+

How much do you know about Information Security?

/in /by

In recent years, Advanced Persistent Threat (APT) is a common threat on the Internet. Intruders will try to break into a target network. They often lurk in the network for months to collect cues until they obtained any valuable information, and some would even stay hidden in the network for long-term monitoring. Usually, an intruder would try to enter the target network in the first step, no matter you are handling important information or not, you may become the next target of the intruder.

Actually, information security is everyone’s responsibility. Even though IT personnel have tried the best to take any necessary measures for reducing risk of intrusion, including network security technology, network monitoring and regular maintenance, etc., the intruder can still attack the network through phishing scams. Therefore, users must have good awareness of information security. How much do you know about Information Security? Take our “Information Security Awareness Quiz” immediately and challenge yourself!

* Remark:

    1. Click the URL Information Security Awareness Quiz and login with your UMPASS;
    2. Click “Enrol me”;
    3. Choose to answer in Chinese or English;
    4. There are 6 groups of questions and each group contains 5 multiple choice questions. You can have unlimited trials and the quiz result is for your reference only.

Reference

Beware of Fake News. Avoid Spreading Rumors!

/in /by

At the end of 2019, an outbreak of  COVID-19 pneumonia occurred in Mainland. In Macao, the first case was also confirmed in January 2020, which caused widespread concern.

According to previous experience, when a critical incidence such as epidemic, serious natural disaster, accident, or social event occurs, there will be relevant fake news disseminated in different channels including email, social networking, and instant messaging, etc. It may also be used to initiate phishing attacks, which brings information security threats. Therefore, we would like to draw your attention on the below:

  • DO NOT arbitrarily believe unconfirmed news. It is recommended to refer to official news;
  • When receiving any information with URL link or attachment, DO NOT open it unless you are expecting it and absolutely certain that it is legitimate;
  • DO NOT arbitrarily forward unconfirmed news. If you spread fake news or rumor, you may violate the related laws of the relevant country or region.

Tips for Safety Use of Mobile Payment Tools

/in /by

In recent years, mobile payment has become so popular that you can simply pay with your mobile phone, which makes shopping easier and more convenient! However, at the same time, did you recognize the safety when using mobile payment? Here are some tips:

  • Be careful with your belongings and mobile phone. In addition to money loss, your bank card or mobile phone wallet may also be stolen. If your ID card is lost, your personal data may also be misused;
  • DO NOT overcharge your mobile phone wallet and avoid linking a bank account with large amount to your mobile phone wallet. DO set an appropriate transaction limit, check the transaction records regularly, and change account and transaction passwords regularly;
  • Avoid using public, unknown or unsecured networks for mobile payment transactions, and avoid exposing the screen with payment QR code;
  • Beware of phishing messages, especially those involving red-pocket, special offers, money transfer requests, passwords or personal information, you must confirm the authenticity of the sender in order to avoid any loss;
  • Protect mobile devices:
    • Protect your devices with password or fingerprint;
    • Turn on the “Find Me” function and wipe feature, to avoid data loss or being stolen;
    • Make sure the operating system and application, including anti-virus protection, are updated to the latest version;
    • Do not crack your mobile phone system and avoid downloading and installing software from untrusted sites;
  • Enable SIM pin. For most mobile payment account registration, password recovery, or some online transactions, you may need to use SMS for identity verification. Using SIM pin can reduce the probability of identity theft due to SIM card loss;
  • Use the licensed mobile payment service, carefully read the terms and conditions, understand the reporting loss procedure and stolen protection policy, etc.

In case you lose your phone, please stay calm and try to use the “Find Me” function and wipe feature to locate your phone, or remotely erase your data. In addition, if necessary, please report the loss to the related bank or service provider, for example, report the loss of bank card, SIM card, and suspend the mobile phone wallet account, etc.

