GENERAL CYBERSECURITY SAFETY GUIDE

Information & Communication Technology has become an integral part of our day-to-day life. It has changed the way we connect with friends, find jobs, and find matches for marrying, run businesses, play games, and do shopping and so on. With the cheap availability of broadband and smartphones, almost everyone has access to the cyber space, connecting virtually to millions of online users across the globe. Increasing use of cyber space has also made us vulnerable to cybercrime threats. A minor lapse/negligence in managing our digital life can open the doors for cybercrimes and hence can lead to financial loss, damage to reputation, harassment etc. So, we must be vigilant and careful while connecting digitally to the outside world whether for financial transactions, social networking, playing games or searching things on the internet etc.

TIPS for Device/Computer Security

ü  Keep your antivirus and operating system updated at all times.

ü  Backup your sensitive/important data at regular intervals.

ü  Be careful while opening suspicious web links/URLs.

ü  Always scan external storage devices (e.g. USB) for viruses, while connecting to your device.

ü  To prevent unauthorized access to your device, consider activating your wireless router's MAC address filter to allow authorized devices only.

ü  Wireless router can screen the MAC addresses of all devices connected to it, and users can set their wireless network to accept connections only from devices with MAC addresses recognized by the router.

ü  Secure all your wireless access points with a strong password. Hackers usually scan for open access points and may misuse it to carry out unwanted activities. Log records may make you more vulnerable for such misuse.

ü  Merely deleting sensitive material is not sufficient, as it does not actually remove the data from your device. ‘File Shredder Software’ should be used to delete sensitive files on computers.

ü  Delete unwanted files or data from your computer device. It prevents unauthorized access to such data by others.

ü  Use ‘Non-Administrator Account’ privileges for login to the computer and avoid accessing with ‘Administrator’ privileges for day-to-day usage of computers.

ü  Make sure to install reputed mobile anti-virus protection to protect your mobile from prevalent cyber threats and also keep it updated.

ü  In case of loss or theft of your mobile device, immediately get your SIM deactivated and change passwords of all your accounts, which were configured on that mobile.

ü  Do not leave your phone unattended in public places and refrain from sharing your phone password/pattern lock with anybody.

ü  Always enable a password on the home screen to restrict unauthorized access to your mobile phone. Configure your device to automatically lock beyond a particular duration.

ü  Always lock your computer before leaving your workplace to prevent unauthorized access. A user can lock one’s computer by pressing ‘Ctrl +Alt + Del’ and choosing ‘Lock this Computer’ or “Window button+ L”.

ü  Remove unnecessary programs or services from computer which are not required for day to day operation.

For Safe Internet Browsing

ü  Beware of various fraudulent lucrative advertisements regarding discount coupons, cashback and festival coupons offering payments through UPI apps popping up while browsing.

ü  Some URL links on the internet are advertising to provide fake mobile Oximeter apps to check your oxygen level. Do not download such fake Oximeter apps on your mobile, as these apps may steal your personal or biometric data from your mobile phone.

ü  Avoid using third-party extensions, plug-ins or add-ons for your web browser as it may track your activity and steal your personal details.

ü  Always browse/visit the original website for purchasing.

ü  Always type the information in online forms and not use the auto-fill option on web-browser to fill online forms as these forms may store your personal information such as card number, CVV number, bank account number etc.

ü  Be careful about the name of a website. A malicious website may look identical to a legitimate one, but the name may use variation in spelling or a different domain (eg.,[dot]com, [dot]net etc.)

ü  In general all the government websites have [dot]gov[dot]in or [dot]nic[dot]in ending.

ü  Avoid clicking 'Keep me logged in' or 'Remember me' options on websites, especially on public computers.

ü  Beware of fraudulent charity activities or non-existent charitable organizations having names identical to government charity funds, requesting money for victims, products or research. Always check the credentials of charity organizations before donation.

ü  Never allow the browser to store your username/password, especially if you use a shared computer device. Also make it a habit of clearing history from the browser after each use session to protect your privacy.

ü  Be cautious with tiny or shortened URLs (it appears like http://tiny.cc/ba1j5y). Don’t click on it as it may take you to a malware infected website.

ü  Prior to registering on a job search portal, check the privacy policy of the website to know the type of information collected from the user and how it will be processed by the website.

ü  Many social networking sites prompt to download a third-party application that lets you access more pages. Do not download unverified third-party applications without ascertaining its safety.

ü  Beware of e-commerce websites and advertisements selling items at highly discounted prices.

For safe Internet Banking

ü  Always use virtual keyboard for accessing net banking facility and log off from banking portal/website after completion of online transaction. Also ensure deletion of browsing history from web browser (internet explorer, chrome etc.) after completion of online banking activity.

ü  Use multiple factor authentications for login into your bank accounts.

ü  Avoid writing down or storing in mobile phones the information used to access digital wallets/bank accounts.

ü  One should not use the same password for internet banking of all accounts.

ü  One should not keep the same mobile number registered for all bank accounts.

ü  Always enable getting notification of transactions from the banks via both SMS & e-mail.

ü  Login and view your bank account activity regularly to make sure that there are no unapproved transactions. Report discrepancies, if any, to your bank immediately.

ü  It is preferable to have two separate e-mail accounts, one for communicating with people and another for your financial transactions.

For E-wallet Security

ü  Enable password/PIN on your mobile phones, tablets & other devices that you use.

ü  While doing transactions using your e-wallet, you should never save the details of your debit or credit cards.

ü  Use multiple factor authentication for logging into your e-wallets.

ü  Avoid writing down information used to access the digital wallets in mobile phones.

ü  Install e-wallet accounts from sources you trust. Do not install e-wallet apps via links shared over e- mail, SMS or social media. Always verify and install authentic e-wallet apps directly from the app store (Google/ iOS store) on your smart phone. Please check if the app is having the “Play Protect” shield.

For E-mail Account Security

ü  Never keep the same password for all your e-mail accounts.

ü  Use secure network connections.

ü  Avoid the use of public Wi-Fi networks. More secure Wi-Fi connections require passwords & are easily identified as “WPA or WPA2”. Highly insecure Wi-Fi is open for anyone to connect to & may be labelled as a “WEP” (Wired Equivalent Privacy).

ü  Don't click on the links provided in suspicious e-mails even if they look genuine as this may lead you to malicious websites and this may be an attempt to defraud your hard earned money.

For Identity Proof Card’s Security

ü  Never leave the discarded photo copy of your identity proof card at shops.

ü  Never allow the shopkeeper to keep a copy of your identity proof card in their computer.

ü  Never share your identity proof cards to unknown persons on social media platforms including WhatsApp.

ü  Never share your property papers or other personal information on social media platforms.

For Password Security

ü  Keep a strong password of at least 13 characters with alphanumeric, special character, upper case & lower case combination.

ü  Keep two factor authentication for all your accounts.

ü  If you suspect that any of your account has been hacked, immediately change the password and contact the nearest Police Station.