Do’s and Don’ts for Cybersecurity

Passwords — Do

• use hard-to-guess passwords or passphrases. A password should have a minimum of 10 characters using uppercase letters, lowercase letters, numbers and special characters. Password should be easy for you to remember but hard for attacker to guess.
• Don’t include birth date/year/month, school/parents name in password as this information can be known by your close friends/relatives. For example, you might use MrPtI017#P@n1P for your password. This covers all the points mentioned above
• use different passwords for different accounts and don’t forget to enable MFA if app/website allows. If one of the password gets hacked, your other accounts should not be compromised.

Passwords — Don’t

• share your passwords with anyone else or write them down on paper.
• save passwords in web browsers if offered to do so.
• leave sensitive information lying around in the open.

Devices — Do

• try to prevent people seeing while you enter passwords or view sensitive information.
• log-off / lock your device when leaving it unattended.

Devices — Don’t

• use personal devices to view work-related data.

Sending and sharing — Do

• be aware of who you are allowed to share information with. Check with your officer if you are not sure, who will check that third parties are GDPR-compliant
• only use encrypted removable media (such as encrypted USB pen drives) if ever taking any personal or sensitive data outside your office(which should be avoided and only done with permission).
• destroy information properly when it is no longer needed.

Sending and sharing — Don’t

• send sensitive information (even if encrypted) on removable media (USB drives, CDs, portable drives), if secure remote access is available.
• send sensitive information by email unless it is encrypted and use the systems that you are told to use.
• give away confidential information. It’s easy for an unauthorized person to call and pretend to be an employee or business partner.

Accessing / saving data — Do

• only attempt to access data you are allowed to and save it on locations approved for the data to be stored (the office must know where all data is and be able to access it)

Working on-site — Don’t

• leave sensitive information unattended; lock it away in lockable drawers or log off or lock your work station.
• let strangers or unauthorized people into staff areas.
• position screens where they can be read from outside the room.

Working off-site — Do

• only take information offsite when you are authorized to and only when it is necessary. Ensure that it is protected offsite in the ways referred to above.
• access data remotely instead of taking it off-site using approved secure systems.
• make sure you sign out completely from any services you have used.
• ensure you save to the appropriate directory to enable regular backups.

Emails — Do

• pay attention to phishing traps in email and watch for telltale signs of a scam.
• If you receive a suspicious email, the best thing to do is to delete the message,and report it to your manager and Information Security Officer.

Emails — Don’t

• open mail or attachments from an non trusted source.
• click on links from an unknown or non trusted source.Cyber attackers often use them to trick you into visiting malicious sites and downloading malware that can be used to steal data and damage networks.
• be tricked into giving away confidential information. It’s easy for an unauthorized person to call and pretend to be an employee or business partner.
• respond to phone calls or emails requesting confidential data.