Editor’s note: A new guideline aimed at curbing data breaches on campus was released on August 28 for a trial run at selected Hong Kong institutions. In this issue’s Make it Simple column, we break down why schools need to heighten their vigilance against cyber threats.

1.    What is the guideline about?

-    The Cybersecurity Guide for Hong Kong Schools, developed by Hong Kong-based NGOs HKIRC and AiTLE, aims to enhance cyber resilience in education.

-    It provides schools with a vital checklist and actionable advice to address common network vulnerabilities, including password management and access control.

-    Launched as a trial in selected schools on August 28, the guide will be refined based on feedback before a public rollout at a later date.

ALSO READ: Call for proactive defense amid rising cyber threats

2.    Why does campus data protection matter?

-    Schools store a vast amount of sensitive personal data of students and staff, including names, contact details, ID numbers and academic records. They are highly valuable to malicious actors for identity theft, fraud, and other illegal activities.

-    The education sector has become a primary target of ransomware and phishing. At least nine such cases were reported between January and July, with the actual number probably even higher due to underreporting.

-    The rise of digital teaching tools turns schools into potential entry points for larger attacks on government and private sector networks.

-    A recent security scan of the city's campuses uncovered over 30 terminal devices with critical flaws, some 300 exposed remote service terminal devices, and about 11,500 leaked user credentials.

3.    What are the consequences of a data breach?

-    A breach could jeopardize the privacy and financial security of those affected.

-    It can also cripple a school’s IT systems, halt administrative functions, and disrupt teaching and learning.

-    Earlier this year, hackers locked a primary school’s systems and demanded a HK$500,000 ($64,160) ransom.

-    A university website was compromised to host illegal gambling content, resulting in service disruptions and a potential breach of sensitive data.

4.    What are the challenges for safeguarding data?

-    Limited cybersecurity awareness and knowledge among staff.

-    Varying levels of cybersecurity expertise across schools, often due to constrained budgets and resources.

-    Complex and diverse user bases, including students, parents, teaching staff, and alumni, creates a larger attack surface that is difficult to manage.

READ MORE: HK urged to enhance cybersecurity through cross-boundary collaboration

5.    What should be done to protect data?

-    Report incidents to the relative authorities, such as the Digital Policy Office, the Cyber Security and Technology Crime Bureau of the Hong Kong Police Force, and the Hong Kong Computer Emergency Response Team Coordination Centre .

-    Join Cybersec One Program, which offers free risk assessments, vulnerability scans, and training, and the Cybersecurity Service Providers Connect Program to find vetted solutions.

-    Reach out to organizations such as HKIRC for professional services.

-    Access the latest resources and information through Cybersec Infohub, a cybersecurity information sharing platform.

Sources: China Daily interviews; the Cyber Security and Technology Crime Bureau; DarkLab