Cyber HYGIENEf o r c y b e r s p a c e
Dos & Don’ts
BASIC
2
Disclaimer: This document is for guidance and awareness only. The contents of this document are not to be used in any legal
validation in investigation, etc. The purpose is to share basic information on these matters.
Published by:
Indian Cyber Crime Coordina�on Centre (I4C)
Cyber and Informa�on Security (CIS) Division
Ministry of Home Affairs
Government of India
North Block
New Delhi – 110001
Introduc�on
Indian Cyber Crime Coordina�on Centre (I4C) under Cyber &
Informa�on Security (CIS) Division of the Ministry of Home
Affairs, has prepared this manual to disseminate Cyber Hygiene
Best Prac�ces for the benefit of Industrial Bodies/General
Public/Government Officials. This should not be considered as
an exhaus�ve list of precau�ons for Cyber Hygiene but baseline
precau�ons that are to be taken.
Cyber space is a complex and dynamic environment of
interac�ons among people, so�ware and services supported by
worldwide distribu�on of Informa�on and Communica�ons
Technology (ICT) devices and networks. The exponen�al
increase in the number of internet users in India clubbed with
rapidly evolving technologies has brought in its own unique
challenges.
Disclaimer: This document is for guidance and awareness only. The contents of this document are not to be used in any legal
validation in investigation, etc. The purpose is to share basic information on these matters.
Published by:
Indian Cyber Crime Coordina�on Centre (I4C)
Cyber and Informa�on Security (CIS) Division
Ministry of Home Affairs
Government of India
North Block
New Delhi – 110001
Introduc�on
Indian Cyber Crime Coordina�on Centre (I4C) under Cyber &
Informa�on Security (CIS) Division of the Ministry of Home
Affairs, has prepared this manual to disseminate Cyber Hygiene
Best Prac�ces for the benefit of Industrial Bodies/General
Public/Government Officials. This should not be considered as
an exhaus�ve list of precau�ons for Cyber Hygiene but baseline
precau�ons that are to be taken.
Cyber space is a complex and dynamic environment of
interac�ons among people, so�ware and services supported by
worldwide distribu�on of Informa�on and Communica�ons
Technology (ICT) devices and networks. The exponen�al
increase in the number of internet users in India clubbed with
rapidly evolving technologies has brought in its own unique
challenges.
Contents
1. Computer Safety Tips----------------------------------------5
2. Password Security Management------------------------12
3. General Internet Safety Precau�ons-------------------17
4. Financial Transac�ons-Safe Prac�ces------------------20
5. Social Media Pla�orms-Safety Tips---------------------24
6. Mobile Phone Safety---------------------------------------27
7. Malware Protec�on----------------------------------------33
1.1 USB Device Security ----------------------------------10
8. E-mail Security Prac�ces----------------------------------35
3
1. Computer Safety Tips----------------------------------------5
2. Password Security Management------------------------12
3. General Internet Safety Precau�ons-------------------17
4. Financial Transac�ons-Safe Prac�ces------------------20
5. Social Media Pla�orms-Safety Tips---------------------24
6. Mobile Phone Safety---------------------------------------27
7. Malware Protec�on----------------------------------------33
1.1 USB Device Security ----------------------------------10
8. E-mail Security Prac�ces----------------------------------35
3
Adop�on of digital technology and internet have also led to increase
in cyber crime incidents. It can be controlled or minimized with care,
precau�on, awareness and with the use of appropriate tools to
secure the informa�on. The �ps and recommenda�ons provided in
this document may help the user to keep the informa�on/data &
device secure.
4
INTRODUCTION
Informa�on Technology has made a significant contribu�on and impact
on socio-economic scenarios. Rapid adop�on of digital technology has led
to employment genera�on, ease of living, ease of doing business and
access to informa�on.
in cyber crime incidents. It can be controlled or minimized with care,
precau�on, awareness and with the use of appropriate tools to
secure the informa�on. The �ps and recommenda�ons provided in
this document may help the user to keep the informa�on/data &
device secure.
4
INTRODUCTION
Informa�on Technology has made a significant contribu�on and impact
on socio-economic scenarios. Rapid adop�on of digital technology has led
to employment genera�on, ease of living, ease of doing business and
access to informa�on.
