Information Security in Schools

Time:  2:30pm -4:00 pm
Speakers: Mr Mat YUEN, Detective Inspector of Police, E-Security Audit and Incident Response Team 1, Cyber Security Division, Cyber Security and Technology Crime Bureau, Hong Kong Police Force, Mr KAM Wai-ming,Stanley, Chairman of Hong Kong Association of Computer Education and Mr KAN Wai-hung, Committee Member of Hong Kong Association of Computer
Participant Group: All principals and teachers in secondary, primary and special schools
Speaker's presentation slides are as follows:
Presentation by HKACE

Schools may refer to the following government departments / organisations' webpages to know more about security measures in using Zoom:

• 10 measures to secure Zoom meetings by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
• GovCERT.HK Weekly IT Security News Bulletin (16 March 2020 – 22 March 2020) - Mind the risks of virtual meeting
• Media statement on Zoom data security incident by the Office of the Privacy Commissioner for Personal Data (PCPD)
• "Zoom" security setting and user suggestions (Desktop Version) by the Hong Kong Police Force (HKPF)
• "Zoom" security setting and user suggestions (Mobile Version) by the Hong Kong Police Force (HKPF)

Build a Secure Cyberspace 2020 "Cyber Security Challenges in the Pandemic" Webinar is jointly organised by the Hong Kong Computer Emergency Response Team Coordination Centre, the Office of the Government Chief Information Officer and the Hong Kong Police Force. In order to prevent the spread of coronavirus, organisations including government, enterprises and schools, ramp up remote working and e-learning. The webinar will invite information security experts to share their experiences and advice on the prevention of related internet security risks associated with remote working and e-learning. The above webinar will be conducted at 2:30 pm on 8 May 2020. For details, please refer to the attachment or the website at the following link: https://www.hkcert.org/my_url/en/event/20050801, you can also complete the registration form (download here) and return it by fax to 2190 9784 or by email to event@hkcert.org.

Date : 8 May 2020 (Fri)

Time : 2:30 pm - 5:30 pm

Venue :  Webinar – Participant shall prepare his/her own electronic device (e.g. Desktop, Notebook or Mobile, etc.) with Internet access.

This seminar aims to enhance the schools’ awareness on cyber security and the importance of regular vulnerability assessment in schools.

Date : 13 Jan 2019 (Mon)

Time : 9:30 am - 12:00 am

Venue : W301, 3/F, West Block, EDB Kowloon Tong Education Services Centre, 19 Suffolk Road, Kowloon Tong(Exit E, Kowloon Tong MTR Station)

Speaker's presentation slides are as follows:

Presentation by HKT

Presentation by eLC

Presentation by PCPD

Presentation by CISCO

Presentation by HKIRC

Presentation by HKCERT

Presentation by HP

This seminar aims to enhance the schools’ awareness and knowledge of information security management and incident handling issues.

Date : 09 Dec 2019 (Mon)

Time : 2:00 pm - 5:00 pm

Venue : WB, 4/F, West Block, EDB Kowloon Tong Education Services Centre, 19 Suffolk Road, Kowloon Tong (Exit E, Kowloon Tong MTR Station)

Speaker's presentation slides are as follows:

Presentation by EDB ITE Section

Presentation by HKCERT

Presentation by HKACE

Presentation by AiTLE

Presentation by HKEdCity

This seminar aims to enhance the schools’ awareness and knowledge of information security management and incident handling issues. 

Date : 25 Sept 2019 (Wed)

Time : 14:30 - 17:30

Venue : WP01, Podium, West Block, EDB Kowloon Tong Education Services Centre, 19 Suffolk Road, Kowloon Tong (Exit E, Kowloon Tong MTR Station)

Speaker's presentation slides are as follows:

Presentation by HKCERT

Presentation by HKACE

Presentation by AiTLE

Presentation by HKEdCity

Presentation by EDB ITE Section

This document is written for schools’ reference in protecting their information and IT assets when implementing e-learning. Schools are responsible for taking appropriate IT security measures to protect the IT systems and data of their schools. This document recommends common practices on IT security for reference by the schools. Schools may determine on their own requirements and adopt the practices applicable to their own environment. The practices recommended in this document are by no means exhaustive. Schools may also make reference to other IT security measures, such as those listed in the Chapter 12 "Resources of Reference on IT Security" of this document, to protect their IT assets.

