+

Shop Safe Online Tips!

/in /by

The holiday season is the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. When you go to the grocery store or local shop, it’s habit to grab your reusable bags, and make sure you’ve safely put away your credit card or cash before heading home with the day’s purchases. Similar precautions need to be taken when you’re shopping online from the comfort of your own home. If you make these simple precautions regular online shopping habits, you’ll be protecting your purchases and personal information.

These basic steps so you’ll be ready to online shopping safely and securely. (including online ticketing, airline booking, hotel reservation, etc.)

  • Keep update machines. Before searching for that perfect gift, be sure that all connected devices—including PCs, smart phones, and tablets—are free from malware and infections by running only the most current versions of software and apps.
  • Shop reliable websites online. Use the sites of retailers you trust. If it sounds too good to be true, it probably is!
  • Conduct research. When using a new website for your online shopping, read reviews and see if other customers have had a positive or negative experience with the site.
  • Personal information is like money: value it and protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.
  • Check the address bar. Look for the padlock icon and https:// in the URL before using your credit card online. If using a mobile app, you must use an official app.

Don’t Let a Phishing Scam Reel You In

/in /by

Cybercriminals use phishing—a type of social engineering—to manipulate people into doing what they want. Social engineering is at the heart of all phishing attacks, especially those conducted via email. Technology makes phishing easy. Setting up and operating a phishing attack is fast, inexpensive, and low risk: any cybercriminal with an email address can launch one.
According to Verizon’s 2018 Data Breach Investigations Report, the education sector saw a rise in social engineering–based attacks. Students, staff, and faculty all suffered losses when personal data and research were disclosed to unauthorized parties. Phishing played a part in more than 40% of these breaches. Knowing what you’re up against can help you be more secure. Here are a few things you can do to guard against phishing attacks:

  • Limit what you share online. The less you share about yourself, the smaller the target you are for a phishing attack. Cybercriminals use information you post online to learn how to gain your trust.
  • Protect your credentials. No legitimate organization or department  will ask for your user ID and password or other personal information via email. ICTO definitely won’t. Still not sure if the email is a phish? Contact ICTO Help desk.
  • Beware of attachments. Email attachments are the most common vector for malicious software. When you get a message with an attachment, don’t open it—unless you are expecting it and are absolutely certain it is legitimate.
  • Confirm identities. Phishing messages can look official. Cybercriminals steal organization and company identities, including logos and URLs that are close to the links they’re trying to imitate. There’s nothing to stop them from impersonating University, financial institutions, retailers, and a wide range of other service providers. If you get a suspicious message that claims to be from an organization, use your browser to manually locate the organization online and contact them via their website, email, or telephone number.
  • Check the sender. Check the sender’s email address. Any correspondence from an organization should come from an organizational email address. A notice from your college or university is unlikely to come from @.
  • Take your time. If a message states that you must act immediately or lose access, do not comply. Phishing attempts frequently threaten a loss of service unless you do something. Cybercriminals want you to react without thinking; an urgent call to action makes you more likely to cooperate.
  • Don’t click links in suspicious messages. If you don’t trust the email (or text message), don’t trust the links in it either. Beware of links that are hidden by unknown URL shorteners or text like “Click Here.” They may link to a phishing site or a form designed to steal your user ID and password.

Reference

How can I identify a phishing, fake email and websites?

Data loss happens all the time. Do you have a data backup plan?

/in /by

Among the information security measures, having a good backup plan is very important. Actually, the only way to protect yourself against valuable data loss is through regular backups. Ideally, backup of important files should be done at least once a week, or every day, depending on how critical they are to you.

Occasionally, we notice the incidents about losing important documents or valuable family photos due to the hard disk crashed or mobile phone misplaced. In addition, you might be the victim of ransomware or any malicious attacks, which causes you to reinstall the computer with no choices and give up the data stored in the computer. Currently, the computers provided by ICTO are installed with automatic backup programs by default. However, for some computers which were not provided by ICTO, it is easy to be neglected about data backup. Therefore, in order to make it easy for you to develop a safe and reliable backup solution, here are some tips which may help you:

  • Data loss happens all the time, but it is entirely preventable. You just need to create a backup plan;
  • Your critical data should never be stored in a single location;
  • The ideal backup solution will typically include both a cloud based backup (e.g. Cloud Drive and Cloud Backup Service) and an offline backup utility (e.g., external hard drives, flash drives) to ensure your data is secure no matter what happens to your mobile device or computer;
  • Choosing a backup software with simple operations and automatic backups function will take you less time to set up and maintain;
  • Regularly test your backup solution to ensure you can recover your data in the event that you do actually need to restore from a backup.

Besides computers, it is also necessary to conduct data backup for mobile devices. Currently, popular mobile devices usually provide built-in data backup features. For more details, you can refer to the official information of your mobile device. In case of choosing a cloud service, you must consider a secure and reliable service provider, no matter it is a free or paid service. In addition, most cloud service providers have data centers in different regions, and most of them will be located outside Macao. In case of using cloud services that involve the storage of sensitive data, it is important to consider whether they comply with relevant University policies and local laws and regulations. *1,2,3,4,5,6,7

* Reference

  1. Office for Personal Data Protection, Macao
  2. Personal Data Protection Act, Macao
  3. Privacy Policy, UM
  4. Guidelines for Handling Confidential Information, UM
  5. What you need to know about EU General Data Protection Regulation?
  6. How can I identify a phishing, fake email and websites?
  7. Data Privacy in an Era of Compliance

What you need to know about EU General Data Protection Regulation

/in /by

The General Data Protection Regulations, EU (GDPR) has been effective since 25 May, 2018. If involve the collection and processing of personal information from European Union. Besides complying to the University policies and the existing local laws and regulations, the related responsible unit must consider if the new EU regulation is applicable. In case of using third-party services, the related policies, laws and regulations must be considered if applicable. For details, please refer to the official website of EU-GDPR and the Macao Personal Data Protection Office Leaflet (Chinese version)