Jul 8, 2016
Today, the Ministry of Education issued a bulletin on Cyber Security in New Zealand Schools. We know that this email may have caused some concerns, so have put together some information about these threats and what New Era is doing in response.
- Never open an email or attachment if you are unsure of its origin or intent
- All passwords should be complex; containing a mix of letter in uppercase and lowercase, numerals and also special characters
- Passwords should never be shared or stored in a location that can be compromised
Message from Ministry of Education on Cyber Security
- Enforce a complex password policy and ensure that default passwords for system accounts are changed.
- Implement two-factor authentication for remote access, such as Remote Desktop Protocol (RDP) and Virtual Private Network (VPN). For more details on VPN go to NetSafe
- Apply regular updates to applications and operating systems to ensure up to date protection against known vulnerabilities.
- Restrict accounts with administrative privileges to make it more difficult for an attacker to install malware and gain access to the wider network.
- Ensure backups are run regularly with separate backups of both data and server images. Check backups on a regular basis to ensure the backups are successful and can be used to restore data.
- Ensure a secure configuration of servers by blocking or disabling all externally facing services and ports by default, and only enabling those actually required. This can include whitelisting or blocking external access to administration panels and not using default login credentials.
- Ensure antivirus software is installed and updated regularly and in all cases no later than 7 days from release of an update from the anti-virus provider.
- Enable comprehensive logging and ensure that at least three months logs are retained and backed up. Logging is critical in a forensic context to establish the cause, extent and duration of any future incident.
What to do if a compromise is identified
- Immediately isolate the compromised server(s) from the internet.
- Force a password change for all user accounts, including network accounts.
- Rebuild the server. Rebuilding the server is crucial to ensure removal of all malware and methods of access created by the attackers. If your school seeks to enlist the services of a security provider to conduct a forensic investigation of the incident, they will require access to the server to conduct analysis prior to the server being rebuilt.
If ransomware is identified
- Advise the New Zealand Police.
- Advise Netsafe, using ‘The Orb’
- It is strongly recommend that you DO NOT pay the ransom under any circumstances.
- Undertake the steps outlined above.
Schools IT Helpdesk 0800 CALLICT (0800 225 542) or 09 356 3167, email:firstname.lastname@example.org