Measures to protect the confidentiality of communications

1. Responsibilities of Providers and Users/Subscribers

Ensuring the confidentiality of electronic communications should be the concern and responsibility of both the providers of these services and their subscribers.

Electronic communications service providers are responsible for ensuring the confidentiality of communications on the public telecommunications network (backbone and access network), as well as on the routers and servers through which the Internet and various services are accessed. The DPAA is responsible for ensuring compliance with the legislation to safeguard the confidentiality of communications and to this end has issued regulations and monitors their implementation by regular and ad hoc inspections of providers.

2. Measures to Protect the Privacy of Fixed Telephony Communications

The protection of fixed terminals (landline telephones) and the part of the network located inside the home or office is a key factor in protecting the privacy of your communications.

What you can do:

• Protect your telephone device so that it cannot be accessed by people you do not know or the place where it is located.
• If you use a wireless device, avoid using it too far away from the base of the device because there is likely to be interference from similar wireless devices in neighbouring homes.
• The internal network switches in dwellings and apartment buildings (eshalit), where the public telecommunications network terminates and interfaces with the internal network, must be secured and accessible only to persons you have authorised. Periodically check the above points for possible tampering with the help of technicians you trust.
• Check the parts of the internal wiring from the switchboard to the telephone set that are not adequately protected for possible tampering.
• If you receive a visit from a person claiming to be a telecommunications provider staff member who has been instructed to do technical work in your home or apartment building, demand to see the accreditation of the company he or she works for.

3. Measures to protect the confidentiality of communications on private telephone networks

If you have a private branch exchange (PBX) and the corresponding internal network (LAN), the following measures are recommended:

• In cooperation with your call center vendor, ensure that the security mechanisms of your PBX equipment are regularly updated to prevent tampering.
• Disable the pre-installed passwords on the remote maintenance post ports of your equipment (PABX) and periodically change the passwords you have set.
• Ensure that each internal device has its own independent password, which is different from the password of another device.
• Disable externalisation (PABX) in such a way that no connections to external networks, call forwarding, etc. are allowed, except those that have been identified as necessary for the operation of the user's services.
• Enable remote access only when necessary, otherwise it would be better to turn it off.
• Limit the IP addresses that can access the open doors of the centre to the absolutely necessary cases.
• Apply the appropriate physical security measures, especially with regard to access to the installation site of the PABX and the corresponding distributor, where your network cabling is assembled.
• Check all the sensitive parts of the installation frequently, using qualified technicians you can trust.

4. Measures to Protect the Privacy of Mobile Communications

Controlled access to the telephone set

• Apply some form of controlled access to your device, such as locking your SIM card with the 4-digit PIN code and unlocking your mobile phone screen by choosing between a simple 4-digit code, a more complex password or a pattern lock, which is drawn on the device screen to unlock it.
• Set your device to lock automatically after a few minutes.
• Choose not to display passwords when typing them from the relevant settings on your device.
• Don't leave your phone exposed and protect it from theft.
• Before sending your phone for replacement repair or recycling, make sure you delete all personal or other confidential data and remove the SIM card.

Safe use of Bluetooth

• Use Bluetooth in such a way that your device is not "visible" to others and do not allow access to untrusted devices that you do not recognise.
• You should be careful when installing programs or files downloaded via Bluetooth. If you are prompted by your device's software to install an unknown program, it is recommended that you avoid doing so.

Ability to hide your telephone number

• Mobile devices allow you to hide your phone number from the recipient of your call. However, this does not apply when sending text or multimedia messages (SMS, MMS).

Smartphone device protection

• To protect against malware installation, periodically check the installed applications, the available storage space, and your device usage (e.g. number of messages sent, duration of calls), keeping an eye out for any unusual usage. Perform a "factory reset" of the device if you have reasonable suspicion that a virus has been installed.
• Most mobile devices support special applications that can locate a lost device. You will probably need to install or activate such applications so that, in the event of theft, you can wipe the data on your device remotely.
• Encryption protects the data on the device from advanced. Some devices use encryption by default, while others need to be enabled by the user or have encryption software installed.
• E-mails (e-mail, MMS) received on mobile devices should be treated in the same way as those received on your personal computer. If a message looks suspicious or you do not know the sender, avoid opening it.
• Avoid downloading content on your device from the Internet from an unknown or untrusted source.
• Install an anti-malware (antivirus) program for smartphones on your device.
• To avoid sharing your location (location information) through applications you use (e.g. social networks, instant messaging applications), you can select on your device the option to share this information manually.
• Στην περίπτωση χρήσης υπηρεσιών εντοπισμού θέσης και πλοήγησης (GPS navigation), μπορείτε να εγκαταστήσετε τους χάρτες στη συσκευή σας, ώστε να μην απαιτείται η πρόσβαση στο διαδίκτυο για την πλοήγησή σας και έτσι να αποφύγετε την κοινοποίηση της τοποθεσίας που βρίσκεστε.
• Ensure that you regularly back up your device data, locally on your computer or to a trusted cloud storage service. It is recommended that you encrypt your backups, especially if they are transferred or stored online.

