Over the past year, cyber attacks have continued to pose huge challenges to the higher education sector. HKUST has spent a great deal of effort to cope with it by continuously strengthening cybersecurity standards as well as promoting relevant knowledge and awareness among end users.
Current Focuses
The following shows some of our current focuses:
Web Application Security
Poorly programmed web applications can result in unexpected theft of confidential data. ITSC is strengthening the security standards of the departmental developed web applications by:
elevating the awareness of site administrators and campus software developers through training;
providing a Web Application Security Health Check service to ensure that campus web applications meet basic cybersecurity requirement;
providing a Web Application Registration System so that departmental web applications can be better protected in a preventive manner;
enhancing our campus firewall device to protect against web specific attacks.
Confidential data should normally not be stored in desktop computers. But if this is unavoidable, they must be protected as much as possible using data encryption technology. ITSC has acquired a software tool called Sophos which can facilitate the encryption of data files on desktop.
More details can be found at http://itsc.ust.hk/services/it-security/security-awareness/protecting-your-data.
Email Phishing
We continue to receive lot of targeted phishing emails attempting to steal users’ passwords. These emails became even more sophisticated and it is not easy to differentiate them from a legitimate email sent by ITSC. If you do not want to be the next victim, visit our new email phishing web site to learn the characteristics of these phishing emails.
More details can be found at http://itsc.ust.hk/services/it-security/phishing.
Mobile Security
With the proliferation of mobile device, cybersecurity becomes a concern for most people. Do you know what are the proper steps if you lose your mobile? ITSC has a new web site for users to understand the risk. We will also provide F-secure for mobile for you to protect your Android device. Two mobile security trainings will be held in Sep and Oct.
More details available at http://itsc.ust.hk/services/it-security/campus/mobile-security.
Past Reminders
Last but not least, the followings are some friendly reminders related to some past cybersecurity issues, incidents and events:
Window XP End of Life
Microsoft announced the end of life of this legacy operating system in Apr. You should have either replaced the system, or have applied the workaround to protect it. Keeping this unpatched system running will pose significant security risk to the campus network and these machines may be blocked from network access by ITSC without prior notice.
More details available at http://itsc.ust.hk/services/it-security/campus/windows-xp-office-2003-end-of-support.
F-secure 11 Anti-Virus
The F-secure 11 client security premium for Microsoft windows has added advanced security features like automatic patching. You should upgrade to this new version if you haven’t done so. Note that F-secure is now also available for Macintosh and mobile Android device.
More details available at https://lists.ust.hk/itsc/mailinglist/archive/allstaff/msg05708.html.
Virtual Private Network (VPN) and Remote Desktop Service
ITSC announced the blocking of off-campus remote desktop to administrative networks early this year with the aims of strengthening campus network security. This blocking will be extended to other academic office network soon. You are advised to try out our VPN service so that you won’t be affected by this blocking.
More details available at https://lists.ust.hk/itsc/mailinglist/archive/allstaff/msg05433.html.
Cybersecurity Training on Campus
People is an important component of cybersecurity. ITSC has arranged training sessions targeting users of different background, including administrative colleagues, executive and technical staff. Below is the list of training sessions conducted in the past year. Course details and the Powerpoint materials can be found at http://itsc.ust.hk/services/general-it-services/training/past-training-resources:
Introduction to IT Security and Desktop PC Protection (2 sessions)
Updates on Cybersecurity Trends and Practices (2 sessions)
Technical Updates on Cybersecurity Skills (3 sessions)
Education campaign on Personal Data Privacy Protection (1 session)
Updates on Cybersecurity in Higher Education Environment and Practical Tips for Executives (3 sessions)
Introduction of Data Encryption (2 sessions)
Securing Remote Desktop Access With VPN (1 session)
Web Application Security for Developers (1 session)
Web Application Security for Administrators (1 session)
Data Encryption Tool Can Protect Your Data in the Worst Scenario