Information Security in Schools - Recommended Practice (Sept 2019)

EDB ITE Section issued an EDB Circular Memorandum No. 71/2019 on Build a Secure Cyberspace 2019 "We Together! Secure Data!" Poster Design Contest [EDBCM No.071/2019]

The purpose of this circular memorandum is to inform heads of primary and secondary schools of the Build a Secure Cyberspace 2019 "We Together! Secure Data!" Poster Design Contest. All students and teachers of the schools are invited to participate in the captioned activity.

Build a Secure Cyberspace 2019 "Phishing scams? No more!" Seminar is jointly organised by the Hong Kong Computer Emergency Response Team Coordination Centre, the Office of the Government Chief Information Officer and the Hong Kong Police Force. In recent years, there is a rising trend in Internet scams and personal information leakage incidents. To avoid falling victim to these cyber-attacks, it is very important to understand how to protect personal privacy and data assets. The seminar will invite information security experts to share their experiences on this subject. For details, please refer to the attachment or the web site at the following link: https://www.hkcert.org/my_url/en/event/19050301

Date : 3 May 2019 (Fri)

Time : 2:30 pm - 5:30 pm

Venue : Lecture Theatre, Hong Kong Central Library, 66 Causeway Road, Causeway Bay, Hong Kong

Audience : SMEs, Schools, NGO, IT Professionals and General Public

Language : Cantonese

Charge : Free (Pre-registration is required.)

This seminar aims to enhance the schools' awareness and knowledge on information and network security issues. Information of the seminar are as follows:

Date : 15 Jan 2019 (Tue)

Time : 9:30 am - 12:30 nn

Venue : Lecture Theatre, 4/F, West Block, Kowloon Tong Education Services Centre, 19 Suffolk Road, Kowloon Tong

Speaker's presentation slides are as follows:

Presentation by AiTLE (Chinese Only)

Presentation by HKSKH Bishop Hall Secondary School

Presentation by HKCERT

Presentation by HKPF*

Presentation by EDB ITE Section

* Presentation slides by HKPF could not be provided.

EDB ITE Section issued an EDB Circular Memorandum No.164/2018 on "Cyber Security Campaign – Smart Devices Security" [EDBCM No.164/2018]

The purpose of this circular memorandum is to inform heads of schools about the launch of the "Cyber Security Campaign – Smart Devices Security" organised by the Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force (HKPF), and the distribution of the relevant posters and leaflets on the Campaign.

Cyber Security Campaign - Hong Kong Police Force Official Website

EDB ITE Section issued an EDB Circular Memorandum No.101/2018 on "Build a Secure Cyberspace 2018 'Stay Smart, Keep Cyber Scam Away' Video Ad Contest" [EDBCM No.101/2018]

The purpose of this circular memorandum is to inform heads of primary and secondary schools of the Build a Secure Cyberspace 2018"Stay Smart, Keep Cyber Scam Away" Video Ad Contest. All students and teachers of the schools are invited to participate in the captioned activity.

"No More Ransom" Project Website

"No More Ransom" Project Website & Leaflet by HKPF

This seminar aims to arouse the schools' awareness and knowledge on information and cyber security issues. Information of the seminar are as follows:

Date : 2 June 2018 (Sat)

Time : 9:30 am - 12:30 nn

Venue : Lecture Theatre, 4/F, West Block, Kowloon Tong Education Services Centre, 19 Suffolk Road, Kowloon Tong

Speaker's presentation slides are as follows:

• Presentation by EDB ITE Section 
• Presentation by PISA 
• Presentation by HKCERT  
• Presentation by HKPF*
• Presentation by WebOrganic  
• Presentation by HKITF*

*Remark: Presentation slides by HKPF & HKITF could not be provided.

