Rules of Conduct

Besides technical measures (e.g. personal firewall, software updates, virus scanner, etc.) a decisive factor in increasing the security of the computer is the behaviour of the individual user. This includes:


Both your computer and various online services require assignment of a password. Badly selected or too short - i.e. weak - passwords pose a considerable security risk. The following principles must be borne in mind when selecting a password:

  • Minimum length of 12 characters
    The password must have a minimum length of 12 characters and consist of letters, numbers and special characters. 

  • Easy to remember
    The password must be selected such that it can be remembered easily. Do not ever write passwords down. Good passwords consist of whole sentences, which include special characters. Example: « this p@ssw0rd 1 shall not forget ». 

  • Do not reuse passwords
    Use different passwords for different purposes (e.g. for different user accounts). The use of still different passwords is strongly recommended when using online services.
  • Strong (two factor) authentication 
    When available, make sure to protect your account with two-factor authentication (one-time password, SMS token, Google Authenticator, etc.)
  • Change the password
    For individuals:
    A password should be changed at the latest when you suspect that it may be known to a third party.
    For companies:
    Companies should ensure that impersonal passwords should be changed when employees are leaving. Optionally we recommend to define cycles for changing passwords.
  • Password checker
    Various programs are available with which you can test the strength of your password (do not use the original password but a similar one when performing such a test). 

    Password check of the data protection officer of the canton of Zurich:

  • Password managment programs
    These kind of programs manage the different passwords of a user. The access is secured by a « Master-Password ».


E-mail is one of the most popular means of communication. However, most of the electronic pests reach computers via e-mail attachments. Cautious use of e-mail contributes significantly to the security of your data and your computer. The following measures can protect you from viruses, worms, Trojan horses, spam and hoaxes:

Viruses, worms and Trojan horses

  • Caution with e-mail messages from unknown senders
    Do not trust e-mail with sender addresses you do not know. In such a case, do not open any attached documents or programs and do not follow any of the links provided in them.

  • Consider the trustworthiness of the sources
    Only open files or programs from trustworthy sources and only after checking them with an up-to-date virus scanner.

  • Caution with file names that have two extensions
    Do not open any e-mail attachments that have two extensions (e.g. picture.bmp.vbs). Do not allow yourself to be fooled by the icon of such a file. In the Windows Explorer, you should disable the option « Hide file extensions for known file types » (under Tools -> Folder Options -> View).
  • Malicious E-mail Attachment are, amongst others, the following file type:
    .app (Executable Application), .bas (BASIC Source Code), .bat (Batch Processing), .cer (Certificate File), .chm (Microsoft Compressed HTML Help), .class (JAVA Bytecode), .cmd (Command File), .com (COM Binary), .cpl (Windows Control Panel File, Microsoft), .crt (Certificate File), .der (Certificate File), .docm (Word Macro-Enabled Document file), .dotm (Macro-Enabled Word Document Template), .exe (Executable File), .iso (Archive File), .jar (Archive Java), .js (JavaScript), .jse (Encoded JavaScript), .mam (MS Access Macro), .msc (Microsoft MMC-Snap-In control file), .msh (Microsoft Shell), .msh1 (Microsoft Shell), .msh2 (Microsoft Shell), .msi (Windows installer package file), .pif (Program Information File), .potm (Macro-Enabled PowerPoint Document Template), .ppsm (Macro-Enabled PowerPoint Presentation), .pptm (Macro-Enabled PowerPoint Presentation), .ps1 (Windows PowerShell), .ps1xml (Windows PowerShell), .ps2 (Windows PowerShell), .ps2xml (Windows PowerShell), .psc1 (Windows PowerShell), .psc2 (Windows PowerShell), .rar (Archive File), .reg (Registry Key), .scr (Screensaver), .vb (VBScript file), .vbe (VBScript file), .vbs (VBScript file), .ws (Windows Script), .wsc (Windows Script Component), .wsf (Windows Script), .xlsm (Macro-Enabled Excel Workbook), .xltm (Macro-Enabled Excel Document Template), .zip (Archive File).
  • E-mail program software update
    E-mail programs can also have security holes. Check regularly for software updates for your e-mail program and install them.


