Cyber Security Guidelines : Do's & Dont's Tips

Information

Cyber Security Guidelines : Do's & Dont's Tips

User awareness and alertness plays an important role in avoiding risk of hacking and fraudulent activities on the online Banking platform. With the increase in the risk of frauds online frauds over the last couple of years, it is the responsibility of each individual to use technology and other resources provided by the bank carefully. Therefore, it is crucial to follow Information Security Guidelines and avoid becoming a victim to fraud.
With this objective, we have laid out some points for you to follow which will help you maintain a healthy and secure working environment. These will be beneficial to you and your organization.

DO'S AND DON'TS

Do’s

• Always use private/official email domains and NOT public domains like gmail, rediff, etc. for official purpose. Also use individual email Id instead of generic email id.

• Ensure Digital Certificate is stored in “C” drive and in non-exportable format.

• Password should be strong and difficult for anyone to guess. It should be a combination of uppercase /lowercase alphabets, special characters (e.g. &, $, #), numbers,

• Hard / Soft token if any, should stay in the personal custody of the authorized users.

• Users should keep different passwords for Login & Transaction authorization and should not share it with anyone.

• All passwords should be changed regularly.

• Keep system / PC / laptop locked when away from your work station.

• Be cautious while clicking on any email received from external and unknown sources.

• Verify the sender's address. Check the complete email id including the domain along with the signature.

• Report suspicious email received to your IT immediately.

• Delete unwanted emails immediately.

• Enable SMS and email alerts for transactions

• Always communicate change in existing ENet users immediately to HDFC Bank for incorporating them in ENet application.  

• Ensure that the user ids of the resigned user is reported to the Bank immediately for deletion before their last working day.

• Ensure that anti-virus signatures are updated on all laptops/desktops.

• Type the URL in the fresh browser window or visit bank's website.

• Download banking apps from playstore (Android phones) or iStore (Apple phones) only.

• Check that the websites have 'https://' and a locked padlock at the start of the URL.

• Register your email ID and mobile number for banking alerts and check them regularly.

• After completing a transaction online, check that the correct amount has been debited.

• Report lost / stolen devices to law authorities and service providers immediately.

• Always inform your bank in case of change in mobile number or unauthorized SIM deactivation.

Dont’s

• Never share Digital Certificate / Hard Token / Soft Token with anyone, even within the organization.

• Do not disclose Digital Certificate file / Hard Token / Soft Token/ Password / Pin / OTP to anyone apart from the person authorized to use it

• Passwords should never be written on any device, notepad files, sheets of paper, etc.

• Never leave your Hard / Soft token application in an unprotected manner

• Never keep similar passwords for ENet login & transaction authorization

• Do not share your ENet registered email id and its password with anyone including colleagues

• Do not open unknown email which contains random attractive links

• Do not click on the links / attachments of strange/attractive emails from the unknown senders.

• Never disclose or provide the sensitive information such as user name, passwords or banking details via an email or a phone call

• No official or customer data should be shared to unwanted people outside your official network without following your internal security's laid down process.

• For financial transactions, do not use public PCs or open Wi-Fi networks (at railway stations, airport, cafes, etc).

• Never use the auto-complete feature on banking sites or select the 'Remember password' facility.