Surfing the Web and e-Shopping
All kinds of things can now be done online, from shopping, banking to studying and research. The followings are some best practices for surfing the web and e-shopping.
Ensure that the operating system, web browsers and other softwares are fully patched and up to date before surfing the web.
Install and run a personal firewall as well as anti-malware software with the latest signatures updated.
Check the terms and disclaimers of any e-shopping site before using their services, e.g. check personal privacy statements, etc.
Choose well-known or trustworthy e-shopping sites.
Keep notice of key measures on providing information or making a purchase on a website:
Informed consent on personal information
Whether Seals of Approval applied (e.g. TRUSTe or WebTrust)
Check the security level of e-commerce websites before submitting personal information and conducting transactions (e.g. SSL, check for the https prefix, the lock icon in web browser, or the issuing authority of the site's digital certificate).
Apply for a Digital Certificate for electronic transactions.
Consider using Encryption to protect sensitive data transmitted over public networks and the Internet.
Keep a copy of transaction records. Most e-commerce sites present you with a summary of transaction before you click a Send or Buy button. Print this out or save it as a file to refer to later if necessary.
Avoid submitting any data that is irrelevant to the purpose for which it is being collected. Be particularly cautious if asked for personal information, such as credit card or bank account numbers.
Be alert to the latest news on sites that are notorious for suspicious activities, or labelled as "bad sites".
Remember to logoff at the end of a session.
Use different sets of logins and passwords for different web applications and services.
Change the passwords used in critical web applications regularly if 2-factor authentication is not supported.
Report abnormal behaviour to service provider or ISP immediately.
Don't download data or software from unknown sources.
Don't try to visit untrustworthy sites just out of curiosity.
Don't reply or directly click any links embedded in an unexpected email message, such as those emails requesting you to log into your account in order to confirm the use of the account. Check with the company/bank if you are uncertain about a message.
Don't login to critical web applications from a public computer.
Don't cache your username and password in your workstation.