Computer safety tips
What is computer security?
Computer security threats
Computer Viruses Phishing Mail/URL
Botnet Keylogger
Computer security is the protec�on of computer systems and informa�on
from the� and unauthorized access. It is the process of preven�on and
detec�on of unauthorized use of the computer systems.
Computer Trojans
5
Computer security threats are possible dangers that can
cause impediment to the normal func�oning of the computer. Some of
the common and harmful computer threats are depicted below:-
What is computer security?
Computer security threats
Computer Viruses Phishing Mail/URL
Botnet Keylogger
Computer security is the protec�on of computer systems and informa�on
from the� and unauthorized access. It is the process of preven�on and
detec�on of unauthorized use of the computer systems.
Computer Trojans
5
Computer security threats are possible dangers that can
cause impediment to the normal func�oning of the computer. Some of
the common and harmful computer threats are depicted below:-
ERROR404RELOAD HOME
Always download applica�ons/ so�ware from
trusted sources
Regularly update Opera�ng System, Applica�ons
and An�-Virus so�ware of the system
Lock the computer screen when not in use
Computer safety
tips
Ensure backup of important data/files/
documents at regular intervals
Always keep the computer firewall “ON”
6
Dos
Always download applica�ons/ so�ware from
trusted sources
Regularly update Opera�ng System, Applica�ons
and An�-Virus so�ware of the system
Lock the computer screen when not in use
Computer safety
tips
Ensure backup of important data/files/
documents at regular intervals
Always keep the computer firewall “ON”
6
Dos
Use account with limited privileges on systems
Always insist on using genuine/ licensed
so�ware applica�ons
Scan all the files/contents downloaded from
websites, e-mails or USBs
Uninstall unnecessary programs or so�ware
Computer safety
tips
7
Dos
Always insist on using genuine/ licensed
so�ware applica�ons
Scan all the files/contents downloaded from
websites, e-mails or USBs
Uninstall unnecessary programs or so�ware
Computer safety
tips
7
Dos
Computer safety
tips
Use “Task Manager” to iden�fy any unwanted
programs running on the computer system
Access to servers should be allowed via Mul�-
Factor Authen�ca�on (MFA)
Set Opera�ng System update se�ngs to
“Auto-Download” op�on for regular updates
Disable Remote Desktop Connec�on and network
file sharing , when not in use
8
Dos
tips
Use “Task Manager” to iden�fy any unwanted
programs running on the computer system
Access to servers should be allowed via Mul�-
Factor Authen�ca�on (MFA)
Set Opera�ng System update se�ngs to
“Auto-Download” op�on for regular updates
Disable Remote Desktop Connec�on and network
file sharing , when not in use
8
Dos
Don’ts
Do not install or use pirated copies of so�ware/
applica�ons under any circumstances. These
may contain malware
Do not use guessable/weak passwords like
“password@123", etc.
Do not dispose computer or hard drive without
dele�on and wiping of data
Do not click on untrusted/unexpected Pop-Up
adver�sements/ programs
Computer safety
tips
9
Do not install or use pirated copies of so�ware/
applica�ons under any circumstances. These
may contain malware
Do not use guessable/weak passwords like
“password@123", etc.
Do not dispose computer or hard drive without
dele�on and wiping of data
Do not click on untrusted/unexpected Pop-Up
adver�sements/ programs
Computer safety
tips
9
1.1 USB device Security
Unsecured use of USB drive can lead to data the�s, data leakages and malware
infec�on. USB security can be ensured with care, awareness and by using
appropriate scanning tools to secure the informa�on.
Threats
Types of devices which support USB
Flash Drive/ Pendrive
Portable Hard Drive/ SSD
Mobile Phone
USB devices are very convenient to transfer data between different
computers. One can plug it into a USB port, transfer important data, remove
and use it appropriately as desired. However, this portability, convenience
and popularity also bring different threats to the informa�on system.
Digital Camera
Card Reader
USB Keyboard/ Mouse
10
Unsecured use of USB drive can lead to data the�s, data leakages and malware
infec�on. USB security can be ensured with care, awareness and by using
appropriate scanning tools to secure the informa�on.