5. Measures to protect privacy when accessing the Internet

• Choose and install an antivirus program from a well-known and trusted company on your computer. Enable the automatic update feature to protect your computer from the latest instances of malware. Some things also support anti-spyware functions.
• Install a firewall on your computer. A firewall controls communication to and from your personal computer, allowing or denying certain types of traffic to prevent the spread of viruses and unwanted applications. Some versions of operating systems (e.g. Windows XP/SP2) have a built-in personal firewall.
• Perform regular updates to your web browsers (internet Explorer, Firefox, Chrome, Opera, Safari etc.). It is recommended that you enable automatic updating and update when you receive a notification.
• Use a strong password with letters, symbols and numbers, different for each application you have an account with. Avoid using passwords that are easy to remember (such as dates, familiar terms, letter sequences or first names). A suggested solution for creating a password is to choose to use a combination of lower-case letters, gram-numbers, with at least 8 digits.
• Keep your passwords secret and change them regularly (at least once every 6 months).
• Always activate the built-in protection features of browsers such as blocking pop-ups, managing "cookies", etc.
• Pay attention to signs that your computer may be infected with a virus, such as the following:
  • • Your system suddenly becomes noticeably slower to start and/or run.
    • It takes longer to open your files than usual.
    • Some files appear corrupted or do not load.
    • Messages from your antivirus program or other unusual messages appear.

6. Measures to protect privacy when accessing the Internet

• Use only programs from trusted sources. You should only use programs found on the Internet when you are sure of their source.
• Avoid viewing unknown files, messages or links. Before opening a file, activate the virus scanning filter.
• Make sure you are logged out of your account on an online service website (e.g. online banking) via the log out link provided before you leave it.
• Avoid activating password reminder/memory when using browsers, especially when accessed from shared computers.
• Confirm that you are using a secure connection when sending sensitive information over the web. This is indicated by the locked padlock icon, and the address you are connecting to should start with http:// instead of http.
• If you connect to the internet from a public network (internet-cafe, hotels, etc.), do not use or transmit your personal information. Avoid visiting sites that require you to use your personal passwords, especially if the exchange of information is not encrypted (e.g. https). It is possible that these networks are not secure and that your personal data may be intercepted.
• Make sure you take regular backups. That way, in case your system is affected by a virus, you will save your important files and be able to restore it to a previous state.
• Cloud services (e.g. Dropbox, Rapidshare, Google Drive) are mainly used to store backups and large volumes of data and offer greater flexibility in sharing information (e.g. photo albums). For Cloud services it is recommended to choose passwords with great care, use a secure connection (with an initial http:// instead of http) and encrypt data stored.
• If you use a device to access the internet that can be accessed by third parties, it is recommended that you delete your browsing history and cookies. You can also disable the storage of your browsing history through your browser settings.

7. Measures for the Protection of Privacy in Electronic Mail

• If your email account has recently been compromised or accessed by third parties, you should change your password immediately.
• Never use your account password to access other websites.
• Do not open attachments from unknown third parties or untrusted sources. When you receive an email, even from seemingly trustworthy sources (such as banks), carefully examine its origin before opening a link contained in it, as it may lead you to a website that, while appearing to be the same as the legitimate one, is fake.
• Do not send your passwords by email. Legitimate sites that offer online services will never ask you to send your passwords by email.
• Monitor the activity of your email accounts, such as logins to your account, any changes to your password or the information used to retrieve your passwords (adding an alternative email address or a phone number). If you notice any suspicious indications, you should immediately change your password
• Monitor the sending and receiving of emails. If you notice that many messages in your account cannot be found, or if you notice that unknown messages are being sent from your account, change your password immediately.
• Confirm that your mail is not forwarded to an address you have not specified. If you find unsolicited forwarding, remove it immediately.
• If possible, enable the two step verification process to access your account (e.g. by sending a one-time special to your mobile phone)
• Do not fail to log out of your account, especially if you are logged in from a shared computer (e.g. from a library or internet cafe). Keep in mind that you may still be logged in even after you have closed your browser.
• Encrypt messages or attachments containing confidential information.

8. Measures to protect privacy in wireless Internet access

• Enable encryption on your wireless router. Prefer WPA or better yet, WPA2 encryption. Use strong passwords for the encryption key, which you should change frequently. Change the network name (SSID), giving your own name, different from the one set by the manufacturer.
• Configure the wireless network to accept connections only from specific computers, tablets and mobile phones (MAC address filtering).
• Change the username and security code to manage the wireless router from the value set by the manufacturer (username & password admin). In addition, change the code you have set at regular intervals.
• Disable remote management access to your router if it is not already disabled by the manufacturer.
• Change the setting to not allow your router to be managed over a wireless connection.
• You can check your wireless router to see which devices are connected or requesting to connect to it. If you notice connections from unknown devices, change your passwords immediately.
• Turn off the wireless network when you're not using it.

9. Malicious and Harassing Calls

If you receive malicious or nuisance calls with masking, you have the right to ask your connection provider, for a specified period of time not exceeding 15 days, to remove the possibility of not listing the calling line for incoming calls and to provide you in writing with a list of the numbers that called you during this period.

In case you wish to be informed about the identity of the subscriber or user who calls you maliciously, this should be ordered by the relevant regular investigator or prosecutor with a specific order to the parties, in the context of a regular inquiry or preliminary investigation or preliminary examination following an accusation.

More information on this procedure can be found on the ADAE website, under "Legislative Framework", (http://www.adae.gr/nomothetiko-plaisio/elliniki-nomothesia/praxeis-tis-adae/).