Protect Personal Information, Stay Away from Hackers

Release Date: 4 Jan 2018 2432 Views

HKCERT noted that there was a reported case that another hacking of the enterprise system, theft of customer information and ransomed by hacker.

 
HKCERT reminds enterprises that, besides financial data, personal data is also a target of attackers. Enterprises need to ensure the security and proper protection of such data should be in place. Data leakage protection measurement could be divided into three approaches:
 
1. Protect Data
  • Data encryption;
  • Regular data backup and ensure offline backup available;
 
2. Strengthen the System and Data Access Protection
  • Deploy server security patching regularly;
  • Restrict on authorized account and use of the least privilege principle;
  • Protect the administrator's login interface and system remote access services (such as RDP port 3389 and TeamViewer port 5938). It is recommended to use Two Factor Authentication to protect the connection;
  • Use Application Firewall to protect websites and database servers;
  • Periodic perform penetration Test and/or vulnerability scan;
 
3. Strengthen the System Security Design
  • Verify and validate user input in web application;
  • Place the web server and database server separately, the database server should be located on the internal network and only accept access from the internal network; and
  • Protect intranet computers to avoid becoming hackers' backdoors.
 
Another reference:
Six Data Protection Principles from PCPD

Share with

Previous

Favourite Security Reads of the Week (29 Dec 2017)

29 Dec 2017 1589 Views

Next

Favourite Security Reads of the Week (5 Jan 2018)

5 Jan 2018 1600 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY