Cyber/Internet Security Awareness

Dear Staff and Students

The frequency and complexity of cyber attacks is increasing globally and this calls for increased security awareness and adherence to security standards and best practice procedures put in place. Although most of these attacks are happening in the developed world,attackers are increasingly taking advantage of African users due to lack of wide-spread cyber security awareness on the continent. DICTS is closely following these security trends and working closely with the Computer Emergency Response Team at the National Information Technology
Authority- Uganda (NITA-U) to keep users informed on how to best protect both personal and University ICT resources. This being a research institution that generates a lot of data,it's important that each user plays their role in protecting both their personal and University ICT resources from intrusion by unauthorized personnel and cyber-related attacks.

This year,there has been an increase in the number of destructive ransom-ware variants such as;

1. Locky https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/

2. Samas https://www.sagedatasecurity.com/blog/msil-samas.a-ransomware-advisory and

3. Mamba https://nakedsecurity.sophos.com/2016/09/27/mamba-ransomware-strikes-at-your-whole-disk-not-just-your-files/

which infect computers belonging to individuals and businesses.
Ransom-ware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it!
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting/recovering files does not mean the malware infection itself has been removed.

WHAT SHOULD USERS DO?

It is recommended that users and administrators take the following preventive measures to protect their computer networks from ransomware
infection:

1)For Systems Administrators: Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransom-ware; critical backups should be isolated from the network for optimum protection.

 For the regular end-user: Make sure the data on your computer is backed-up either on an external hard-drive or preferably on the cloud using some cloud storage solution such as

Dropbox (https://www.dropbox.com/login?src=logout),

Google Drive (https://www.google.com/drive/) ,

One Drive (https://onedrive.live.com/about/en-gb/) etc. This will enable you to recover your documents should something go wrong with your computer.Please remember to backup your emails too.

2) Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.

3) Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.Please visit http://viruscheck.mak.ac.ug/ to download the University security solution.

 Follow the links below for:

(i)   Information on safe handling of email attachments
https://answers.mak.ac.ug/security/recognizing-email-scams
(ii)  Good Security habits
https://answers.mak.ac.ug/security/good-security-habits
(iii) Safeguarding your data
https://answers.mak.ac.ug/security/safeguarding-your-data

4) Do not follow unsolicited Web links in emails. Follow the link below for tips on avoiding Social Engineering and Phishing Attacks https://answers.mak.ac.ug/security/avoiding-social-engineering-and-phishing-attacks

You are encouraged to contact DICTS for ICT related advise and support.

DICTS END USER SUPPORT TEAM