Embed Size (px)
Citation preview
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
KEEP YOUR PERSONAL COMPUTER SAFE
FOR WINDOWS USER
1
• Use strong password for user accounts
2• Set up standard user accounts for daily use
3• Disable Guest account
4• Enable password protected screen saver
5• Use up-to-date anti-malware security software
6• Use personal firewall
7• Update operating system, application and browser
8• Configure basic security settings for web browser
9• Backup data regularly
10
• Completely remove data before giving away or selling your computers
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
Index
1. Use strong password for user accounts ........................................ 3
2. Set up standard user accounts for daily use.................................. 4
3. Disable Guest account ................................................................... 5
4. Enable password protected screen saver ..................................... 6
5. Use up-to-date anti-malware security software ............................. 7
6. Use personal firewall ..................................................................... 9
7. Update operating system, application and browser ..................... 10
8. Configure basic security settings for web browser ...................... 12
9. Backup data regularly .................................................................. 13
10. Completely remove data before giving away or selling your
computers ........................................................................................ 14
Disclaimer ........................................................................................ 16
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
3
1
Use strong password for user accounts
RISK
Weak password, which is easy to guess, increases
the chance of unauthorised access of computer.
CHECK ITEMS
Tool(s) available
Function: Assist users to learn and practice on how to create strong passwords.
Kaspersky Secure Password Check
Intel Grade My Password
System settings
Purpose: Create / change log in password of your computer and check whether strong password policy is enforced.
Steps on how to protect your computer with a password.
Steps on how to change your Windows password.
Steps on how to change password policy settings.
MORE TIPS
Change password regularly and use a password that is difficult to guess but easy to remember.
Don't reuse passwords or write down your password, particularly anywhere near the computer. Please visit InfoSec website for more good practices on Handling User Account and Passwords.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
4
2
Set up standard user accounts for daily use
RISK
Malware can infect a computer and operate
malicious activities under the user rights of the
logged-in user.
CHECK ITEMS
System settings
Purpose: Create standard user account for your computer and
change user account's administrator right.
Steps on how to create a user account.
Steps on how to change a user's account type.
MORE TIPS
Use administrator account only where necessary, such as
managing other user accounts, installing or removing
software or changing security settings.
Use different passwords for different user accounts, in
particular those for handling private and sensitive data.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
5
3
Disable Guest account
RISK
Guest account of computer can provide information
to attacker and increase security risks.
CHECK ITEMS
System settings
Purpose: Disable guest account in computer.
Steps on how to turn the guest account on or off.
MORE TIPS
Assess security risks before using guest account, which
allows users to log on to a network, browse the Internet,
and shut down the computer.
Establish a password for guest account before use because
the guest account password is blank by default.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
6
4
Enable password protected screen saver
RISK
Unattended computer is susceptible to
unauthorised access to the system.
CHECK ITEMS
System settings
Purpose: Enable password protected screen
Steps on how to turn screen saver on or off.
Steps on how to use your Windows password for screen saver password.
MORE TIPS
Enable password protected screen saver in all time and do
not leave your computer unattended, in particular in public
area.
Default user inactivity time set for screen saver to launch is
usually 15 minutes; however a shorter time period can be
set for better security.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
7
5
Use up-to-date anti-malware security software
RISK
Your computer is susceptible to virus, Trojan horse
and other malware attacks, which may lead to data
and financial loss.
CHECK ITEMS
Tool(s) available
Function: Detect malware attack and remove malware from
infected computer.
Windows Defender (Built-in software in Windows 8)
Microsoft Security Essentials (for Windows 7 and Vista)
BitDefender QuickScan
TrendMicro HouseCall
Other anti-malware security software
System settings
Purpose: Check whether your PC is protected with up-to-date
anti-malware security software.
Steps on how to know if my computer has installed
anti-malware software.
Steps on how to keep Windows Defender definitions
up-to-date.
Steps on how to schedule when Windows Defender scans
your computer.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
8
Note: Please be aware that the exact process for applying the
security features will vary between different products. It is
recommended that users follow the instructions contained in the
official user manual where possible.
MORE TIPS
Enable auto-update features of the anti-malware security
software to keep the software and its definition up-to-date.
Enable real-time protection feature and perform full scan of
computer in periodic basis (e.g. weekly).
Stay alert to symptoms that might indicate a malware
infection, such as battery drain, performance clogging,
unusual large data usage, etc.
Be aware that fake anti-malware software and rogue
pop-up security alerts are popular ways for tricking users to
download malware onto their computers.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
9
6
Use personal firewall
RISK
Networked computer is more susceptible to cyber
attacks because attackers can discover and scan
the computer remotely, connect to it and send user
data to external server.
CHECK ITEMS
Tool(s) available
Function: Enable firewall protection for your computer.
Windows Firewall (Built-in software in Windows)
Comodo Free Firewall
ZoneAlarm Free Firewall
System settings
Purpose: Check whether Windows Firewall is enabled and verify
the firewall rules.