Basic Knowledge of Online Safety and Security

/in /by

Shopping, surfing, banking, and gaming are some of the many actions performed each minute in cyberspace. However, phishing attack, identity theft, bullying and location tracking are coming along with these common everyday activities. Among the unlimited cyber threats, how can we reduce the risk from these cyber threats without abandoning our online activities? Here are some tips for you to stay secure while online.

  • Set up alerts. Consider setting up alerts on your financial accounts. Many banks provide account activity notifications, which keeps you in control of your account activities. Whenever a transaction meets or exceeds a designated spending limit, a message will be sent by email or SMS to let you know the account activity. These types of alerts are useful as they make you aware of what is going on with your account more immediately compared to monthly statements. When you receive an alert about a transaction that you did not authorize, you can reach out to the bank immediately. Don’t be late! Log on your online bank account to set up alerts for your accounts.
  • Keep devices and apps up to date. This general tip is useful even if you are just casually surfing the Internet. Keeping your devices up to date (including apps and operating systems) ensures you have the latest security fixes.
  • Be cautious about public WiFi hot spots. Avoid performing financial or other sensitive transactions while connected to public WiFi hot spots.
  • Personal information is like money: value it and protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Consider carefully whether it is necessary for the vendor to obtain such information. Remember that you only need to fill out the required fields at checkout.
  • Be vigilant. Be aware, there are many fake websites online trying to deceive valuable information from others. Make sure you are visiting a legitimate website by double-checking the URL website address to make sure it is spelled correctly. In addition, it is important to note that legitimate website usually has a padlock on the URL bar, and the URL will begin with “https://”.

As long as you keep the above security tips in mind, you can continue to stay online with peace of mind.

Information Security is everyone’s responsibility

/in /by

Did you know? In the recent years, there were different types of industry occurred data breach in the world, involving education institutions, airline companies, government departments, banking and financial institutions, e-commerce corporations, web service providers, etc. More than half of the breaches were caused by activities directly attributable to human errors, including lost devices, physical loss and unintended disclosure. These breaches were arguably preventable through basic information security protection safeguards.

  • What can you do everyday to protect data? No matter what types of industry you are working in, you may need to transmit, process, access, and share such varying data elements. There is not a “one size fits all” blueprint for information security controls that all industries can follow. Yet all members have a responsibility to know basic information security protections to safeguard data and prevent those data from being mishandled.
  • Understand where, how, and to whom you are sending data: Many breaches occur because of our careless where we accidentally post confidential information publicly, mishandle or send confidential information to the wrong party. Taking care to know how you are transmitting or posting data is critical.
  • Create complex and unique passwords: Use different passwords for different accounts, in particular those for handling confidential data.
    Enable two-factor authentication: Two-factor authentication can prevent unauthorized access even if your login credentials are stolen or lost.
  • Protect your devices: Besides using password lock, it is also recommended to use some biometric technologies to protect your smartphone and tablet. It is critical to keep curious minds from accessing personal information, work email, or retail/banking applications. It also helps to protect your device in case you lost or misplaced it.
  • Update your computing devices: Ensure the operating system, web browser, and applications on all your electronic devices are updated to the latest version.
  • Getting ready to send data to a vendor or sign a contract? In daily work, we are obligated to ensure that the University’s confidential information are properly protected, especially if we need to use an outsource service or a cloud service. If the service involves confidential information, you must consider the related information security technology before the project begins or signing the contract, which ensures the data is protected properly.

Reference

Are you ready to prevent Ransomware?

/in /by

Ransomware is a type of malicious software that encrypts the files on your computer and blocks the related information. Usually, user needs to pay a “ransom” or fee for the decryption key in order to decrypt and gain access to the files. Ransomware may spread to any shared networks or drives which your devices are connected. It is expected that increase number of ransomware attacks will occur in the future.

How will I get infected by Ransomware?
Common media for ransomware attacks include emails with malicious attachments or links to malicious websites. It is also possible to get an infection through instant messaging or texts with malicious links. Antivirus may not detect a malicious attachment, so it is important for you to be vigilant.

