Cyber Security Dos and Don’ts
Do’s
01. Whether Power on/BIOS Password, Windows Administrator (Main User)
password, user account, Screen saver password is enabled, Disable the
Guest account and delete the unwanted user accounts.
02. Keep the operating system Software (Window) up-to-date.
03. Enable built security features such as Microsoft defender or reputed Anti-
virus Software like Kaspersky and quick heal should be installed and it
should be regularly updated.
04. All removable media should be scanned with anti-virous Software before
use.
05. Deploy properly configured firewall.
06. Enable show hidden files and file Extension option.
07. Enable screen saver with a time out period of five minutes or less.
08. Create System restore point (it can reverse harmful changes to your
computer)
09. Keep good, hard-to-guess passwords for computer/e-mail accounts.
10. Use non-administrator account privilege for login to the computer and
avoid accessing with administrator privileges for day-to-day usage of
computers.
11. Use External hard drive to store secret and top-secret data.
12. CD’s must be used for transfer of operational data between our dedicated
standalone computers.
13. Use your web browser’s hope-up blocker.
14. Always Sing-out your e-mail account.
15. Regularly delete temp folder files. Temporary files.
16. Cookie’s folder (enable “delete browsing history on exit” option)
17. Periodically format the internet /standalone computers.
18. Periodically change passwords.
19. “HOSTS” file in the windows operating system should be checked for
any alterations. (This PC>OS(C:)>Windows
>System32>Drivers>etc>host> Open with notepad.)
20. Make sure that your web/email access is via secure (https) connections.
21. Secure all the wireless access points (wi-fi). Routers) with a strong
password.
22. The operating system of the computers used for NIC mail communication
must be upgraded to latest version of windows.
Page 1 of 3
� 23. Always review the application permissions before installing any mobile
application.
24. Restrain from running remote Desktop applications like any desk,
TeamViewers etc that can view remote access and can make your
computer system vulnerable.
25. Segregate the internet traffic from internet traffic.
26. Classified and personal data may be erased before any ICT asset such as
media, computer system and electrical office equipment etc are to be
transformed or disposed.
27. If a single lease line of appropriate bandwidth is used to facilitate internet
in the organization it is recommended that it should be managed,
monitored, controlled and secured by deploying Unified Threat
Management System (UTM).
28. The unused ports of switches shall be disabled.
29. Necessary measures to be taken for data security for e.g. installing of
NASS (Network attached Storage System).
30. Unused USB ports should be disabled.
31. Regularly monitor network rules and access privileges.
32. Delete unneeded drives and update once that are needed.
Don’ts
01. Do not use pen drives.
02. Do not interchange Stand-alone computer with Internet connected one
and vice versa.
03. Do not open e-mail from unknown source.
04. Do not download files or application from unknown source/web-sites.
05. Do not open any email attachments received from untrusted sources and
received unexpectedly from trusted sources. Even doc, pdf etc may
contain malwares. Extension pif, scr etc are also executable attachments.
06. Do not click on any link in unsolicited e-mails, pop-up ads or windows.
07. Do not open files sent via instant messengers.
08. Do not enable Auto Saved option for user ID and Password of e-mail
account.
09. Do not do any operational work on the internet connected system.
10. Do not use free internet Hot spots, free WiFi or Internet cafes. Officials
are strictly prohibited from use of any WiFi enabled device in the office
complex.
11. Do not use internet telephony services i.e skype. Googletalk. MagicJack
and Yahoo etc for official purposes.
12. Do not install third party/free software on your PC.
Page 2 of 3
�13. Do not browse Porn websites and never download files containing
pornographic materials as these are used as honey-raps to trap
unsuspecting users.
14. Avoid use of official computers for online banking, Shopping, entering
credit card details etc.
15. Do not use social networking sites like Orkut, Facebook, Myspace,
Twitter, Linkedin etc.
16. Be careful what you plug in to your computer Malware can spread
through infected USB drives, external hard drives, and even smart
phones.
17. Do not add users to the local administrator’s group unless required.
18. Do not give remote access, file and printer sharing access to untrusted
computers.
19. Be aware of the sites that offer free screensavers, anti-virus or anti-
spyware software. These may spread malicious content in your device.
20. Do not download or install pirated software, applications as it increases
vulnerability to potential cyber threats.
21. Do not allow computers to be repaired outside the office premises, in case
of emergency HDD may be remover
Page 3 of 3