Threats
Types of devices which support USB
Flash Drive/ Pendrive
Portable Hard Drive/ SSD
Mobile Phone
USB devices are very convenient to transfer data between different
computers. One can plug it into a USB port, transfer important data, remove
and use it appropriately as desired. However, this portability, convenience
and popularity also bring different threats to the informa�on system.
Digital Camera
Card Reader
USB Keyboard/ Mouse
10
USB device Security
Scan USB device with
An�virus/
Endpoint Protec�on
before its use
Autorun/ Autoplay feature
shall be disabled in all the
computers, while
using USB
11
Dos
Scan USB device with
An�virus/
Endpoint Protec�on
before its use
Autorun/ Autoplay feature
shall be disabled in all the
computers, while
using USB
11
Dos
Password Security Management
Password helps in protec�on of informa�on accessible via computers.
It allows access to informa�on only to authorised users. Strong mul�
character passwords must be enforced in all the systems.
Cyber criminals use many methods to access accounts, including
dic�onary brute-force a�ack (a�acks made to guess passwords), as well
as comparing various word combina�ons against a dic�onary file.
Cyber criminals may also use password capturing tools like “Keyloggers”
Password attack
on vic�m’s computer.
12
Password helps in protec�on of informa�on accessible via computers.
It allows access to informa�on only to authorised users. Strong mul�
character passwords must be enforced in all the systems.
Cyber criminals use many methods to access accounts, including
dic�onary brute-force a�ack (a�acks made to guess passwords), as well
as comparing various word combina�ons against a dic�onary file.
Cyber criminals may also use password capturing tools like “Keyloggers”
Password attack
on vic�m’s computer.
12
Always use different passwords for different
accounts. Ensure password is strong
Passwords must be changed at regular intervals
Immediately, change any password which might
have been shared or revealed by mistake
Strong passwords should contain combina�on of
upper case, lower case, numbers,"Special"
characters (e.g., @#$%^&*()_+|~--=\’{}[]: ";<>/,etc.)
Password security
management
13
Dos
accounts. Ensure password is strong
Passwords must be changed at regular intervals
Immediately, change any password which might
have been shared or revealed by mistake
Strong passwords should contain combina�on of
upper case, lower case, numbers,"Special"
characters (e.g., @#$%^&*()_+|~--=\’{}[]: ";<>/,etc.)
Password security
management
13
Dos
A password containshould not
Birth dates, names, ID proofs and other
personal informa�on such as addresses and
phone numbers
Commonly used words such as names of
family members, pets, friends, colleagues,
movie/novel/comics characters, etc.
The password containing less than
thirteen characters
Password should not be less than eight
characters
The password containing less than
thirteen characters
Password recovery answers should not
be guessable
14
Birth dates, names, ID proofs and other
personal informa�on such as addresses and
phone numbers
Commonly used words such as names of
family members, pets, friends, colleagues,
movie/novel/comics characters, etc.
The password containing less than
thirteen characters
Password should not be less than eight
characters
The password containing less than
thirteen characters
Password recovery answers should not
be guessable
14
Don’ts
Do not use public systems to access
banking/ sensi�ve sites
Do not share password, OTP
through e-mail, chat or any other
electronic communica�on
Do not reveal password on
ques�onnaires or security forms
Password security
management
15
Do not use public systems to access
banking/ sensi�ve sites
Do not share password, OTP
through e-mail, chat or any other
electronic communica�on
Do not reveal password on
ques�onnaires or security forms
Password security
management
15
Don’ts
Do not choose/ select “remember
my password” op�on for banking/
sensi�ve sites
Never write down your password
anywhere, especially as a ‘note s�ck’
to the computer
Don’t use your biometrics (finger
print, etc.) at untrusted terminals/
places
Password security
management
16
Do not choose/ select “remember
my password” op�on for banking/
sensi�ve sites
Never write down your password
anywhere, especially as a ‘note s�ck’
to the computer
Don’t use your biometrics (finger
print, etc.) at untrusted terminals/
places
Password security
management
16
General Internet safety Precautions
Inven�on of internet has revolu�onized the way of communica�on and
informa�on sharing. However, unsecured usage of internet may pose risks to an
organiza�on. Internet security includes browser security, website security,
network security, so�ware applica�ons, etc. Its objec�ve is to enforce
rules and measures against a�acks over the internet.
