Everyone is working from home due to the epidemic, please remind:

1. Make sure your computer program is up to date– Keep updating the system and software programs of the device regularly. If the anti-malware program has been installed, it should be updated to avoid damage or infection by malware; Download the protection software at here (Link) and select ESET Internet Security;
2. Login to SSLVPN andusevirtual desktop service provided by ICTO for using major UM administrative system. Please refer to the detail information (Link);
3. Logout from all of your accounts (including SSLVPN) before you leave your computer;
4. Protect your datato avoid data breach;
5. During video conferencing, do protect your privacy;
6. DO NOTarbitrarily believe unconfirmed news. Usually, during epidemic incidence, there will be relevant fake news disseminated. Don’t let a phishing scam reel you in. Don’t arbitrarily forward unconfirmed news;

In our daily life, we used to pay attention to our home security, however, have you ever doubted about your home computer being hacked? Hackers often install Trojan horse on your computer without your acknowledge and use it to steal your important data. They can also use it to remote control your computer camera and microphone for peeping and eavesdropping. As cryptocurrency has become popular and valuable nowadays, hackers may use Trojan horse to control a lot of computers which belong to other people for crypto mining illegally. Such crypto mining attack can slow down the computer and Internet speed, increase the electricity consumption and decrease the lifespan of the computer.

Crypto mining attack is actually spreading all over the world. UM has also received an information security alert from the Cybersecurity Incidents Alert and Response Center (CARIC) of Macao that some computers of several organizations in Macao have been infected with crypto mining malware this year since February and there is an upward trend. To ensure information security, please refer to the following tips to protect your computer immediately:

• Keep your computer up to date, patch or upgrade the operation system and software for vulnerability as soon as possible.
• Enable the real-time protection and monitoring feature of antivirus software, scan the computer regularly and keep the version up to date.
• Only download software from the official website of the vendor/publisher.
• Don’t download any type of cracked or hacked programs.
• Don’t click links and open attachments in suspicious email.
• Securely maintain and manage your user account and password, i.e. enable two-factor authentication (2FA) service and use more complicated password.

If you found any of the below signs on your computer, it may be infected by virus or malware:

• Loss of performance, frequent freezing or crashing.
• Overheating or battery drops faster.
• Loss of information, file deleted/modified or hard drive formatted without your permission.
• Unexpected modification of web browser homepage, unwanted pop-up or redirects to websites you are not intended to visit.
• Antivirus software is closed or stopped running.

If you suspect that your UM user account has been hacked or computer has been infected, please contact ICTO Help Desk immediately.

Reference
· Don’t Let a Phishing Scam Reel You In
· How to download and install software in a secure manner?
· Are you ready to prevent Ransomware?
· Two-Factor Authentication (2FA)
· How to choose a strong password?
· Basic Knowledge of Online Safety and Security
· Other Information Security Tips

The University campus is equipped with a trusted Wi-Fi network to keep your data safe, but when you travel off campus for vacation, academic field trips, or a study session at a public venue, please take extra precautions on using public Wi-Fi as hackers and other cybercriminals like to take the advantage of public locations with less security protection to contact cyberattack.

Please take note of the below tips to keep your data safe when using public Wi-Fi:

• • Verify the network, configure and turn off sharing function
  • Use a virtual private network (VPN)
  • Use links with HTTPS
  • Keep the firewall enabled
  • Use antivirus software
  • Always turn off automatic connection
  • Always use two-factor authentication (2FA) – In this way, even if a hacker obtains your username and password, they still cannot be able to access your accounts.

If possible, it is better to use the network of your mobile device as a hotspot instead of using the insecure public Wi-Fi.

This year 2020 has been a tough year. With the outbreak of Novel Coronavirus Pneumonia around the world, our lives, work, and studies rely more and more on network services. As online activities become more frequent that it is severely challenging to information security, especially the risk increases under insufficient protection of personal equipment and home office environment. With the coming of long Christmas holiday and final exams, information security is often being overlooked easily when dealing with heavy work or study. In order to have a secure online working and learning environment, here are some safety tips for your reference:

• Keep devices and Apps up to date.This general tip is useful even if you are just casually surfing the Internet. Keep your devices up to date (including anti-virus tools, Apps and operating system) ensures you have the latest security fixes;
• When working at home, avoid other family members from accessing important information related to your work;
• Backup data! Make sure that you have performed data backup for each device. In case you lost your mobile device, data backup can be used not only for data restoration, but also for identifying lost data accurately, facilitating reporting and planning appropriate actions for data with security risks;
• Beware when sending important informationWhen using email or communication software to send information, you must ensure that the content and recipients are correct. Once you send some personal data to unauthorized persons by mistake, you are more likely to violate the laws of Macao.
• When receiving any information with URL link or attachment (especially an online meeting URL), DONOT open it unless you are expecting it and absolutely certain that it is legitimate;
• Secure Your Zoom MeetingPlease refer to “How to Secure Your Zoom Meeting” and “Using Zoom Effectively in Classroom“;
• Don’t overlook low-tech solutionsTape over the camera of your laptop or mobile device for privacy.

Reference

• A Distance Learning Quick Start Guide for Students, UM
• Caution Use in Video Conference and E-learning Platform, Office for Personal Data Protection (Chinese version)
• How much do you know about Information Security?
• Data Privacy in an Era of Compliance
• Don’t Let a Phishing Scam Reel You In
• Personal Data Protection Act (Chinese)| (Portuguese)
• Law on Combating Computer Crime (Chinese)| (Portuguese)

Information technology was developed rapidly in recent year. With the development of artificial intelligence and 5G networks, some technologies that seemed to be impossible before have gradually entered the lives of everyone, which also show the importance of information technology services. Especially during the anti‑epidemic period in recent months, public’s dependence on IT services has become more obvious, and information security has become a topic of discussion. Hence, the requirements on information security will become higher.

With the effective of the Macao Cybersecurity Law, in accordance with the relevant regulation, the University must ensure that information networks, computer systems and data are protected properly, and strengthen the alert and response towards information security incidents. ICTO will continue to safeguard the information security for our campus network, and cooperate with the Cybersecurity Incident Alert and Response Centre in order to fulfill the reporting obligations, including reporting information security incidents and providing updated Internet service information (such as the account name for connecting to the Internet service provider, IP address, domain name and other related information.)

In addition, if you need to setup IT facilities or providing IT services in UM, you are obliged to ensure that the provided services are secure and reliable. Therefore, please note the following:

• Make sure the operating system and application are updated to the latest version to ensure the maximum protection;
• Pay attention to the system default setting whether it is secure or not, including initial passwords, permission and system services;
• Enable any information security measures, system logging and perform backup for important data;
• For outsourced IT services, you must also ensure that their provided services meet the relevant requirements ofthe Cybersecurity Law ;
• If you need to change the network architecture or encounter an information security incident, you must inform ICTO*.

* Note: ICTO will be responsible for implementing the above reporting obligations for UM in accordance with the Cybersecurity Law. The detail information will be announced in due course.

Besides service providers must pay attention to information security. In fact, it is also the responsibility of each user. Users must always maintain security awareness in order to build a secure IT environment.

Reference:

• The Cybersecurity Law (Chinese) | (Portuguese)
• The Cybersecurity Law – Relevant attachments (Chinese) | (Portuguese)
• Other laws, regulations and policies
• ICTO Information Security Services