A best practice guide for information technology: 12 essential rules for securing your digital equipment.

(Translated from: Guide des Bonnes Pratiques de l’informatique. 12 règles essentielles pour sécuriser vos équipements numériques.)
(www.ssi.gouv.fr/uploads/2015/03/guide_cgpme_bonnes_pratiques.pdf). Version 1.1.1 – Janvier 2017 20170111-1014. Licence Ouverte/Open Licence (Etalab – V1). Agence Nationale de la Sécurité des Systèmes d’information. ANSSI – 51, boulevard de la Tour-Maubourg – 75700 PARIS 07 SP.

By Edward Eggleston


(part 5)

9. Download programs from official programmer/vendor sites.

Emma wanted to protect her system against spyware. For this, she downloaded an anti-spyware program suggested by a search engine. She did not know this installed a Trojan in her system. [Malware disguised as legitimate software.]

If you download digital content from untrustworthy Internet sites, you take the chance of installing programs on your system that are not updated, and also very often contain a Trojan or virus. This can allow remote control of your system by people with hostile intentions. With this access they might spy on your computer activity, steal personal data, launch attacks, etc.

To maintain the security of your machine and data in this context:
a) Download programs from the programmer’s site or other trusted source.
b) Consider not installing additional software offered with the main downloaded program.
c) Show (special) caution with sponsored links.
d) Turn off the feature that automatically opens downloaded files. Instead, download and then scan the file with antivirus software to ensure it does not contain a known virus.


 

10. Be vigilant when using Internet payment systems.

Céline bought office supplies for her business online without verifying the security of the site. The site was not secure. Attackers intercepted her company bank card number and took 1000 Euros [About 1100 USD.].

When making online purchases by desktop system or mobile device, your banking information might be intercepted [for example] directly on your machine or through the client files of the merchant. Because of this, it is necessary to verify the site before making payments:

a) Check for the presence of a padlock symbol in the address bar or in the lower right of the browser window (note: not all browsers show the lock).
b) Make sure that “https://” appears at the beginning of the site address.
c) Verify the exactness of the Internet site address by checking, for example, for any spelling mistakes.

Observe these guidelines during an online transaction, if possible:

a) Choose a method involving an SMS confirmation code for an order.
b) In general, never give the additional code from your bank card.
c) Do not hesitate to contact your bank to find out and use the (most) secure methods they offer.