- 2Account privilege
- 3Guest account
- 4Screen saver
- 5Anti-malware tool
- 6Personal firewall
- 7Software update
- 8Web browser
- 9Data backup
- 10Secure deletion
Use strong password for user accounts
Weak password, which is easy to guess, increases the chance of unauthorised access of computer.
Function: Assist users to learn and practice on how to create strong passwords.
Purpose: Create / change log in password of your computer and check whether strong password policy is enforced.
Steps on how to protect your computer with a password.
Steps on how to change your Windows password.
Steps on how to change password policy settings.
- Change password regularly and use a password that is difficult to guess but easy to remember.
- Don't reuse passwords or write down your password, particularly anywhere near the computer. Please visit InfoSec website for more good practices on Handling User Account and Passwords.
Set up standard user accounts for daily use
Malware can infect a computer and operate malicious activities under the user rights of the logged-in user.
- Use administrator account only where necessary, such as managing other user accounts, installing or removing software or changing security settings.
- Use different passwords for different user accounts, in particular those for handling private and sensitive data.
Disable Guest account
Guest account of computer can provide information to attacker and increase security risks.
Purpose: Disable guest account in computer.
- Steps on how to turn the guest account on or off.
- Assess security risks before using guest account, which allows users to log on to a network, browse the Internet, and shut down the computer.
- Establish a password for guest account before use because the guest account password is blank by default.
Enable password protected screen saver
Unattended computer is susceptible to unauthorised access to the system.
Purpose: Enable password protected screen saver.
- Steps on how to turn screen saver on or off.
- Steps on how to use your Windows password for screen saver password.
- Enable password protected screen saver in all time and do not leave your computer unattended, in particular in public area.
- Default user inactivity time set for screen saver to launch is usually 15 minutes; however a shorter time period can be set for better security.
Use up-to-date anti-malware security software
Your computer is susceptible to virus, Trojan horse and other malware attacks, which may lead to data and financial loss.
Function: Detect malware attack and remove malware from infected computer.
- Windows Defender (Built-in software in Windows 8)
- Microsoft Security Essentials (for Windows 7 and Vista)
- BitDefender QuickScan
- TrendMicro HouseCall
- Other anti-malware security software
Purpose: Check whether your PC is protected with up-to-date anti-malware security software.
- Steps on how to know if my computer has installed anti-malware software.
- Steps on how to keep Windows Defender definitions up-to-date.
- Steps on how to schedule when Windows Defender scans your computer.
Note: Please be aware that the exact process for applying the security features will vary between different products. It is recommended that users follow the instructions contained in the official user manual where possible.
- Enable auto-update features of the anti-malware security software to keep the software and its definition up-to-date.
- Enable real-time protection feature and perform full scan of computer in periodic basis (e.g. weekly).
- Stay alert to symptoms that might indicate a malware infection, such as battery drain, performance clogging, unusual large data usage, etc.
- Be aware that fake anti-malware software and rogue pop-up security alerts are popular ways for tricking users to download malware onto their computers.
Use personal firewall
Networked computer is more susceptible to cyber attacks because attackers can discover and scan the computer remotely, connect to it and send user data to external server.
Function: Enable firewall protection for your computer.
Purpose: Check whether Windows Firewall is enabled and verify the firewall rules.
- Steps on how to verify that Windows Firewall is on.
- Steps on how to allow a program to communicate through Windows Firewall and remove a program from the list of allowed programs.
- Enable your personal firewall in all time, in particular when connecting to the Internet.
- Enable built-in firewall of home router to further protect your computer and home network from cyber attacks.
Update operating system, application and browser
Computer with known security weaknesses is more susceptible to malware infection and other cyber attacks, in particular when connecting to the Internet.
Function: Detect outdated software, browsers and their plug-ins.
- Check and Secure website (Detect outdated browser and plug-in)
- Qualys Browser Check (Detect outdated browser and plug-in)
- Windows Baseline Security Analyser (Detect outdated operating system and application)
- Nessus Vulnerability Scanner (Evaluation version) (Detect outdated operating system and application)
Purpose: Obtain latest security patch update and check whether Windows operating system and other Microsoft products of your computer are up-to-date.
- Enable auto-update feature of software product and remember to restart your computer to finish installing the updates.
- Uninstall end-of-support software products or upgrade to another software product that has security updates and avoid performing sensitive operations, such as online banking, from computer without security updates.
Configure basic security settings for web browser
Default settings in common web browsers may allow execution of malicious code, cache of sensitive information and password without the owner's knowledge.
Purpose: Check whether the basic security settings of web browser are adopted.
- Do not visit suspicious websites or follow the links provided in those websites, as they may cause malware infection and force a browser to download files without user's knowledge.
- Logout application after use and clear browser cache, in particular after performing sensitive operation, such as online banking.
Backup data regularly
Data cannot be recovered in case of malware infection, hardware failure and device loss.
- Backup regularly and protect your backup data securely.
- Test the restore procedures to ensure the backup data can be restored.
- Assess security risks before synchronising data to cloud services and avoid automatic backup of sensitive data to them.
- Protect your online user account with a strong password and enhanced authentication mechanism such as 2-factor authentication if available, in particular those for cloud backup. Please visit InfoSec website for more good practices on Handling User Account and Passwords.
Completely remove data before giving away or selling your computers
Data can be accessed or recovered by data recovery applications.
Function: Securely delete data in computers’ hard disk including Solid-State Drive (SSD).
The following tools can securely delete data in magnetic hard disk:
The following tools can securely delete data in SSD:
- ATA Secure Erase
- Secure Erase (HDDErase)
- Intel SSD Pro Administrator Tool (Support Intel SSD only)
- SanDisk SSD Dashboard (Support SanDisk SSD only)
- Some secure deletion software in the market can securely delete the entire hard disk or wipe free space. Read the software license agreement and the instructions carefully.
- A number of vendors of SSD provide detailed steps / specific tool for secure data erasure in their SSDs drives. As the implementation of secure deletion between different manufacturers, you are suggested to contact the product vendors for the technical details of sanitisation procedure.
- Data cannot be recovered after secure delete. If data need to be kept, perform backup before erasing the data.
- Please visit InfoSec website for more options for disposal of computer equipment containing sensitive information.
- In order to protect data, enable full disk encryption (e.g. BitLocker) with strong password after purchase.
- If the edition of Microsoft Windows does not provide full disk encryption feature, users should employ other relevant software to encrypt sensitive data with strong password.
Disclaimer: The health check settings here are proactive in nature and intended for improving computer security, as they may change the user experience and interfere with the functionality and utility of some applications. The exact process for applying the security features during the health check will vary between different products. It is recommended to follow the instructions contained in the user manual provided at the official website of the manufacturer where possible.
Users are also recommended to observe the Important Notices of CSIP and read the user agreements and privacy policies of the security software and tools before download and use them.