simple suspicious link from an email or an SMS we can download (unintentionally) malicious programs on our devices that will allow cybercriminals to access all our data from any corner of the world.

There are certain peculiarities that differentiate fraud from real situations: grammatical mistakes or robotic formulation from messages sent by attackers; the names or suspect names of the consignees; links or documents attached in unknown format; forms that induce a state of emergency, panic or fear; urgent, suspicious, insistent requests, without much explanation; requests for disclosure of personal, financial or security / authentication data.

A spam filter determines if the messages are unsolicited content. When this mechanism identifies an e-mail as spam it will automatically move it from your inbox to the folder marked as spam or junk. Spam filters are important because they protect us against attempts at electronic deception (phishing), viruses, scams and malicious programs.

Two-step authentication is a security process that uses two steps in verifying the identity of a person trying to access a service (e-mail, bank account, social networks, etc.). This process involves the existence of at least two factors of authentication: a factor of knowledge, a factor of possession and an inherent factor. For example, when a person wants to log in to the e-mail account, the first step is to enter the name and password, then you need a code or a temporary password that can be sent by email or phone. To enable two-step authentication you can access the security and authentication section of the service used.  

A strong password should contain a minimum of 8 characters and should include letters, numbers and symbols; passwords should not contain personal data of the user (date of birth, name, age, etc.) and consecutive characters should not be used (eg 1234, qwerty, abcde). In addition, it is important to leave the accounts at the end of the day, especially if we do not use our own equipment, to change passwords regularly and to use two-step authentication, where there is this possibility. 

The National Directorate of Cyber Security (DNSC) is the institution in Romania that you can address if you are the victim of a cyber attack. The unique national emergency number dedicated to reporting cyber security incidents is 1911, callable from any network, with normal tariff, available 24/7. For more information you can access the DNSC web page: https://dnsc.ro/contact

The qualified signature can be bought from any authorized supplier at European level, regardless of which country it comes from.

In this list you will identify all european suppliers of reliable signature and you can purchase a digital signature certificate recognized in the EU from any of them, regardless of the country where the solution has registered. We recommend the following ANIS member companies: Namirial and Digidemat (Docusign supplier)

Costs vary depending on the type of qualified certificate (physical token or cloud version) and the duration of validity (1, 2 or 3 years).

Any electronic signature is valid, from simple to advanced and qualified.

However, there are certain legal provisions, such as Law 208/2021, which clearly requires that the signatures on an employment contract concluded in Romania be either both handwritten, or both electronic, signed with a qualified certificate.

According to the European regulations, which apply automatically in Romania, any state institution is obliged to accept a document signed with a qualified certificate.

However, the acceptance of documents signed with a simple or advanced digital signature is at the discretion of each institution.