  • Cautious use of e-mail address
    Disclose your e-mail address to as few people as possible and use it for important correspondence only.

  • Keep a second e-mail address
    It is recommended that a second e-mail address be used for filling in web forms, subscribing to newsletters, making entries in guest books, etc. Such an address can be obtained for free from various providers. If this address is spammed, it can then be deleted and replaced.

  • Do not respond to spam
    If spam is replied to, the sender knows that the e-mail address is valid and will continue to send spam. Spam with an « unsubscribe option » must also be treated with care. This option promises that an e-mail sent with a certain keyword will cause the sender's address to be removed from the distribution list. Autoreply or « Out of Office » messages should also be considered in this regard. They should be enabled only for messages from known addresses.



When surfing the Internet, hazards lurk that could jeopardise the security of your data and your computer.  Some of these hazards and the respective protective measures are:

Viruses, worms, Trojan horses, spyware

  • Do not download unknown programs
    Do not download unknown programs (games, screensavers, etc.) from the Internet. Click on « Cancel » or « No » if an unwanted download window appears.

  • Retrieve software updates from the vendor only
    Download software updates or drivers only from the web page of the respective vendor. Next, check it with an up-to-date virus scanner.

Social engineering, phishing and fraud

  • Caution when passing on information
    Do not disclose your username or password to anyone. No serious service provider would ask you for your password (even over the telephone). This also applies if the request appears credible and features of the service provider (e.g. e-mail address, web page look, logos, corporate identity). In case of any doubt always check first with the service provider.

  • Consider the reputation of the service provider
    When shopping online, make sure you deal only with reputable providers. Send your credit card details only on web pages with guaranteed data encryption. You can tell this by a small golden padlock at the lower left edge of your browser or by the protocol used in the URL (https instead of http).

  • Log off properly
    Always use the Logoff function when leaving web applications (e.g. webmail, Internet banking).

Data protection

  • Exercise restraint when filling in forms
    Avoid disclosing personal details. This applies particularly when filling in web forms.

  • Caution when writing to newsgroups
    Remember that contributions to newsgroups, forums and guest books will remain public for years to come.

Browser settings

Every web page consists of a series of instructions written in HTML code. These instructions tell the browser (e.g. Internet Explorer, Firefox, Chrome) how to display the contents of the web page. While some web pages consist only of text documents and do not offer any additional functions (static pages), other pages have dynamic content. Tickers, web forms for online orders, animated images and dynamically displayed advertising banners are some examples of this.  These dynamic functions can be implemented using ActiveX Controls and JavaScript which can, unfortunately, also be abused to cause unwanted and harmful actions on the visitor's computer.

  • Restrict JavaScript
    Try to limit (or deactivate) the execution of JavaScripts (Active Scripting) via the browser settings or certain plugins. Please note, however, that many web pages will no longer function correctly if JavaScript is deactivated. If this hampers your web browsing too much, you can ease the restrictions gradually to a degree that is acceptable to you. Depending of the method you have chosen, it is also possible to enable javascript only for certain websites (white listing).


Peer-to-peer (P2) communication is communication between peers. The peer-to-peer model offers an alternative to the usual client-server model where a server offers services that are used by clients. One such example is Internet browsing: The client (Internet browser) connects to a web server and uses the services it provides (e.g. online shopping). In contrast, in the peer-to-peer model, each computer is both client and server, i.e. each offers services and, in turn, also receives services from the other computer in the peer-to-peer network. Peer-to-peer file trading in general use this type of communication. Everyone can exchange files (e.g. music or movies) with everyone else. To do this, software is usually required that can be downloaded from the Internet. As peer-to-peer file trading may provide free access to copyrighted works or pornographic content, they are controversial, and the providers of the corresponding software are the targets of complaints from the music and movie industries.

  • Caution when using peer-to-peer networks and file trading
    Besides the copyright aspects mentioned, participation in peer-to-peer file trading also involves other risks. Many of the files offered are infected with viruses or Trojan horses. The P2P software can contain spyware or adware and have security holes. Furthermore, users may inadvertently make (confidential) files accessible when taking part in this type of P2P network or file trading.


Specialist staff
Last modification 04.07.2019

Top of page