Safe IT at CityU

Information Technology (IT) is an indispensable tool in research, teaching and learning, and user awareness and practicing the safe use of IT is important for protecting both work and personal data.

First, be patient and appreciate that better security usually comes with lesser user convenience.


  Use strong passwords and change passwords regularly for all your computer accounts. Never give your passwords to anyone or write down the actual passwords.

  Always access the option for changing CityU account password via the CityU Homepage -> Quick Links -> Change Password -> Password Management (the column on the left). Never click on shortcuts, i.e. URL links given in email or are remembered in someone’s computer browsers.

  If you have to write them down, develop a way to help you recall your passwords without the actual passwords being written down. Whatever you do, don't write down what they are for and keep them safe at all times.


  Protect yourself from phishing emails as they can lure your passwords and personal data.

  Do not click on URL links and do not open file attachments in suspicious emails sent from strangers, or even from people you know but with unusual content.

  Do verify the authenticity of email senders and websites that claim to be from CityU department before responding to any action as requested.

  Report suspicious email to the Computing Services Centre (CSC) at once by forwarding it with full email header to

  Use the email account provided by the University solely for business purpose.

  To assist you in verifying genuine emails sent from CityU Central IT regarding password issues with your CityU computer accounts; an option “Verify Suspicious Email” has been added to the University Portal (please access via the CityU Homepage -> Quick Links -> Portal -> Email Security Awareness).

  Encrypt the email when it contains sensitive, restricted or confidential information and attachments.

  Do not forward business related emails to your personal email accounts.

  Use a separate email account for any non-business activities.


  Perform backup regularly.

  Enable screen saver with password on your computers. Never leave your computers unattended when it is logged on.

  Must enable anti-virus on your computers and turn on auto-update and on-access-scan. Be cautious when using external USB drives or memory cards from unknown sources. Please refer to the FAQ of McAfee Endpoint Security for more information.

  Turn on automatic OS update for your computers (Windows - click How do I keep my PC up to date, macOS, etc.).

  Install only legitimate software applications and plug-ins (add-ons) and choose the automatic update option if available when installing. Keep all installed software up-to-date.

Mobile Devices:

  Back up your data frequently.

  Enable auto-lock feature with a passcode to screen lock your device when it is not in use after a certain period of time. Turn off Bluetooth, Personal Wi-Fi Hotspot after use as hackers may make use of these channels to intrude your devices.

  Enable remote wipe on mobile devices beforehand so that you can remotely erase all data in case of loss.

  Don't jailbreak your mobile devices which can open the gate for malicious attacks. Install apps from trusted sources only.

  Note the best practice for Handling Handheld Smart Devices for Service Maintenance, Recycling Use, and Disposal.

Public Computers and Wi-Fi:

  Always restart public computers before and after use. Avoid accessing sensitive information while using public computers or Wi-Fi.

  Only connect to trusted Wi-Fi networks (e.g. campus Wi-Fi, GovWi-Fi, eduroam, reputable organizations) as hackers may fool you to connect to fake Wi-Fi then capture your data.

Always observe the University policies and guidelines. If you have questions or need assistance on Safe IT, please call the CSC Help Desk at 3442-8340 or send email to the CSC at

The list above serves as a starting point of safe IT practices. Your actions are crucial to protect your data, your computers/devices and your identity. Let's practice the Dos and Don'ts of Information Security Awarewness and be a smart Internet user. To know more, follow the links below on the different aspects of safe IT.

Information Handling

Removable Devices and Storages

  • Do not connect unknown USB drives or memory cards to your computers. Always scan the USB drives or memory cards with up-to-date anti-virus, anti-spyware, anti-malware, etc. before use.
  • Avoid storing restricted or confidential information in removable devices.
  • Enable the encryption feature on removable devices.

Public and Cloud Services

  • Cloud services, e.g. iCloud, Dropbox, Google Drive, etc., provide a convenient way to share and store files, only upload business related data to the cloud service authorized and provided by the University, i.e. the Microsoft OneDrive. When using cloud services for sensitive information, often review and apply the security settings.
  • Only download mobile apps from official sources.
  • Be cautious when you are asked for sensitive information. Avoid “remember my password” option and verify the authenticity of websites when in doubt.

Social Networking

  • Regularly assess and apply security and privacy settings in your social networking sites.
  • Be aware of fraudulent advertisements for popular brands or any unsolicited links which can be phishing sites.
  • Avoid untrustworthy (often free) downloads from freeware or shareware sites.