Unsafe internet prac�ces may lead to risks from phishing, online viruses,
trojans, worms, ransomware, business email compromise, financial loss, etc.
17
Inven�on of internet has revolu�onized the way of communica�on and
informa�on sharing. However, unsecured usage of internet may pose risks to an
organiza�on. Internet security includes browser security, website security,
network security, so�ware applica�ons, etc. Its objec�ve is to enforce
rules and measures against a�acks over the internet.
Unsafe internet prac�ces may lead to risks from phishing, online viruses,
trojans, worms, ransomware, business email compromise, financial loss, etc.
17
Be vigilant while
clicking/
downloading
from suspicious
links/ URLs
Make it a habit of
clearing browser
history
a�er confiden�al
ac�vi�es/
transac�ons
Cloud storage
to be used with
appropriate
security/ privacy
se�ngs
Verify the
Authen�city and
Iden�ty of social
media profiles
before ge�ng
involved in any
correspondence
Judiciously use
services that
require loca�on
informa�on. Also,
avoid pos�ng
photos with
GPS-coordinates
Be vigilant and
verify the
adver�sements/
sponsored contents
on search results
or websites
General Internet safety
Precautions
18
Dos
clicking/
downloading
from suspicious
links/ URLs
Make it a habit of
clearing browser
history
a�er confiden�al
ac�vi�es/
transac�ons
Cloud storage
to be used with
appropriate
security/ privacy
se�ngs
Verify the
Authen�city and
Iden�ty of social
media profiles
before ge�ng
involved in any
correspondence
Judiciously use
services that
require loca�on
informa�on. Also,
avoid pos�ng
photos with
GPS-coordinates
Be vigilant and
verify the
adver�sements/
sponsored contents
on search results
or websites
General Internet safety
Precautions
18
Dos
Do not use any public computer or Wi-Fi for
carrying out financial transac�ons like
online shopping, internet banking,
UPI transac�on, etc.
Don't respond to
email, instant
messages (IM),
texts, phone calls
etc., asking you for
your password.
Do not use email
address, phone
number and
details of payment
cards on untrusted
and unsecured
websites
Always verify the
source and
authen�city of content
before sharing
Do not trust and share
unverified content on
social media and
messaging apps.
19
Don’ts
General Internet Safety precautions
carrying out financial transac�ons like
online shopping, internet banking,
UPI transac�on, etc.
Don't respond to
email, instant
messages (IM),
texts, phone calls
etc., asking you for
your password.
Do not use email
address, phone
number and
details of payment
cards on untrusted
and unsecured
websites
Always verify the
source and
authen�city of content
before sharing
Do not trust and share
unverified content on
social media and
messaging apps.
19
Don’ts
General Internet Safety precautions
Financial Transaction - Safe Practices
Digital modes of payments like internet banking, UPI, cards, mobile banking
have made day-to-day payments very convenient. Any security lag in online
transac�ons may result in financial loss to an individual or an organiza�on.
20
Digital modes of payments like internet banking, UPI, cards, mobile banking
have made day-to-day payments very convenient. Any security lag in online
transac�ons may result in financial loss to an individual or an organiza�on.
20
Financial Transactions - Safe Practices
UPI Safety
Keep your UPI PIN safe
and do not share with
anyone
UPI PIN is not
needed while receiving
payments
Protect device and
payment app with strong
passcode
Verify the
name of “Payee” or QR code
before proceeding
with the payment
21
Dos
UPI Safety
Keep your UPI PIN safe
and do not share with
anyone
UPI PIN is not
needed while receiving
payments
Protect device and
payment app with strong
passcode
Verify the
name of “Payee” or QR code
before proceeding
with the payment
21
Dos
Card safety
Card Number, Expiry &
CVV number are confiden�al.
Never share with
anyone
Sharing OTP may
result in unauthorized
debits
Manage your card limit
using mobile banking
apps for addi�onal
safety
Use cards only
a�er verifying authen�city
of PoS/terminals/ATMs
and websites
OTP
Financial Transactions - Safe Practices
22
Dos
Card Number, Expiry &
CVV number are confiden�al.
