- 2Account privilege
- 3Guest account
- 4Screen saver
- 5Anti-malware tool
- 6Personal firewall
- 7Software update
- 8Web browser
- 9Data backup
- 10Secure deletion
Use strong password for user accounts
Weak password, which is easy to guess, increases the chance of unauthorised access of computer.
- Change password regularly and use a password that is difficult to guess but easy to remember.
- Don't reuse passwords or write down your password, particularly anywhere near the computer. Please visit InfoSec website for more good practices on Handling User Account and Passwords.
Set up standard user accounts for daily use
Malware can infect a computer and operate malicious activities under the user rights of the logged-in user.
Purpose: Create standard user account for your computer and change user account’s administrator right.
- Steps on how to set up user accounts.
- Use administrator account only where necessary, such as managing other user accounts, installing or removing software or changing security settings.
- Use different passwords for different user accounts, in particular those for handling private and sensitive data.
Disable Guest account
Guest account of computer can provide information to attacker and increase security risks.
Purpose: Check whether Guest User account is disabled.
- Open the Apple menu and select System Preferences.
- Select Users & Groups under the System section.
- Verify the status of Guest User is Disabled.
- Where necessary, disable the Guest User by unlocking the pane by clicking the lock in the lower-left corner and enter the administrator username and password to uncheck options of Allow guests to log in to this computer and Allow guests to connect to shared folders.
- Assess security risks before using guest account, which allows users to log on to a network, browse the Internet, and shut down the computer.
- Establish a password for guest account before use because the guest account password is blank by default.
Enable password protected screen saver
Unattended computer is susceptible to unauthorised access to the system.
Purpose: Enable password protected screen saver.
- Steps on how to set preference of screen saver and lock screen.
- Enable password protected screen saver in all time and do not leave your computer unattended, in particular in public area.
- The default user inactivity time set for screen saver to launch is usually 15 minutes; however a shorter time period can be set for better security.
Use up-to-date anti-malware security software
Your computer is susceptible to virus, Trojan horse and other malware attacks, which may lead to data and financial loss.
Function: Detect malware attack and remove malware from infected computer.
Note: Please be aware that the exact process for applying the security features will vary between different products. It is recommended that users follow the instructions contained in the official user manual where possible.
- Enable auto-update features of the anti-malware security software to keep the software and its definition up-to-date.
- Enable real-time protection feature and perform full scan of computer in periodic basis (e.g. weekly).
- Stay alert to symptoms that might indicate a malware infection, such as battery drain, performance clogging, unusual large data usage, etc.
- Be aware that fake anti-malware software and rogue pop-up security alerts are popular ways for tricking users to download malware onto their computers.
Use personal firewall
Networked computer is more susceptible to cyber attacks because attackers can discover and scan the computer remotely, connect to it and send user data to external server.
Function: Enable firewall protection for your computer.
- Mac OS Firewall (Built-in software in Mac OS)
Purpose: Check whether Mac OS Firewall is enabled and verify the firewall rules.
- Enable your personal firewall in all time, in particular when connecting to the Internet.
- Enable built-in firewall of home router to further protect your computer and home network from cyber attacks.
Update operating system, application and browser
Computer with known security weaknesses is more susceptible to malware infection and other cyber attacks, in particular when connecting to the Internet.
Function: Detect outdated software, browsers and their plug-ins.
- Check and Secure website (Detect outdated browser and plug-in)
- Qualys Browser Check (Detect outdated browser and plug-in)
- Nessus Vulnerability Scanner (Evaluation version) (Detect outdated operating system and application)
Purpose: Obtain latest security patch update and check whether operating system and other Apple App Store products are up-to-date.
- Steps on how to update operating system and App Store applications.
- Steps on how to set your computer to check for updates automatically.
- Enable auto-update feature of software product and remember to restart your computer to finish installing the updates.
- Uninstall end-of-support software products or upgrade to another software product that has security updates and avoid performing sensitive operations, such as online banking, from computer without security updates.
Configure basic security settings for web browser
Default settings in common web browsers may allow execution of malicious code, cache of sensitive information and password without the owner's knowledge.
Purpose: Check whether the basic security settings of web browser are adopted.
- Do not visit suspicious websites or follow the links provided in those websites, as they may cause malware infection and force a browser to download files without user's knowledge.
- Logout application after use and clear browser cache, in particular after performing sensitive operation, such as online banking.
Backup data regularly
Data cannot be recovered in case of malware infection, hardware failure and device loss.
Purpose: Backup and restore files and full system.
- Steps on how to back up your computer using Time Machine.
- Backup regularly and protect your backup data securely.
- Test the restore procedures to ensure the backup data can be restored.
- Assess security risks before synchronising data to cloud services and avoid automatic backup of sensitive data to them.
- Protect your online user account with a strong password and enhanced authentication mechanism such as 2-factor authentication if available, in particular those for cloud backup. Please visit InfoSec website for more good practices on Handling User Account and Passwords.
Completely remove data before giving away or selling your computers
Data can be accessed or recovered by data recovery applications.
Purpose: Securely delete data on a hard disk or erase free disk space.
Note: Read the instructions carefully before the hard disk is being deleted securely.
- Data cannot be recovered after secure delete. If data need to be kept, perform backup before erasing the data.
- Please visit InfoSec website for more options for disposal of computer equipment containing sensitive information
- In order to protect data, enable full disk encryption (e.g. FileVault) with strong password after purchase.
Disclaimer: The health check settings here are proactive in nature and intended for improving computer security, as they may change the user experience and interfere with the functionality and utility of some applications. The exact process for applying the security features during the health check will vary between different products. It is recommended to follow the instructions contained in the user manual provided at the official website of the manufacturer where possible.
Users are also recommended to observe the Important Notices of CSIP and read the user agreements and privacy policies of the security software and tools before download and use them.