2. Contents
Cyber safety tips for PC/Internet Users
Social Media Safety Tips
E-Commerce (Shopping and Banking)
Tips to keep computer's security tight
Mobile security Tips
Email Security Guidelines
Report a Cyber Crime
3. Cyber safety tips for PC/Internet Users
Keep all softwares (including Web browser) updated with automatic updates.
Download software from trusted sources only and avoid download of
unfamiliar softwares.
Avoid using services that require location information.
Use antivirus, anti-spam, and antispyware software and activate your firewall
and keep them updated.
Never remove or disable any security safeguards that are put into place on
networks and computers (such as anti-virus software).
Strong passwords should be used. It should have the following characteristics:
Should be at least 8 characters long.
Should be alphanumeric with both upper and lower cases characters (A-Z, a-z, 0-9)
Should also contain at least one Special characters (!@#$%^&*()_+|~-=;')
Should not be a word in any language, slang, dialect, jargon, etc.
Should not be based on any personal information, names etc.
Passwords should never be written anywhere or stored on-line without encryption. Try
to create passwords that can be easily remembered.
Always use different passwords for different accounts.
4. All passwords are to be treated as sensitive and should not be shared
with anyone.
No legitimate service or network administrator will ask you for your
password.
Personal information should not be shared which may allow others to
answer your security questions while using “I forgot my password”
feature.
Immediately change any passwords you might have revealed. If you use
the same password for multiple resources, change it for each account and
do not use that password in the future.
Password history should be enforced wherever possible to ensure that
the users are forced to select different passwords with a user account.
Ensure that the Web page is safe before you enter sensitive personal or
business data. A Web address with https ;͞s͟ stands for secure) and a
closed padlock( ) beside it confirms that its safe. Never give sensitive
info in response to an e-mail or instant message (IM) request.
Visit legitimate and trusted websites only while using official computers or
working with official information.
5. Maintenance or repair of PCs or other IT equipments should always be
done under supervision of a responsible official.
Remove files or data you no longer need to prevent unauthorized access
to them. Merely deleting is not sufficient, as it does not actually remove
the data from your system.
Delete windows “temp”/temporary internet files” regularly.
Remove unnecessary programs or services installed on your computer
whom you don’t use.
Frequently check unusual folder locations for document (.doc, docx, .xls,
.xlsx and .def) file extensions (in search options, select advanced search
options, make sure you checked “search system folder”,”search hidden
files and folders” and “search subfolders”)
Monitor your bank statements, balances, and credit reports.
Be extremely careful with file sharing software. File sharing opens your
computer to the risk of malicious files and attackers. Further, if you share
copyrighted files, you risk serious legal consequences.
6. Before providing personal information to anyone, verify that it is a
trusted source (for example, a bank would not ask any personal
inquiries by email, so a call to the actual bank is advised if such an
email were received).
Always be suspicious of emails or other communications from an
unknown source.
Protect yourself from e-mail scams. Look out for alarmist messages,
misspellings and grammatical errors, deals that sound too good to
be true, requests for sensitive information like account numbers,
and other signs of a scam.
Think before you open attachments or click links in e-mail or IM
even if you know the sender. Confirm that the message is real or
visit the official Web site by typing the address yourself. Be wary of
clicking links or buttons in pop-up windows.
Protect your data on the go. When you use public Wi-Fi, choose the
most secure option, even if you have to pay for it.
7. Social Media Safety Tips
When you join a new social network, you might receive an offer to enter your
e-mail address and password to find out if your contacts are on the network.
Do not allow social networking services to scan your e-mail address book for
fetching e-mail addresses of your friends, this information might be used to
send e-mail messages to everyone in your contact list or even to everyone
whom an e-mail message has been sent from your e-mail address. Social
networking sites generally inform that they are going to do this, but some does
not.
Type the address of your social networking site directly into your browser or
use your personal bookmarks. If you click a link to a site through e-mail or
another website, you might be entering your account name and password into
a fake site where your personal information could be stolen.
Always avoid a friend request received from any stranger.
Be cautious while clicking on links that you receive in messages even from
your friends/known on social website.
8. Always remember what you have posted about yourself. A common way
that hackers break into financial or other account is by clicking the “forgot
your password?” link on the account login page. To break into your
account, they search for the answers to your security questions, such as
your birthday, hometown͕, high school class, father’s middle name on your
social networking site. If the site allows, make your own password
questions and don’t draw them from material anyone could find with a
quick search.
Assume that everything you put on a social networking site is permanent.
Even if you delete your account, anyone on the Internet can easily print
photos, text or save images, screenshots or videos in his device.
Don’t trust a suspicious message. Hackers can break into accounts and
send messages that look like they are from your friends. If you suspect
that a message is fraudulent , use an alternate method to contact your
friend to find out its veracity. These messages include invitations to join
new social network.
Be selective about accepting a friend request on a social network. Identity
thieves might create fake profiles in order to get information from you.
9. Change your passwords periodically, and do not reuse old
passwords. Do not use the same password for more than one
system or service. For example, if someone obtains the password for
your email, they can access your online banking information with
the same password.
Disable Global Position System (GPS) when not in use. Many digital
cameras encode the GPS location of a photo when it is taken. If that
photo is uploaded to a site, so are the GPS coordinates, which will
let people know the exact location.
Many social networking sites allow you to download third-party
applications that let you do more with your personal page. Be
cautious while installing extras on your site. These applications
might be used by Criminals to steal your personal information.
Remember that things on the internet are rarely free. “free” screen
savers,games,softwares etc. generally contain malware.
