| |
Good practices help protect computers from cyber attacks
25 - 12 - 2001
Computer users are advised to adopt proper and effective computing
practices to protect their computers from cyber attacks.
"Information security is an important issue that should be proactively
tackled with, and it is also an integral part of every computer
system that requires careful consideration and planning," said
a spokesman for the Information Technology Services Department
(ITSD) today (December 25).
"Violations of information security can lead to disclosure of
personal data, forgery of personal identity, tampering of data
and abuse of resources, with effects ranging from embarrassment
to real damage or financial loss," he added.
Enterprises are strongly advised to protect their computer systems
and networks. Home users should also apply similar best practices
to protect their computers and information against damage, unauthorised
access or modification.
Some of the good computing practices that we should "do" to
protect our computers are:
- Do apply updates and patches to your computer system to fix
known security vulnerabilities. Maintain your virus scanning
software, browser, e-mail application, and operating system
up-to-date.
- Do keep your user IDs and passwords secret. Passwords should
be difficult to guess. Mixing letters and numbers of unpredictable
pattern is a good idea.
- Do change your passwords regularly, every three months or
earlier if they have been disclosed to others. Default passwords
and passwords generated by others should be changed promptly.
- Do scan your computer regularly with virus scanning software.
New software, files, or e-mails should be scanned for viruses/harmful
code before opening.
- Do consider security measures like Firewall and Intrusion
Detection System to protect your computer if it has a high-speed
connection to the Internet.
- Do apply encryption techniques to protect sensitive data transmitted
over public networks and the Internet. Use digital certificates
to sign and encrypt messages and data where appropriate.
- Do disable automatic processing of e-mail attachments in the
Internet e-mail software.
- Do turn off active content enabling options, e.g. Java, JavaScript
and ActiveX, in the e-mail application/browser, except when
communicating with a trusted source.
- Do maintain an up-to-date backup copy of your system and data
and store it securely.
There are also some practices that we should "not" do to help
keep the computers secure:
- Don't use/execute software and programs from untrustworthy
or doubtful sources.
- Don't leave your password around, in particular near the computer.
- Don't disclose personal information, such as passwords, credit
card numbers, etc to others. Look out for attempts to obtain
this information by trickery means.
- Don't give away your user name or password when completing
an on-line form. Avoid submitting any data that is irrelevant
to the purposes for which it is being collected.
- Don't open or forward e-mails or e-mail attachments from unknown
sources.
- Don't mailbomb, forward or reply to junk e-mail. This may
result in more incoming junk e-mail than before.
The Government fully recognises the importance of information
security, and takes various measures to ensure the security
of its information infrastructure.
"All government bureaux and departments have adopted appropriate
measures to protect their computer and network systems against
intrusion," said the spokesman.
"They are also provided with comprehensive guidelines on information
security formulated by ITSD.
"Besides, ITSD also closely monitors and keeps up to date with
the local and international trends of computer security attacks
and solutions available against such attacks so as to enhance
its capabilities for tackling computer intrusions," he said.
For detailed information on IT security, please visit the ITSD
web page (http://www.itsd.gov.hk/itsd/secure/esecure.htm).
A publicity leaflet containing information on effective and
proper computing practices to keep computers secure published
by the department is also available on the ITSD web site (http://www.itsd.gov.hk/itsd/about/epubdoc.htm)
for public reference and free downloading.
- ENDS -
|
|