Do’s

• Always use private/official email domains and NOT public domains like Gmail, Rediff, etc. for official purposes. Also, use an individual email Id instead of a generic email id.
• Ensure Digital Certificate is stored in “C” drive and in non-exportable format.
• Password should be strong and difficult for anyone to guess. It should be a combination of uppercase /lowercase alphabets, special characters (e.g. &, $, #), numbers,
• Hard / Soft token if any, should stay in the personal custody of the authorized users.
• Users should keep different passwords for Login & Transaction authorization and should not share them with anyone.
• All passwords should be changed regularly.
• Keep system / PC / laptop locked when away from your workstation.
• Be cautious while clicking on any email received from external and unknown sources.
• Verify the sender's address. Check the complete email id including the domain along with the signature.
• Report suspicious emails received to your IT immediately.
• Delete unwanted emails immediately.
• Enable SMS and email alerts for transactions
• Always communicate change in existing ENet users immediately to HDFC
• Bank for incorporating them in ENet application.
• Ensure that the user ids of the resigned user are reported to the Bank
• immediately for deletion before their last working day.
• Ensure that anti-virus signatures are updated on all laptops/desktops.
• Type the URL in the fresh browser window or visit the bank's website.
• Download banking apps from the play store (Android phones) or iStore (Apple phones) only.
• Check that the websites have 'https://' and a locked padlock at the start of the URL.
• Register your email ID and mobile number for banking alerts and check them regularly.
• After completing a transaction online, check that the correct amount has been debited.
• Report lost/stolen devices to law authorities and service providers immediately.
• Always inform your bank in case of a change in a mobile number or unauthorized SIM deactivation.

 Don'ts

• Never share Digital Certificate / Hard Token / Soft Token with anyone, even within the organization.
• Do not disclose Digital Certificate file / Hard Token / Soft Token/ Password / Pin / OTP to anyone apart from the person authorized to use it
• Passwords should never be written on any device, notepad files, sheets of paper, etc.
• Never leave your Hard / Soft token application in an unprotected manner
• Never keep similar passwords for ENet login & transaction authorization
• Do not share your ENet registered email id and its password with anyone including colleagues
• Do not open any unknown email that contains random attractive links
• Do not click on the links/attachments of strange/attractive emails from unknown senders.
• Never disclose or provide sensitive information such as user name, passwords, or banking details via an email or a phone call
• No official or customer data should be shared with unwanted people outside your office network without following your internal security's laid down process. For financial transactions, do not use public PCs or open Wi-Fi networks (at railway stations, airports, cafes, etc).
• Never use the auto-complete feature on banking sites or select the 'Remember password' facility.