Never share with
anyone
Sharing OTP may
result in unauthorized
debits
Manage your card limit
using mobile banking
apps for addi�onal
safety
Use cards only
a�er verifying authen�city
of PoS/terminals/ATMs
and websites
OTP
Financial Transactions - Safe Practices
22
Dos
Internet /
Mobile Banking
Use genuine/licensed
Opera�ng System for
internet banking
transac�ons
Verify Internet Banking
URLs received in SMS/Email
before entering your creden�als
Public computers and
insecure internet
connec�ons must be
avoided
Use a strong
internet banking password
which is different from
other accounts like
e-mail, e-commerce,
etc.
Example-h�ps://retail.onlinesbi.com
h�p://xyz.com/SBIBank
Financial Transactions - Safe Practices
23
Dos
Mobile Banking
Use genuine/licensed
Opera�ng System for
internet banking
transac�ons
Verify Internet Banking
URLs received in SMS/Email
before entering your creden�als
Public computers and
insecure internet
connec�ons must be
avoided
Use a strong
internet banking password
which is different from
other accounts like
e-mail, e-commerce,
etc.
Example-h�ps://retail.onlinesbi.com
h�p://xyz.com/SBIBank
Financial Transactions - Safe Practices
23
Dos
Social Media Platforms - safety tips
24
24
Privacy se�ngs must be
carefully chosen
before sharing any
content over
internet Be vigilant before
revealing your loca�on
informa�on over
the internet
Friend requests
must be accepted
a�er verifica�on with
proper cau�on Content posted on
social media must be
verified for authen�city
before forwarding /
sharing
Social Media Platforms - safety tips
25
Dos
carefully chosen
before sharing any
content over
internet Be vigilant before
revealing your loca�on
informa�on over
the internet
Friend requests
must be accepted
a�er verifica�on with
proper cau�on Content posted on
social media must be
verified for authen�city
before forwarding /
sharing
Social Media Platforms - safety tips
25
Dos
Do not use social
media account without
Mul�-Factor
Authen�ca�on
(MFA) Never log into
social media accounts
from untrusted
systems
Don’ts
Social Media Platforms - safety tips
26
media account without
Mul�-Factor
Authen�ca�on
(MFA) Never log into
social media accounts
from untrusted
systems
Don’ts
Social Media Platforms - safety tips
26
mobile phone safety
Mobile phones are integral part of any organiza�on. Secure usage of
phone is essen�al for personal and organiza�onal data protec�on.
Data the�, financial loss, unauthorized access, malware infec�on, etc.,
27
may be a result of mobile phone compromise.
Mobile phones are integral part of any organiza�on. Secure usage of
phone is essen�al for personal and organiza�onal data protec�on.
Data the�, financial loss, unauthorized access, malware infec�on, etc.,
27
may be a result of mobile phone compromise.
Be cau�ous with
public Wi-Fi
Informa�on shared
over public
network may be
misused
Review the default
privacy se�ngs of
the smartphone,
mobile applica�ons
and social
media accounts
Personal photos
posted on social
media with public
visibility may be
misused
Before
downloading
any App, same
should be checked
for its reputa�on/
authen�city
Read vendor
privacy policies
and verify app
permission
before
downloading
apps
mobile phone safety
28
Dos
public Wi-Fi
Informa�on shared
over public
network may be
misused
Review the default
privacy se�ngs of
the smartphone,
mobile applica�ons
and social
media accounts
Personal photos
posted on social
media with public
visibility may be
misused
Before
downloading
any App, same
should be checked
for its reputa�on/
authen�city
Read vendor
privacy policies
and verify app
permission
before
downloading
apps
mobile phone safety
28
Dos
Turn off / remove
unnecessary
apps
mobile phone safety
Prefer
downloading
mobile apps from
genuine sources
Register
for Do Not
Disturb (DND)
service with
Telecom Operators
29
Dos
unnecessary
apps
mobile phone safety
Prefer
downloading
mobile apps from
genuine sources
Register
for Do Not
Disturb (DND)
service with
Telecom Operators
29
Dos
Use Parental control
mode, while handing
over mobile phones
to kids or minors
Use device / SD card
encryp�on to
safeguard
confiden�al data
mobile phone safety
30
Dos
mode, while handing
over mobile phones
to kids or minors
Use device / SD card
encryp�on to
safeguard
confiden�al data
mobile phone safety
30
Dos
mobile phone safety
Protect your
device
with a strong
PIN/Password
or Biometrics and
enable auto lock
se�ng in
mobile phone
Always take
back-up of data
(contacts, personal
photos, etc.)