How can I protect myself against Ransomware?
There are two steps to protect yourself against ransomware:

  • Preparation   Back up your information regularly.Once a ransomware infection occurs, it is often too late to recover the encrypted information. Your research project or other important information may be lost permanently. For the PC which is provided by ICTO, there is a basic backup function for each user to prevent the lost of files from desktop and notebook computers which connecting to our campus network. For more details, please refer to “PC Data Backup“. Moreover, you can consider regularly performing extra backup for your important files to a location that you are not continuously connected to;
  • Identification   Ransomware typically appears as phishing emails, either with links to malicious websites or infected files attached. You might also see a ransomware attack perpetrated through a pop-up telling you that your computer is infected and asking you to click for a free scan. Another possible media is malvertising, such that malicious advertisement will be embedded in other normal websites to deceive users.

4 important things to “Ensure”

  • Ensure that your information is backed up regularly and properly. Because ransomware can encrypt the files on your computer and any connected drives, potentially including connected cloud drives such as Dropbox,as we just mentioned, it is important to back up your files regularly to a location that you are not continuously connected to;
  • Ensure that you are able to restore files from your backups. Users can periodically restore some of the files from the backup copies for verification;
  • Ensure that antivirus is up to date and functioning;
  • Ensure that you are keeping your system and mobile devices up to date with patches;

What should I do if I think I’m infected?

  • Report the ransomware attack to the related IT technical support immediately;
  • Isolate or shut down the infected computer. Disconnect it from WiFi network or unplug the network cable;
  • Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.

How to use Personal and Home Use Internet devices in a secure manner?

/in /by

In the modern IT era, there are a lot of individual and home use Internet-enabled devices, including smart phones, smart watches, home routers, electronic game consoles, and a variety of smart home devices. While bringing convenience to life, it may also bring certain information security risks. Therefore, we would like to provide some security tips for you to ensure that the devices you are using are assets, rather than burdens.

  • Make sure your computer program is up to date Keep updating the system and software programs of the device regularly. If the anti-malware program has been installed, it should be updated to avoid damage or infection by malware;
  • Secure your network The wireless network should be protected properly using WPA2 encryption, complex passwords, and the software of WiFi router at home should be updated regularly;
  • Learn more about your device Have a solid understanding on how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits;
  • Understand how to keep devices up to date Read the instructions carefully to understand all necessary safe use methods, including changing the default password and precautions;
  • Understand the data content being collected Some smart devices will collect data. Take some time to understand what information your connected devices collect and how the information is managed and used;
  • Know how your data is stored Smart devices will send and store the collected data on cloud. Therefore, users should be aware of where the data is stored and the security measures to protect personal data;
  • Do more studies Before adopting new smart devices, study and understand more about other users’ evaluation on the security and privacy of the devices and service provider.

Are you always ready to protect important data?

/in /by

With the increasing storage of data on computer devices, especially under the popularity of mobile devices such as smart phones, tablets and notebook computer, etc. their intrinsic value and portability are likely to be the targets of criminals. We would like to provide you with the below tips to protect your information to a certain extent in case your mobile device is stolen or lost.

