1. information security
  2. Security Advice and Best Practice
  3. advice
  4. Be a Smart Internet User

Be a Smart Internet User

Take care of your office PC and home PC

  • Use a strong password for your PC Windows log-on, e.g. over 8 characters long mixed with alphabets, numbers and special characters. [ Show me ]
  • Change your passwords regularly.
  • Perform backup regularly.
  • Enable screen saver with password on your computers. Never leave your computers unattended when it is logged on.
  • Set Windows Update to "Automatic". [ Show me  ]
  • Turn on Windows Firewall. [ Show me  ]
  • Install anti-virus and anti-spyware software and turn on automatic update. [ Show me  ]
  • Be cautious when using external USB drives or memory cards from unknown sources. Please refer to the FAQ of McAfee Endpoint Security for more information.
  • Turn on System Restore and create manual restore points regularly. [ Show me  ]

Notes on using Wireless Router at home

  • Change the default administration password.
  • Change the default SSID/ESSID name.
  • Use wired connection whenever possible.
  • Configure your router to allow only your home PCs to connect to it (by adding hardware addresses of your PCs' wireless LAN card to the exceptional/allowed list).
  • Configure the router to use WPA2 encryption with a strong password.
  • Do not send sensitive information (such as buying online, using e-banking, and etc) with wireless connection if WPA2 encryption is not enabled.

Use E-mail with care

  • Do not open file attachments in suspicious emails sent from strangers, or even from people you know but with unusual content, or with extension .bat, .chm, .cmd, .com, .exe, .hta, .ocx, .pif, .scr, .shs, .vbe, .vbs, or .wsf.
  • Do verify the authenticity of email senders and websites that claim to be from CityU department before responding to any action as requested.
  • Do not respond to spam, even to "unsubscribe". [ See example  ]
  • Do not click on the URL links embedded in an email, especially to the websites related to sensitive information, such as e-banking, eBay, PayPal, etc.
  • Do not respond to malicious emails asking for updating accounts' information, such as a password.
  • To assist you in verifying genuine emails sent from CityU Central IT regarding password issues with your CityU computer accounts; an option “Verify Suspicious Email” has been added to the University Portal (please access via the CityU Homepage -> Quick Links -> Portal -> Email Security Awareness).
  • Encrypt the email when it contains sensitive, restricted or confidential information and attachments.
  • Do not send Email that would violate the Law or with undesirable contents – infringing, harassing, irritating etc.
  • Report suspicious emails to the Computing Services Centre (CSC) at once by forwarding it with full email header to reportspam@cityu.edu.hk.
  • Protect yourself from phishing emails as they can lure your passwords and personal data.
  • Watch out for phishing emails targeted to cheat recipients through social engineering techniques.
  • Use the email account provided by the University solely for business purpose.
  • Do not forward business-related emails to your personal email accounts.
  • Use a separate email account for any non-business activities.

Use Web with care

  • Use unique user ID and password for e-banking and secure services alike, i.e. never use e-banking user ID and password for any webmail and news group account, or vice versa. [ More on password ]
  • Verify a web site by its digital certificate. [ Show me  ]
  • Be cautious when you are asked for sensitive information. Avoid “remember my password” option and verify the authenticity of websites when in doubt.
  • Enter sensitive information only on secure pages (https).[ See example  ]
  • Cloud services, e.g., iCloud, Dropbox, Google Drive, etc., provide a convenient way to share and store files, only upload business-related data to the cloud service authorised and provided by the University, i.e. the Microsoft OneDrive. When using cloud services for sensitive information, often review and apply the security settings.
  • Do not download and/or run applications from unknown source. Only download mobile apps from official sources.
  • Avoid untrustworthy (often free) downloads from freeware or shareware sites.
  • Do not respond to advertisements on websites. [ See example  ]. Be aware of fraudulent advertisements for popular brands or any unsolicited links which can be phishing sites.  
  • Turn on Pop-up Blocker and set security to Medium High in the browser settings. [ Show me  ]
  • Ensure your browser has got the latest security patch.
  • Look out for phishing web sites.[ More  ]
  • Don't provide sensitive information to unfamiliar social sites. Don't share and protect your personal information supplied in a social site.
  • Regularly assess and apply security and privacy settings in your social networking sites.

Notes on using Public PCs e.g. in cafe, airport and station

  • Always reboot/restart public computers before and after use.
  • Avoid sending sensitive information while using public computers or Wi-Fi, such as providing a credit card number to buy online, using e-banking, etc.
  • Only connect to trusted Wi-Fi networks (e.g. campus Wi-Fi, GovWi-Fi, eduroam, reputable organisations) as hackers may fool you to connect to fake Wi-Fi then capture your data.
  • Remember to log off properly if you have login webmail, portal etc.
  • Clear all browsing history (including temporary files, cookies, and web form information) before you leave. [ More ]