Vietnam Social Security: To strengthen information security management and guarantee
09/12/2020 10:50 AM
Vietnam Social Security (VSS) has just issued Official Letter No. 3690/BHXH-IT sent to affiliated units and social security authorities of provinces and cities on the reorganization of management and guarantee on information security.
Vietnam Social Security implements numerous solutions to ensure information security
The letter stated that, over the past time, there have been many cyber attacks in the world and Vietnam, occurring serious threats to the application of IT, serving socio-economic development and ensuring defense and security. In particular, due to the impact of the COVID-19 epidemic, hacker groups have been active and increasing at an alarming rate in terms of quantity, variety of forms, and sophistication of technology. According to the analysis and evaluation results, the number of cyber attacks and IT system intrusions have security weaknesses in both sides of the system and users. VSS has implemented technical solutions and issued documents requesting the units to ensure network safety and security for the information systems of the sector.
In order to strengthen the management and guarantee of information security, prevent risks of attacks or infiltration of information systems, and prevent and promptly overcome information security incidents on the computer network, VSS required the head of affiliated units and the social security authorities of the provinces and cities to strictly implement and thoroughly inform the public servants, officials and employees in the unit in charge of information security guarantee. Specifically:
To implement the Regulations on guaranteeing information security in the IT application of the social insurance industry in Decision No. 967/QD-BHXH dated June 20, 2017 of the General Director of Vietnam Social Security.
To inspect computer systems and internal networks; to update the latest patches for network equipment (switches, routers, security devices, wireless transmitters, etc.). To remove network devices that do not meet the industry's standards or devices that have been warned by regulatory authorities not to be used.
To install anti-virus software, endpoint detection and response (EDR) for all computers in use at the unit, ensuring 100% of computers with installment. To install additional data loss prevention software, network access management for computers of staff performing data processing, draft directive and executive reports of industry leaders.
To set a strong password and periodically change the password of email accounts and professional software, internal software, etc.
In addition, not to open suspicious e-mails, files, or links (even from someone who has been in contact before but shows signs of abnormalities). Not to access unsafe websites or websites with harmful content, etc. Not to use unsafe peripherals (USB, CD-ROM).
VSS requires the heads of units to take full responsibility before the law and before the VSS General Director if there exists information insecurity at the unit. At the same time, the IT Center was assigned to instruct the units to implement security solutions; to monitor and supervise the safety of the units and report to the VSS leaders to strictly handle violations./.
VSS
Sickness
Work Injury and Occupational Disease
Survivor’s
Old-age
Maternity
Unemployment
Medical (Health Insurance)
Certificate of coverage
VSS - ISSA Guidelines on Social Security