  • Encrypt sensitive information. Add a layer of protection to your files by using the built-in encryption tools included on your computer’s operating system (e.g., BitLocker or FileVault).
  • Protect your mobile devices and backup data! Make sure that you have performed data backup for each device, and you can safely lock or wipe all data through remote operation whenever necessary. In addition, data backup can be used not only for data restoration, but also for identifying lost data accurately, facilitating reports and appropriate actions for data with security risks.
  • Never leave your devices unattended in a public place or office. Your device should not be exposed when it is left in the car, place it inside the cabinet. In addition, please be aware that the high temperature inside the car after parking may damage your device.
  • Protect your devices with password. By enabling passwords, PINs, fingerprint scans, or other forms of authentication, you can have more time to remotely wipe your device if it is stolen or lost. Also, do not enable the options that allow your computer to remember your passwords.
  • Put that shredder to work! Make sure to shred the documents with any personal, medical, financial, or other sensitive data before throwing them away.
  • Be smart about recycling or disposing of old computers and mobile devicesDestroy the data in your computer’s hard drive properly before disposing the old computers. Use the factory reset option on your mobile devices and erase or remove SIM and storage cards.
  • Verify app permissions. Don’t forget to review an app’s specifications and privacy permission before installing it!
  • Be cautious about public Wi-Fi hot spots. Avoid performing financial or other sensitive transactions while connected to public Wi-Fi hot spots.
  • Keep your software up to date. If the vendor releases updates for the software operating your device, install them as soon as possible, so that it can prevent attackers from being able to take advantage of the known problems or vulnerability.

In case your laptop or mobile device is lost or stolen, please consider to report to the police and keep the police report. If the lost device contained sensitive information of the University, staff or student information, please report the lost or situation to the University immediately, so that the related action can be taken as soon as possible.

2FA – Account Security under Your Control

/in /by

If someone steals your account password, is there a way for your not to worry about the account being stolen? It is actually easy! It can be easily implemented by using the two-factor authentication (2FA), which allows users to control their account login. Without user’s authorization, nobody can log into the account. It takes only a few minutes to complete the setup and it is easy to use, which is a simple and efficient measure.

  • How does it work? Once you have activated two-factor authentication on your account, whenever an account login with your password comes from a different device other than the one you have already permitted, an authorization check will come to your registered smart phone. Without your approval, a password thief can never get into your account.
  • Is it difficult to set up? 2FA has been widely applied and easy to use nowadays. Typically, you only need to install the 2FA app on your mobile phone and complete simple registration process, you can then authorize the account login when necessary.
  • Can I adjust the frequency of checking? Although some accounts are required to perform an authorization operation each time user logs in or performs a specific operation, in many cases, 2FA will provide some convenient features. For example, the default authorization feature, usually the user is not required to authorize again when logging in the browser of the same computer within the preset time after the first authorization operation is completed. However, DO NOT enable any default authorization feature on a public computer.
  • Which accounts should I protect with 2FA? In fact, it is recommended to initiate 2FA for all accounts as much as possible, and it is recommended to protect the following accounts first:
    • User account for work purpose, of course, you must comply with some data protection related laws and data protection policies, guidelines and procedures of your organization.
    • Financial accounts: Protect your money!
    • Online shopping accounts: Protect usage of your stored credit card information!
    • Social media accounts and email accounts: Protect your personal reputation in case your identity is compromised!

Reference

Are you always ready to protect your mobile devices?

/in /by

Mobile phones, tablets, and notebook computers have always provided us with the convenience of working anywhere, anytime, and at the same time brought some additional security risks. These mobile devices make storage and information access easy on one hand, but are easily lost or stolen on the other hand. Do you know what to do if your device is lost or stolen? Here are some information security tips for you:

  • Secure your devices. Use a password or fingerprint to secure your device to avoid unauthorized access;
  • Turn on the “Find Me” function. If your device has a “Find Me” as well as remote deactivation and wipe features, make sure they are enabled to avoid data loss or being stolen.
  • Protect your data. Perform data backup regularly and consider enabling encryption feature for your device; (Please refer to “Data loss happens all the time. Do you have a data backup plan?“)
  • Update any software, including anti-virus protection, to make sure you are running the most secure version available. Avoid downloading and installing software from unknown sites;
  • Do not ignore the physical security measures of the devices.
    • Cover the camera of your laptop or mobile device to protect your privacy if necessary;
    • Label you devices with basic contact information in case they are lost;
    • Write it down! Record the manufacturer, model, serial numbers of your mobile devices, contact information that can provide support;
    • In case your device is stolen, please consider reporting to police and keep the police report as well.

Reference