HKCert
Security Blog

Protect Personal Information, Stay Away from Hackers

Release Date: 04 / 01 / 2018
Last Update: 04 / 01 / 2018

HKCERT noted that there was a reported case that another hacking of the enterprise system, theft of customer information and ransomed by hacker.

 
HKCERT reminds enterprises that, besides financial data, personal data is also a target of attackers. Enterprises need to ensure the security and proper protection of such data should be in place. Data leakage protection measurement could be divided into three approaches:
 
1. Protect Data
  • Data encryption;
  • Regular data backup and ensure offline backup available;
 
2. Strengthen the System and Data Access Protection
  • Deploy server security patching regularly;
  • Restrict on authorized account and use of the least privilege principle;
  • Protect the administrator's login interface and system remote access services (such as RDP port 3389 and TeamViewer port 5938). It is recommended to use Two Factor Authentication to protect the connection;
  • Use Application Firewall to protect websites and database servers;
  • Periodic perform penetration Test and/or vulnerability scan;
 
3. Strengthen the System Security Design
  • Verify and validate user input in web application;
  • Place the web server and database server separately, the database server should be located on the internal network and only accept access from the internal network; and
  • Protect intranet computers to avoid becoming hackers' backdoors.
 
Another reference:
Six Data Protection Principles from PCPD