The University campus is equipped with a trusted Wi-Fi network to keep your data safe, but when you travel off campus for vacation, academic field trips, or a study session at a public venue, please take extra precautions on using public Wi-Fi as hackers and other cybercriminals like to take the advantage of public locations with less security protection to contact cyberattack.

Please take note of the below tips to keep your data safe when using public Wi-Fi:

• • Verify the network, configure and turn off sharing function
  • Use a virtual private network (VPN)
  • Use links with HTTPS
  • Keep the firewall enabled
  • Use antivirus software
  • Always turn off automatic connection
  • Always use two-factor authentication (2FA) – In this way, even if a hacker obtains your username and password, they still cannot be able to access your accounts.

If possible, it is better to use the network of your mobile device as a hotspot instead of using the insecure public Wi-Fi.

This year 2020 has been a tough year. With the outbreak of Novel Coronavirus Pneumonia around the world, our lives, work, and studies rely more and more on network services. As online activities become more frequent that it is severely challenging to information security, especially the risk increases under insufficient protection of personal equipment and home office environment. With the coming of long Christmas holiday and final exams, information security is often being overlooked easily when dealing with heavy work or study. In order to have a secure online working and learning environment, here are some safety tips for your reference:

• Keep devices and Apps up to date.This general tip is useful even if you are just casually surfing the Internet. Keep your devices up to date (including anti-virus tools, Apps and operating system) ensures you have the latest security fixes;
• When working at home, avoid other family members from accessing important information related to your work;
• Backup data! Make sure that you have performed data backup for each device. In case you lost your mobile device, data backup can be used not only for data restoration, but also for identifying lost data accurately, facilitating reporting and planning appropriate actions for data with security risks;
• Beware when sending important informationWhen using email or communication software to send information, you must ensure that the content and recipients are correct. Once you send some personal data to unauthorized persons by mistake, you are more likely to violate the laws of Macao.
• When receiving any information with URL link or attachment (especially an online meeting URL), DONOT open it unless you are expecting it and absolutely certain that it is legitimate;
• Secure Your Zoom MeetingPlease refer to “How to Secure Your Zoom Meeting” and “Using Zoom Effectively in Classroom“;
• Don’t overlook low-tech solutionsTape over the camera of your laptop or mobile device for privacy.

Reference

• A Distance Learning Quick Start Guide for Students, UM
• Caution Use in Video Conference and E-learning Platform, Office for Personal Data Protection (Chinese version)
• How much do you know about Information Security?
• Data Privacy in an Era of Compliance
• Don’t Let a Phishing Scam Reel You In
• Personal Data Protection Act (Chinese)| (Portuguese)
• Law on Combating Computer Crime (Chinese)| (Portuguese)

Information technology was developed rapidly in recent year. With the development of artificial intelligence and 5G networks, some technologies that seemed to be impossible before have gradually entered the lives of everyone, which also show the importance of information technology services. Especially during the anti‑epidemic period in recent months, public’s dependence on IT services has become more obvious, and information security has become a topic of discussion. Hence, the requirements on information security will become higher.

With the effective of the Macao Cybersecurity Law, in accordance with the relevant regulation, the University must ensure that information networks, computer systems and data are protected properly, and strengthen the alert and response towards information security incidents. ICTO will continue to safeguard the information security for our campus network, and cooperate with the Cybersecurity Incident Alert and Response Centre in order to fulfill the reporting obligations, including reporting information security incidents and providing updated Internet service information (such as the account name for connecting to the Internet service provider, IP address, domain name and other related information.)

In addition, if you need to setup IT facilities or providing IT services in UM, you are obliged to ensure that the provided services are secure and reliable. Therefore, please note the following:

• Make sure the operating system and application are updated to the latest version to ensure the maximum protection;
• Pay attention to the system default setting whether it is secure or not, including initial passwords, permission and system services;
• Enable any information security measures, system logging and perform backup for important data;
• For outsourced IT services, you must also ensure that their provided services meet the relevant requirements ofthe Cybersecurity Law ;
• If you need to change the network architecture or encounter an information security incident, you must inform ICTO*.

* Note: ICTO will be responsible for implementing the above reporting obligations for UM in accordance with the Cybersecurity Law. The detail information will be announced in due course.

Besides service providers must pay attention to information security. In fact, it is also the responsibility of each user. Users must always maintain security awareness in order to build a secure IT environment.

Reference:

• The Cybersecurity Law (Chinese) | (Portuguese)
• The Cybersecurity Law – Relevant attachments (Chinese) | (Portuguese)
• Other laws, regulations and policies
• ICTO Information Security Services

In recent years, Advanced Persistent Threat (APT) is a common threat on the Internet. Intruders will try to break into a target network. They often lurk in the network for months to collect cues until they obtained any valuable information, and some would even stay hidden in the network for long-term monitoring. Usually, an intruder would try to enter the target network in the first step, no matter you are handling important information or not, you may become the next target of the intruder.

Actually, information security is everyone’s responsibility. Even though IT personnel have tried the best to take any necessary measures for reducing risk of intrusion, including network security technology, network monitoring and regular maintenance, etc., the intruder can still attack the network through phishing scams. Therefore, users must have good awareness of information security. How much do you know about Information Security? Take our “Information Security Awareness Quiz” immediately and challenge yourself!

* Remark:

• 1. Click the URL Information Security Awareness Quiz and login with your UMPASS;
  2. Click “Enrol me”;
  3. Choose to answer in Chinese or English;
  4. There are 6 groups of questions and each group contains 5 multiple choice questions. You can have unlimited trials and the quiz result is for your reference only.

Reference

• Don’t Let a Phishing Scam Reel You In
• How can I identify a phishing, fake email and websites?
• Beware of Phishing Trap
• Other Information Security Tips

In recent years, mobile payment has become so popular that you can simply pay with your mobile phone, which makes shopping easier and more convenient! However, at the same time, did you recognize the safety when using mobile payment? Here are some tips:

• Be careful with your belongings and mobile phone. In addition to money loss, your bank card or mobile phone wallet may also be stolen. If your ID card is lost, your personal data may also be misused;
• DO NOT overcharge your mobile phone wallet and avoid linking a bank account with large amount to your mobile phone wallet. DO set an appropriate transaction limit, check the transaction records regularly, and change account and transaction passwords regularly;
• Avoid using public, unknown or unsecured networks for mobile payment transactions, and avoid exposing the screen with payment QR code;
• Beware of phishing messages, especially those involving red-pocket, special offers, money transfer requests, passwords or personal information, you must confirm the authenticity of the sender in order to avoid any loss;
• Protect mobile devices:
  • Protect your devices with password or fingerprint;
  • Turn on the “Find Me” function and wipe feature, to avoid data loss or being stolen;
  • Make sure the operating system and application, including anti-virus protection, are updated to the latest version;
  • Do not crack your mobile phone system and avoid downloading and installing software from untrusted sites;
• Enable SIM pin. For most mobile payment account registration, password recovery, or some online transactions, you may need to use SMS for identity verification. Using SIM pin can reduce the probability of identity theft due to SIM card loss;
• Use the licensed mobile payment service, carefully read the terms and conditions, understand the reporting loss procedure and stolen protection policy, etc.

In case you lose your phone, please stay calm and try to use the “Find Me” function and wipe feature to locate your phone, or remotely erase your data. In addition, if necessary, please report the loss to the related bank or service provider, for example, report the loss of bank card, SIM card, and suspend the mobile phone wallet account, etc.