31
Dos
Protect your
device
with a strong
PIN/Password
or Biometrics and
enable auto lock
se�ng in
mobile phone
Always take
back-up of data
(contacts, personal
photos, etc.)
31
Dos
Do not reply or
click on link sent
through
SMS, e-mails
or chat messenger
by strangers
Do not store any
classified/ sensi�ve
data (text /video /
photograph) in
the device
Do not log into
accounts,
especially the
financial
accounts, when
using public
wireless networks
Don’ts
mobile phone safety
32
click on link sent
through
SMS, e-mails
or chat messenger
by strangers
Do not store any
classified/ sensi�ve
data (text /video /
photograph) in
the device
Do not log into
accounts,
especially the
financial
accounts, when
using public
wireless networks
Don’ts
mobile phone safety
32
Malware protection
How to protect against malware?
c://
< head >
< end >
x,y,z integer
begin
read x, y, z
The various types of malwares are spyware, viruses, worms and trojans,
ransomware, Botnet, etc.
Malware performs various tasks that include locking of important files,
stealing sensi�ve informa�on from the system, gaining unauthorized
remote access, spy on the user ac�vity, consuming computer memory,
internet bandwidth, corrup�ng important files, etc.
The Term Malware is a combina�on of words, ‘Malicious’ and ‘So�ware’.
Malware is inten�onally developed to perform various unauthorized and
destruc�ve tasks on the vic�m's system without one’s knowledge.
Keep all so�ware up to date, including the Opera�ng System and
applica�ons.
Do not click on untrusted URL links
Patch Management to be ensured
to overcome vulnerabili�es
Use an�-malware solu�ons
33
How to protect against malware?
c://
< head >
< end >
x,y,z integer
begin
read x, y, z
The various types of malwares are spyware, viruses, worms and trojans,
ransomware, Botnet, etc.
Malware performs various tasks that include locking of important files,
stealing sensi�ve informa�on from the system, gaining unauthorized
remote access, spy on the user ac�vity, consuming computer memory,
internet bandwidth, corrup�ng important files, etc.
The Term Malware is a combina�on of words, ‘Malicious’ and ‘So�ware’.
Malware is inten�onally developed to perform various unauthorized and
destruc�ve tasks on the vic�m's system without one’s knowledge.
Keep all so�ware up to date, including the Opera�ng System and
applica�ons.
Do not click on untrusted URL links
Patch Management to be ensured
to overcome vulnerabili�es
Use an�-malware solu�ons
33
Use Licensed Version of
Opera�ng Systems and
Applica�on So�ware
Scan USBs,
Files on your computer
regularly or before use.
Disable USB devices if not
needed
Keep your system and
An�virus up-to-date with
regular patches
Malware
Protection
34
Dos
Opera�ng Systems and
Applica�on So�ware
Scan USBs,
Files on your computer
regularly or before use.
Disable USB devices if not
needed
Keep your system and
An�virus up-to-date with
regular patches
Malware
Protection
34
Dos
E-MAIL SECURITY PRACTICES
35
35
Don't open/reply to e-mail links
(hyperlinks/ web-links/ URLs
men�oned in the body of such
mails) giving any luring offer.
It may result in compromising
your personal and financial
details.
Do not access to any spam
e-mails, un�l the sender is
properly verified
E-MAIL SECURITY PRACTICES
36
(hyperlinks/ web-links/ URLs
men�oned in the body of such
mails) giving any luring offer.
It may result in compromising
your personal and financial
details.
Do not access to any spam
e-mails, un�l the sender is
properly verified
E-MAIL SECURITY PRACTICES
36
NOTES
NOTES
December, 2021