EDB ITE Section issued an EDB Circular Memorandum No. 92/2018 on "Cyber Security Campaign (Phase Two)" [EDBCM No.092/2018]

The purpose of this circular memorandum is to inform heads of schools about the launch of "Cyber Security Campaign (Phase Two)" organised by the Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force (HKPF), and the distribution of poster and leaflet on the campaign.

1) Safety centre on "Keep Your Website Safe" (useful information on how to protect websites and secure the data)

2) "HTTPS and Website Security" (Leaflet)

3) "Secure Your Website, Be a Smart Website Owner" (Leaflet) 

For schools that would like to learn more about CSIP and their services, they can approach OGCIO's School Visit programme. The details are available at: https://www.cybersecurity.hk/en/school-visit.php

Google has announced that starting with the release of Chrome 68 in July 2018, its Chrome browser will mark all HTTP sites as "not secure". Any websites if staying at HTTP will be viewed by Chrome users as not secure. In this connection, you may wish to turn your school’s websites/web applications, in particular those Internet-facing, into HTTPS timely in order to avoid undesirable consequences such as worries and queries of students, parents, media and public. Google’s announcement could be found at the following website:

https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

https://www.infosec.gov.hk/en

https://www.ogcio.gov.hk/en/our_work/regulation/eto/ordinance/ca_in_hk/

https://www.infosec.gov.hk/en/best-practices/business/securing-web-application

https://tcs.edb.gov.hk/tcs/admin/courses/previewCourse/forPortal.htm?courseId=EI0020180236&lang=en

AiTLE is working with a number of stakeholders, including HKPF, Cisco, Microsoft and EDB, to organise a seminar on strengthening school information security & data protection. Information of the seminar are as follows:

Date : 28 November 2017 (Tuesday)

Time : 9:30 am - 12:30 nn

Venue : Lecture Theatre, 4/F, West Block, Kowloon Tong Education Services Centre, 19 Suffolk Road, Kowloon Tong

Date : 29 November 2017 (Wednesday)

Time : 2:30 pm - 5:30 pm

Venue : Hall, SKH Saint Benedict's School, 11 Lam Chung Ave, Choi Hung Estate, Kowloon

• Presentation by AiTLE
• Presentation by EDB ITE Section
• Presentation by EDB ITMD
• Presentation by HKPF*
• Presentation by Speedy Group
• Presentation by Speedy Group (Video)
• Presentation by Cisco 20171128
• Presentation by Cisco 20171129
• Presentation by Microsoft

*Remark: Presentation slides by HKPF could not be provided.

We notice that there have been reports of Crysis/Dharma ransomware attacks through RDP recently in Hong Kong, resulting in data being encrypted and inaccessible. TSS are advised to review and take the following preventive measures to protect the computers of your school from ransomware attacks:

(a) Block RDP protocol access from the Internet. If remote access from the Internet is unavoidable, additional protection (such as VPN and multiple-factor authentication for the access) should be applied;

(b) Restrict the use of RDP in computers;

(c) Apply the least privilege principle to the account(s) that can remotely access the computer. Do not grant the administrator right unless necessary;

(d) Use strong passwords and change password frequently;

(e) Implement account lockout policy to lock out account after a set number of failed login attempts;

(f) Restrict only specific IP(s) to access the RDP-enabled computers; and

(g) Limit the time period allowed for remote connection.

Reference:

Secure the Remote Desktop Services (RDP) for Preventing Ransomware Attack!

https://www.hkcert.org/my_url/en/blog/17110901

CrySIS/Dharma-variant .arena Ransomware Encrypts Victim Data

https://www.hkcert.org/my_url/en/alert/17102401

A new variant of ransomware known as "Bad Rabbit" – delivers through a compromised website, tricking a user to download and install a seemingly legitimate but malicious software to infect a computer. It can spread through other vulnerable computers in the same network by using the same technique as PetrWrap (i.e. leverage of the legitimate Windows Management Instrumentation (WMI) service). Users/ Administrators are advised to review and take the following preventive measures to protect the computers of your school from ransomware attacks :

1. To protect your computer against the ransomware attacks, every computer user should take the following actions:

(a) Backup important data frequently and keep the backup data disconnected from the computer;

(b) Use strong passwords and change the passwords regularly;

(c) Do not open any suspicious emails, attachments and hyperlinks;

(d) Refrain from visiting suspicious websites or downloading any files from them; and

(e) Check and keep your anti-malware program and signatures up-to-date.

