- how your data is stored and protected;
- how to report an incident; and
- how to terminate the service and if data is retained after service termination.
- Do not subscribe if you do not agree to the Terms and Policy. Be aware of the periodic changes of the Terms and Policy.
- Think twice when you want to store sensitive data in the cloud and assess the impact if this data is exposed.
- Avoid sharing out data to unintended parties by -
- ensuring only the intended recipients have the access permissions if you share sensitive data with others through the cloud;
- ensuring any software running on the cloud service consumer’s device will only synchronize permitted data between the device and the cloud; and
- checking if the default permission of files or folders you are using is appropriate. For example a pre-installed “Photo” folder may be public accessible by default and is not a favourable setting.
- Maintain a local backup copy of your important data so that this data can still be available when the service provider is out of service temporarily (e.g. network outage) or permanently.
- Ensure the service provider protects data confidentiality by
- using encryption (e.g. SSL) to transmit data; and
- using encryption when storing static data. (If not, you have to use your own encryption before storing data in the cloud. In that case remember to keep your encryption key safe.)
Security of Access Accounts
- Use strong passwords for access accounts.
- Use different passwords for different access accounts.
- Protect user names and passwords by
- keeping them in a safe place;
- avoid sharing them with others;
- turning off password saving in browsers and applications; and
- avoid keeping passwords in plain text on the device.
- Ensure the above measures are also implemented onto any local program on a computer or mobile device that accesses the cloud services.
- Log off the cloud service if it is not required.
Security of Your own Access Device
- Use only trustworthy devices to access cloud services. Avoid using public computers to process sensitive data in the cloud.
- Secure the access device physically. Protect the access device from unauthorized access.
- Use a screen saver to lock the computer or mobile device.
- Refrain from jailbreaking the access devices (i.e. remove usage and access limitation controls).
- Keep operating systems, browsers and applications of your access device, including computers and mobile devices, up-to-date with the latest software versions and security patches.
- Be cautious on browsing, especially not to click on any links from untrusted sources.
 Refer http://www.infosec.gov.hk/english/yourself/account.html on handling user accounts and passwords
 Refer http://www.infosec.gov.hk/english/virus/geninfo_common.html on best practices of protecting your computer more effectively against virus and malicious code