Individual Level

Cyber security concerns everybody, every one of us is exposed to cyber security risks when we go online. Here are some tips for cyber security at the individual level:

1. Email and Password Security
   • Safeguard personal data and email accounts to prevent from being stolen by culprits and cause losses;
   • Set proper passwords and change them regularly;
   • Do not use computers prone to attack by hackers to log in email account, e-banking or carry out other operations involving sensitive data.
2. Computer System Security
   • Avoid browsing suspicious websites;
   • Do not download software of suspicious origin or nature;
   • Keep the personal information safe. Encrypt the file to lessen the risk of leakage if the information has to be saved in file format;
   • Use genuine software;
   • Update software with patches provided by software developers;
   • Install and turn on firewall and intrusion detection system;
   • Update virus and spyware definition files;
   • Use anti-virus software to scan computers regularly.
3. Tips for Using Public Wireless Services
   • Do not leave your wireless device unattended;
   • Disable wireless connection when it is not in use;
   • Remove your preferred network list when using public wireless services;
   • Do not send sensitive / personal information when using public wireless networks;
   • Keep your wireless network interface card drivers up-to-date.

Suggested Link
InfoSec 'Protecting Your Computer'
http://www.infosec.gov.hk/
english/computer/computer.html

Small and Medium Enterprises

Small and Medium Enterprises are suggested to implement the following cyber security measures within your company: -

1. Asset Security: Devise standing procedure for the collection, handling and protection of critical data. Each priority item should be guarded, tracked and encrypted.
2. Information Systems and Related Architecture Security: Conduct regular scans for system vulnerabilities and apply remedial actions as soon as practically feasible. Build information systems and related architecture that continue to deliver the required functionality in the face of threats that may be caused by malicious acts, human error, hardware failure and natural disasters.
3. Communication and Network Security - Implement security mechanisms, such as firewall, intrusion detection/prevention systems, at the network gateway for protecting the network against external attacks. The settings on each communication and network device must be subject to centralized management and enforcement.
4. Identity and Access Management – Implement meticulous systems to identify the people and manage their permissions. Conduct periodic review of staff access permissions to establish or re-establish eligibility, based on individuals' work responsibilities. For example, revoke all access and accounts of a staff that had left the organization or transferred to other unit of the organization.
5. Incident Response - Periodically review logs and audit trails on computer / network equipment for anomalies and possible attacks. Implement automated system and intelligent analytics to monitor system operations. Establish rapid response protocols and automated response capabilities to promptly deal with security incidents including suspicion of intrusion.
6. Risk Management Culture: Conduct periodic risk assessment and review to ensure cyber security risks are properly managed. Build a risk-aware culture and then spread the message throughout the entire organization.

Suggested Links: -

1. Cyber Security Information Portal '8 Security Essentials for Managing Business Operations'
   http://www.cybersecurity.hk/en/
   expert-2015-9-7-8-security-essentials
   -for-managing-business-operations.php
2. InfoSec 'Protecting Your Business'
   http://www.infosec.gov.hk/
   english/business/security.html