July 2013
 

Annual Notebook Ownership Programme for Students, Staff and Alumni – Apple, Acer and Lenovo Notebooks at Discounted Prices
4 Simple Tips for Secure Web Browsing
Private Data on Cloud Storage Available to Strangers?
Enterprise Content Management Service Soon to be Launched
Launching of Mailing List Management System
Latest Electronic Messaging Usage Policy and Guides
August Staff IT Training Programmes



  home   e-Views

 

 

 

4 Simple Tips for Secure Web Browsing
 

 

The most direct way to connect to the Internet is via Internet browsers such as Chrome, Firefox, Internet Explorer or Safari. Cyber attackers, therefore, have made browsers one of their primary targets to spy on your browsing activities or to collect your personal information.

To protect your online activities and personal data, check out the 4 simple tips for secure web browsing:

 

1. Keep your browser current

 

Cyber attackers are constantly searching for programming errors and other flaws in browsers to get access to, or even control, your system. Browser companies such as Google, Microsoft or Apple will release patches from time to time to fix these errors and flaws. It is therefore important to keep your browser up-to-date by making sure that the auto-update feature is always enabled in your browser and operating system. However, please beware that some web applications may not function properly due to the incompatibility with some browser versions.
2. Beware of malicious web sites Browsers will maintain an updated list of malicious web sites and will warn you if you try to visit any of these known malicious sites. Even so, you still need to be alert when visiting web sites that you are not familiar with as the browsers may not know all malicious sites.
3. Erase stored personal information

Browsers may store your browsing activities and personal information in the cookies, cached pages and history. You are encouraged to erase any stored data after surfing the Internet, especially on a public computer. You may also use the privacy mode to turn off all data collection during web browsing. This may, however, limit your interaction with some web sites.
4. Look for ‘https://’ Browsing web sites under encrypted connection prevents your online activities from being monitored or captured by cyber attackers. In particular, if you are using online banking services, shopping online or filling in an online form that involves your sensitive data, make sure your connections are encrypted by looking for ‘https://’ in the browser.

Enjoy secure web browsing!

 

 

Carter Lau
Information Technology Officer (Information Security)

 

 
 


 
Private Data on Cloud Storage Available to Strangers?
 

 

When creating documents on Google Docs, sharing files via Dropbox or storing your music or pictures on Apple’s iCloud, are you aware that you may be, at the same time, handing over the availability and security of your private data to strangers?

According to the statistic report from the Cloud Security Alliance, the number of cloud vulnerability incidents has risen considerably during the past few years. The investigation reveals that the top three security threats are:

  • Insecure Interfaces and APIs (29%)
  • Data Loss and Leakage (25%)
  • Hardware Failure (10%)

 

Cloud or not cloud then?

Well, just by following some simple rules of thumb, you can mitigate the risks and protect your data while enjoying the great convenience and mobility provided by cloud storage.

 

Select the Right Service Provider

When selecting a cloud service provider, ask the following questions:

Support Service

  • If you have a problem, how responsive is the company in providing support?
  • If your data is critical, is phone or email support available?
  • If the company does not provide such support, does it have public forums or FAQs in its website?

Backup Service

  • Will the cloud provider back up your data?
  • If yes, what exactly gets backed up?
  • How frequently, and for how long are the backups maintained?
  • If you unintentionally delete some files, is there any way for you to recover them?

Privacy Protection

  • Who can access your data in the cloud?
  • Do the cloud provider’s employees or third-party partners have access to your data?

Security Control

  • Is your data encrypted when being uploaded to or downloaded from the cloud?
  • How is your data stored in the cloud, and once again, is it encrypted?
  • Who can decrypt your data?

 

 

Good Practices for Cloud Storage

Once you have selected a cloud service provider that best fits your needs, it is important to make sure that you use their services properly. Follow the good practices below for securely storing, accessing and sharing data on the cloud:

Use strong authentication

 

Use strong and long passphrases for authentication to your cloud storage to protect your data against hacker attacks. You are also recommended to use the two-factor authentication / two-step verification if such is offered by your provider.  

Share your files on need-to-know basis

 

It is very easy to share data through the cloud, and so is sharing too much. The worst scenario is you may unintentionally make your data available to the public. The best way to protect yourself is by default not to share any of your data, but only allow specific people (or groups of people) to access certain files or folders on a need-to-know basis.

Understand the security settings

 

If you grant full control of your cloud storage to someone else, can they share your data with third parties without your knowledge and consent? Can you purge your data from the cloud provider’s systems when you no longer need the service?

Encrypt your sensitive data locally before storing it in the cloud

 

If you really need to store some sensitive data on the cloud, make sure you have encrypted the data before uploading to the storage.

Install latest version of antivirus software on all the computers used for data sharing

 

If a file you are sharing gets infected, all other computers accessing the same file may also be infected.

Backup your data on local computer regularly

 

Not only can it protect your data in case your cloud provider goes out of business, it will also be easier for you to recover large amount of data from your local backup rather than downloading them from the cloud.

Read the terms of service before sign up

 

Read the Service Level Agreement (SLA) or End User License Agreement (EULA) before you sign up for a service. Consider other providers if there are terms in the contract that you don’t understand or that concern you.

 

 

Nicole Wong (Miss)
Assistant Information Technology Officer (Information Security)