10. E-Commerce (Shopping and Banking)
Make sure that the website is encrypted. The easiest way to check it is to look
for a padlock symbol ( ).
Beware of phishing websites. Always check the URL of the website.
Beware of malware such as key logger in public computer. They can capture
your login credentials.
Use digital certificate, if you have, for electronic transactions.
Never put your bank account details into email while communicating to the
bank about something regarding your account.
Remember to logout completely after transactions.
11. Tips to keep computer's security tight
Use secure connections.
Use desktop firewalls: Mac and Windows computers use basic desktop
firewalls. Make sure firewalls used are properly configured.
Patch updates: Turn on automatic updates & scans for Mac| Windows &
antivirus installed. (For Windows -> My Computer -> properties -> automatic
updates -> select Automatic and time)
Enable hidden file & system file view to find any unusual or hidden files. (My
computer -> tools -> folder options -> view -> select enabled with “show
hidden file and folders ”Option and disable “hide protected operating system
files”)
Turn off auto play (Click Start -> Run -> type gpedit.msc -> Computer
Configurations -> Administrative Templates -> Windows Components> Select
“auto play policies ”-> Double Click at “ Turn off Auto play" -> Select Enabled
-> Set “Turn off Auto play on:" to “All drives' and Click OK.)
Type: dir %temp% in “run” and delete all entries after opening any suspicious
attachments.
12. Type cmd in run and type netstat -na. Checkout foreign Established
connection and IP addresses. Check the IP address for its
ownership.
Type 'msconfig" in ͚run' and check for any unusual executable
running automatically.
Check Network icon (for packets received and sent) / ADSL lights for
data in non browsing mode. Check data usage pattern in Mobile. If
the outgoing is unusually high, then it is very likely that the system
is compromised.
Type "ipconfig/displaydns͟ in command prompt and look out for
any URLs which you have not accessed recently.
When in doubt, better to format the hard disk of Internet
connected computer rather than doing some “patch works”.
Protect sensitive data: Built in encryption tools of operating system
should to be used.
Password of this encryption should be safely stored as it can not be
recovered by any tool.
13. Control access to machine: Don't leave your computer unattended
in an unsecured public area, especially if you're logged on. Use
systems screen locking to protect against physical access, such as a
screen saver that won’t deactivate without a password, or just log
out of everything so anyone who wants access has to log in again.
Be extremely careful with file sharing software. File sharing opens
your computer to the risk of malicious files and attackers. Also, if
you share copyrighted files, you risk serious legal consequences.
Back up on a regular basis.
Most importantly, stay informed: Stay updated with the latest
developments & follow safe computing practices & guidelines
issued by IT Wing for Secure Computing.
14. Mobile Security Tips
• Record IMEI number: The unique 15 digit IMEI number may help in tracking your
mobile phone through service provider in case it is stolen/lost.
• Read the manufacturer’s manual carefully and follow the guidelines as specified to
setup your mobile phone.
• Use a PIN to lock SIM card: Use a PIN (Personal Identification Number) for SIM card to
prevent its misuse when stolen.
• Enable Device locking:
• Always install applications from trusted sources only and update them regularly.
• Don’t make your mobile phone as a source for your personal data.
• Update the mobile operating system regularly.
• The Wi-Fi and blue-tooth should be kept on turned-off mode if not in use.
• Never leave your mobile device unattended.
• Don’t reply or click on link on SMS or messages sent by strangers.
• Reset to factory settings: Always reset to factory settings when a phone is permanently
given to another user .
• Don’t “jail-break” or “rooted” your device as it removes the restrictions on which apps
can be installed or not installed.
• Never connect to unknown networks or un-trusted WIFI networks.
• Report lost or stolen devices immediately .
15. Email security guidelines
• Password must be Strong & needs to be changed at least every three months.
• Always use SELO/NIC mail to share official mails/documents.
• Sensitive information/confidential material should NOT be sent through the electronic
mail system unless it is encrypted.
• Be careful and selective before providing your email address to an unknown website.
• If you receive an email that appears to be suspicious, do not reply or click on the link
that it provides. Simply delete it.
• Auto save of password should not be enabled.
• Open email attachments only if you know the sender. Best practice is to scan
attachments with your anti-virus software prior to opening.
• Never open email attachments that have file extension of “.exe”,”.pif”, or “.vbs”.These
are executable files which are dangerous for the system.
• Most computer files have file name extension such as “.doc” for documents or “.jpg” for
images. Any file that has double extension, like “heythere.doc.pif” is most likely to be a
dangerous file and should never be opened.
• Do not keep mails in inbox, sent box, draft, etc. which are no longer required.
• Logout properly from mail accounts after use.
16. How to check fake email
Open an email
Click on more at right corner of the mail
Click on show original
Check “SPF” and “DMARC” should be PASS
like
SPF: PASS with IP 1.23.164.248
17. Report a Cyber Crime
• Step 1: Visit the website of cyber cell https://cybercrime.gov.in/
• Step 2: For Women and Child Related Crimes Click on WOMEN/ CHILD
RELATED CRIME.
• Step 3: Chose REPORT ANONYMOUSLY or REPORT AND TRACK Option.
• Step 4: Click on File Complaint Option
• Step 5: Click on Accept after reading the information
• Step 6: Fill the information asked in the Menu
• Step 7: Click on SAVE & NEXT Option
• Step 8: Enter Suspect Details
• Step 9 : Click on Preview & Submit Button
• Step 10: Click on Submit Button