Steps on how to verify that Windows Firewall is on.
Steps on how to allow a program to communicate through
Windows Firewall and remove a program from the list of
allowed programs.
MORE TIPS
Enable your personal firewall in all time, in particular when
connecting to the Internet.
Enable built-in firewall of home router to further protect your
computer and home network from cyber attacks.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
10
7
Update operating system, application and browser
RISK
Computer with known security weaknesses is more
susceptible to malware infection and other cyber
attacks, in particular when connecting to the Internet.
CHECK ITEMS
Tool(s) available
Function: Detect outdated software, browsers and their plug-ins.
Check and Secure website (Detect outdated browser and
plug-in)
Qualys Browser Check (Detect outdated browser and
plug-in)
Windows Baseline Security Analyser (Detect outdated
operating system and application)
Nessus Vulnerability Scanner (Evaluation version) (Detect
outdated operating system and application)
System settings
Purpose: Obtain latest security patch update and check whether
Windows operating system and other Microsoft products of your
computer are up-to-date.
Verify whether my computer is up-to-date.
Steps on how to use Windows Update to keep your
computer current.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
11
MORE TIPS
Enable auto-update feature of software product and
remember to restart your computer to finish installing the
updates.
Uninstall end-of-support software products or upgrade to
another software product that has security updates and
avoid performing sensitive operations, such as online
banking, from computer without security updates.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
12
8
Configure basic security settings for web browser
RISK
Default settings in common web browsers may
allow execution of malicious code, cache of
sensitive information and password without the
owner's knowledge.
CHECK ITEMS
System settings
Purpose: Check whether the basic security settings of web
browser are adopted.
Steps on how to secure Internet Explorer, Mozilla Firefox
and Safari browser
Steps on how to secure Chrome browser – Phishing and
malware alerts, manage your website passwords, run or
block plug-ins, delete your cache data and disable Autofill
feature
MORE TIPS
Do not visit suspicious websites or follow the links provided
in those websites, as they may cause malware infection and
force a browser to download files without user's knowledge.
Logout application after use and clear browser cache, in
particular after performing sensitive operation, such as
online banking.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
13
9
Backup data regularly
RISK
Data cannot be recovered in case of malware
infection, hardware failure and device loss.
CHECK ITEMS
System settings
Purpose: Backup and restore files and full system.
Steps on how to back up your files.
Steps on how to restore files from a backup.
Steps on how to create a system image backup.
Steps on how to restore your computer from a system
image backup.
MORE TIPS
Backup regularly and protect your backup data securely.
Test the restore procedures to ensure the backup data can
be restored.
Assess security risks before synchronising data to cloud
services and avoid automatic backup of sensitive data to
them.
Protect your online user account with a strong password
and enhanced authentication mechanism such as 2-factor
authentication if available, in particular those for cloud
backup. Please visit InfoSec website for more good
practices on Handling User Account and Passwords.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
14
10
Completely remove data before giving away or
selling your computers
RISK
Data can be accessed or recovered by data
recovery applications.
CHECK
ITEMS
Tool(s) available
Function: Securely delete data in computers’ hard disk including
Solid-State Drive (SSD).
The following tools can securely delete data in magnetic hard
disk:
Darik’s Boot and Nuke (DBAN)
Windows Sysinternals – SDelete
Eraser
The following tools can securely delete data in SSD:
ATA Secure Erase
Secure Erase (HDDErase)
Intel SSD Pro Administrator Tool (Support Intel SSD only)
SanDisk SSD Dashboard (Support SanDisk SSD only)
Note:
Some secure deletion software in the market can securely
delete the entire hard disk or wipe free space. Read the
software license agreement and the instructions carefully.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
15
A number of vendors of SSD provide detailed steps /
specific tool for secure data erasure in their SSDs drives.
As the implementation of secure deletion between
different manufacturers, you are suggested to contact the
product vendors for the technical details of sanitisation
procedure.
MORE TIPS
Data cannot be recovered after secure delete. If data need
to be kept, perform backup before erasing the data.
Please visit InfoSec website for more options for disposal of
computer equipment containing sensitive information.
In order to protect data, enable full disk encryption (e.g.
BitLocker) with strong password after purchase.
If the edition of Microsoft Windows does not provide full disk
encryption feature, users should employ other relevant
software to encrypt sensitive data with strong password.
Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Personal Computer Safe for Windows User
16
Disclaimer
The health check settings here are proactive in nature and intended for
improving mobile device security, as they may change the user experience and
interfere with the functionality and utility of some applications. The exact
process for applying the security features during the health check will vary
between different products. It is recommended to follow the instructions
contained in the user manual provided at the official website of the
manufacturer where possible.
Users are also recommended to observe the Important Notices of Cyber
Security Information Portal and read the user agreements and privacy policies
of the security software and tools before download and use them.