2. For network/system administrators, the following preventive measures are advised:

(a) Disable WMI services on computers if they are not necessary for the users;

(b) Block RDP protocol access from the Internet if the access is not necessary; otherwise, apply additional protection, such as VPN and multiple-factor authentication for the access;

(c) Ensure timely patching of computer systems against known vulnerabilities; and

(d) Avoid granting administrative privileges to end users.

3. In case a computer is infected, users should take the following IMMEDIATE actions:

(a) Disconnect the network cable of the computer to avoid affecting network drives and other computers; and

(b) Power off the computer to stop the ransomware from encrypting more files.

Please refer to the HKCERT alert at URL: https://www.hkcert.org/my_url/en/blog/17102501 to take measures to prevent your network from infection and data loss.

1. A new variant of ransomware known as "WannaCry" (WannaCrypt) is spreading quickly, through a Windows SMB vulnerability (EternalBlue and DoublePulsar). HKCERT was aware that there is a widespread overseas and advised to adopt the attached precaution measures.

(Click here to download the precaution measures in both Chinese and English)

2. AiTLE is working with a number of stakeholders, including HKCERT, Microsoft and EDB, to organise a seminar on tackling ransomware for schools. 

Information of the seminar are as follows:

Date : 17 May 2017 (Wednesday)

Time : 5:00 pm - 7:00 pm

Venue : Lecture Theatre, 4/F, West Block, Kowloon Tong Education Services Centre, 19 Suffolk Road, Kowloon Tong

Speaker's presentaion slides and notes are as follows: 

• Presentation by AiTLE
• Presentation by ITE Section of EDB
• Presentation by ITMD of EDB
• Presentation by HKCERT
• Presentation by Microsoft
• Presentation by Speedy Group
• Notes by Speedy Group

3. In order to raise public awareness on information and cyber security, the OGCIO recently produced two infographics titled as "Beware of Ransomware Infection" and "Secure Your Home Network Devices" which help to remind your teachers and students to take necessary precautions against ransomware attacks. Schools may download the softcopy of the two infographics from the website at http://www.cybersecurity.hk/tc/resources.php.

4. For recommended practices for information security in schools, please refer Information Security in Schools - Recommended Practice.

5. Should you have any enquiries regarding handling the issue, please contact the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) by e-mail to hkcert@hkcert.org or by phone on 8105 6060. Besides, you are welcome to contact our technical advisory team at 3698 3594 / 3698 3574 / 3698 3566 / 3698 4148.

Ransomware hits mobile devices and is on the rise. An information security vendor detected 2 896 mobile ransomware programs in Q1 2016, which is 1.4 times of the figure in Q4 2015. The trend is that ransomware attacks keep growing at personal computers (PCs) while spreading rapidly to mobile devices. Facing the trend, every government mobile device user and administrator shall be well aware of the threats and take actions to protect their mobile devices, in addition to protecting their PCs.

Ransomware Threats to Mobile Devices

Similar to the threats to PCs, ransomware locks down mobile devices or encrypts data stored in and connected to the devices to defy user access. Payments are then demanded from the users to release the access. Mobile devices could get infected with ransomware in the following ways:

• Download and install mobile apps that are embedded with ransomware;
• Open attachments or click links in phishing emails;
• Click malicious links in or open specially crafted SMS, MMS and instant messages; or
• Click on a compromised website to trigger a "drive-by" download of ransomware.

