Hong Kong police, in collaboration with the Hong Kong Internet Registration Corporation Ltd., released a comprehensive cybersecurity guide designed to help schools strengthen their digital defenses against an increasing number of online threats on Friday.
The Hong Kong Police Force and industry partners have jointly published the guide, consolidating up-to-date cybersecurity information to provide clear guidance for educational institutions.
According to Superintendent Rachel Hui Yee-wai from the Cyber Security and Technology Crime Bureau, technology-related crimes reported in the first half of this year exceeded 16,000 cases—a slight increase of 80 compared to the same period last year.
However, total financial losses surged to over HK$3 billion, marking a 14.7 percent year-on-year rise.
Among these, 21 system intrusion cases resulted in losses exceeding HK$39 million, a more than tenfold increase from the previous year. Ransomware incidents decreased slightly to 21 cases, down from 26 last year, though one victim was reportedly demanded around HK$10 million.
Between January and July this year, police detected 19 million cyber threats.
Nine cybersecurity incidents directly affected schools. Hui cited an example where a primary school’s externally maintained VPN portal—set up by a contractor for system maintenance—was not removed after the contract had ended.
Weak password protection allowed hackers to infiltrate the system and install ransomware. Although the school did not pay the ransom, critical services such as its e-learning platform were temporarily disrupted.
The new guide offers templates for cybersecurity policies covering areas such as data and password management and email security. It is designed to help schools develop tailored IT security policies based on their specific needs.
The document also includes real-world case studies demonstrating methods to mitigate cyber risks and outlines recommended response procedures for school cyber incidents, complete with impact analyses to facilitate prompt action.
Additionally, the guide provides a recommended checklist for security configurations—including session management, access control, and error handling—to assist schools in further enhancing their network settings. The guide is available for download on the “Cybersec Infohub” website.
