Cyber threats landscape continues to evolve, it is crucial for all of us to stay vigilant and proactive in safeguarding information asset.
Ransomware is a type of malicious software that encrypts files on a victim's computer or network, rendering them inaccessible until a ransom is paid to the attacker. These attacks can have severe consequences, including financial losses, reputational damage, and operational disruptions. A recent security incident of ransomware attacks in Hong Kong reminded us.
To mitigate the risks of ransomware attacks, departmental system administrators and end users need to step up preventive measures and strengthen security by referencing to the following best practices.
System administrators
- Keep monitoring the security advisories issued by product vendors and ensure that the latest security patches are applied to systems software and application software in a timely manner;
- Only collect and store information essential for operations and ensure that data is properly disposed of when no longer needed;
- Use strong passwords and change them regularly to reduce the risk of stolen accounts. Enable multi-factor authentication for remote access outside campus using administrators accounts;
- Apply appropriate security hardening measures to all devices used to access business systems. Devices joined PolyU domain using standard software image which factored in required security hardening and end- point defense protection should be used at all times for on and off campus access to internal business applications;
- Conduct periodic backup (with regular restore drill) to ensure rapid and full recovery in case of ransomware infection. Department business applications that leverage University Cloud Database as a Service (DaaS) will, by default, be covered on this aspect where multiple copies of snapshot backup are kept.
End users
- Avoid giving responses, opening attachments or clicking links in unsolicited and suspicious external messages;
- Avoid downloading and opening files from websites which are not confirmed to be credible;
- Encrypt files holding sensitive information with password-protect when uploading them to shared network drive;
- Verify the identity of social media message sender who claims to be your colleague through alternate channels, if in doubt, always call the colleague directly before sharing internal information via social media;
- Reach out to IT HelpCentre (2766 5900) or submit your request via IT ServiceDesk if further assistance is needed.