Impact

Once ransomware infects a mobile device, it sends a fingerprint of the ransomware app, the IMEI or the device’s phone number to a command and control (C&C) server. The C&C server sends back an encryption key for the particular device by which the device can be locked or files on the device can be encrypted. The user would suffer from total denial of access to the mobile device until a factory reset is taken but all data would be lost unless timely backup is available.

Recommended Actions

Users and administrators should take the following preventive measures:

The administrative interface (or admin interface) of a system is a usual point of attack by intruders who intend to gain administrator privilege for taking total control of the target system. Exposing the admin interface to the Internet is therefore a risky option. All administrators of Internet-facing systems shall take actions to protect their systems against unauthorised administrative access. The following actions are recommended:

(a) Minimise exposure of the admin interface to the Internet

Remote administration through the Internet is generally of higher risk than through the trusted internal network or local console administration. Some admin interfaces may be enabled by default configurations. The administrators should:

• Examine if any admin interface is enabled and accessible from the Internet; and
• Disable the admin interface from Internet access if not needed.

(b) Step up protection of the admin interface with operational needs

If the operational needs justify the Internet-accessible admin interface, the administrator should step up protection of the access as suggested:

• Deploy a virtual private network (VPN), such as SSL-VPN for accessing the admin interface;
• Enforce a strong password policy, such as password complexity, lockout after retries and password aging, or even a two-factor authentication against brute-force password attacks;
• Restrict only specific host IP addresses for accessing the admin interface and time-limit the access;
• Rename or revoke default accounts of the admin interface system;
• Enforce the principles of least privilege and segregation of duties; and
• Regularly monitor the access or account activities on admin accounts.

You are strongly advised to consult and liaise with the technical support of the system(s) operated by your School to review the relevant system and take necessary actions to enhance protection of administrative interface as appropriate.

As informed by OGCIO, there are reports that the vulnerability in Adobe Flash Player is being exploited to spread ransomware. Please ensure the Adobe Flash Player and other software, in particular the Anti-virus software, installed at your desktop and notebook computers, are always updated with the latest version. You may wish to go to the official page of Flash Player (https://helpx.adobe.com/flash-player.html) and click "Check Now" button in Step 1 at the above link to check whether the Adobe Flash Player installed at your computer is the latest version. If not, please follow the instructions to download the latest version of Flash Player in Step 2.

Recently, there are public concerns over IT security in schools, in particular ransomware intrusion via emails. On opening attachments or hyperlinks from fake emails, users may get their workstations infected with the ransomware programs which will encrypt files in their local folders as well as network shared folders that they can gain access to. Hackers will then ask for ransom money for providing a key to decrypt the files. Users would no longer be able to read/open the encrypted files without a decryption key, and the way to salvage the files is to recover them from offline backup. As currently anti-virus software may not be able to detect such intrusion, prevention is of utmost importance. You may wish to know that IT in Education Section has prepared the "IT Security in Schools - Recommended Practice" to help schools handle their general security matters. The document is available on our website (http://www.edb.gov.hk/ited/wifi900) and also attached below for your reference.

In relation to the latest ransomware case, schools are advised to take following suggested actions:

(a) BACKUP important data frequently and keep the backup data disconnected from the computer;

(b) DISABLE macros for Microsoft Word, Excel and other office applications by default;

(c) DO NOT open any suspicious emails, attachments and hyperlinks;

(d) REFRAIN from visiting suspicious websites or downloading any files from them;

(e) CHECK and KEEP your anti-malware program and signatures are up-to-date;

(f) INSTALL the latest patches for software in use;

(g) DO NOT connect unauthorised computer resources, including those privately-owned removable storage media, to computers; and

In case of suspected infection:

(a) DISCONNECT the network cable of the computer to avoid affecting network drives and other computers;

(b) POWER OFF the computer to stop the ransomware encrypting more files;

(c) JOT DOWN what have been accessed (such as programs, files, emails and websites) before discovering the issue; and

(d) REPORT the case to relevant personnel / organisation, such as ICT coordinator in school, HKCERT, HK Police, etc.