Dos and Don'ts of Information Security Awareness

Computers are indispensable learning tools nowadays, and it is of utmost importance to understand how to secure the computers, the data, and other electronic devices. Below are some tips to help raising the awareness against information leakage and IT security attacks.

  1. General

    People is the weakest link in information security as in many cases the leakage can be avoided if the person involved can have better knowledge in data protection. Users are recommended to develop information security mindset, build and reinforce good practice through regular updates of information security awareness.

  2. Computer/Data Usage
    Risk DOs DON'Ts
    • Loss of data
    • Compromise security policies
    • Misuse of data
    • Be accountable for your IT assets and data
    • Adhere to Policy on Use of IT Services and Facilities
    • Use good judgement to protect your data
    • Protect your laptop during trip
    • Ensure sensitive information on the computer screen is not visible to others
    • Protect your user ID and password
    • Don’t store sensitive information in portable device without strong encryption
    • Don’t leave your computer / sensitive documents unlocked
    • Don’t discuss something sensitive in public place. People around you may be listening to your conversation
  3. Surfing Web
    Risk DOs DON'Ts
    • Virus
    • Worms
    • Trojan
    • Spyware
    • Malware
    • Validate the website you are accessing
    • Install personal Firewall
    • Be cautious if you are asked for personal information
    • Use encryption to protect sensitive data transmitted over public networks and the Internet
    • Install anti-virus, perform scheduled virus scanning and keep virus signature up-to-date
    • Apply security patching timely
    • Backup your system and data, and store it securely
    • Don't download data from doubtful sources
    • Don't visit untrustworthy sites out of curiosity, or access the URLs provided in those websites
    • Don't use illegal software and programs
    • Don't download programs without permission of the copyright owner or licensee (e.g. the use of BT software)
  4. Email
    Risk DOs DON'Ts
    • Junk mail
    • Spam mail
    • Virus
    • Do scan all email attachments for viruses before opening them
    • Use email filtering software
    • Only give your email address to people you know
    • Use PGP or digital certificate to encrypt emails which contain confidential information
    • Use digital signature to send emails for proving who you are
    • Don't open email attachments from unknown sources
    • Don't send mail bomb, forward or reply to junk email or hoax message
    • Don’t click on links embedded in spam mails
    • Don’t buy things or make charity donations in response to spam email
  5. E-Commerce
    Risk DOs DON'Ts
    • Identity theft
    • Check the terms and disclaimers of an e-shopping site before acquiring its service
    • Choose well-known or trustworthy e-shopping sites
    • Check the trustworthiness of the e-commerce website (e.g. checking the SSL certificate)
    • Use digital certificate for executive transactions over the web
    • Use strong password, and change your password on a regular basis
    • Logout immediately after you finished your e-shopping activities
    • Retain and review your transaction records
    • Use different passwords for bank accounts, university accounts and external accounts
    • Don’t make any e-shopping transactions using computers in Internet cafe
    • Don't visit untrustworthy sites out of curiosity
    • Don’t use easily-guessed password, such as HKID card number, phone number, date of birth
    • Don’t share your IDs with others
  6. Public Terminals
    Risk DOs DON'Ts
    • Account Access
    • Information Loss
    • Always reboot when starting to use the public PCs
    • Clean up cache files after use
    • Don’t leave without closing all browsers and logging out from the public PCs
    • Don't let others watch over your shoulder while logging in or doing online transactions
  7. How to Secure Your Computer
    • Patch the system regularly
    • Install security software (e.g. web filtering, anti-Virus, anti-Spam, anti-Spyware, personal firewall etc.)
    • Beware of P2P software (e.g. BT, Foxy, eMule)

Information Security Awareness Programme

In order to raise the awareness among CityU community against information leakage, the CSC has embarked on an information security awareness programme and as an initial move, an information security awareness seminar was held on 2 April 2009 and the details of the seminar can be found at http://www.cityu.edu.hk/csc/deptweb/education/isa_ref.htm.

csc@cityu.edu.hk