VSS is currently managing and operating important information systems such as: electronic transaction systems, health insurance inspection information systems, management systems of collection, cards and books, document management and operation systems, industry's email systems, etc. This chain of systems is protected by firewall solutions (Firewall), anti-targeted attack (APT), data loss prevention (DLP), distributed denial-of-service (DDoS) attacks, intrusion prevention (ISP/IDS), network access control (NAC); simultaneously a system of collecting logs and monitoring information security incidents, and a network operating center (NOC).

In the past months, the administration of the system's servers was conducted through a privileged account management system with 2-factor authentication, approved by competent leaders. The user's Internet connection policy is controlled by an Out-bound Firewall and a packet forwarding device (Proxy).

In the face of the threats of attacking and infiltrating information systems on cyberspace and in response to cases that might affect the IT security of the Industry, VSS has sent Official Letter No. 3690/BHXH-IT sent to affiliates and social insurance agencies of provinces and cities on the reorganization of management and guarantee on information security.

Accordingly, VSS requires the units to check on computer systems and internal networks and update the latest patches for network equipment (switches, routers, security devices, wireless transmitters, etc.). At the same time, to remove network devices that do not meet the industry's standards and devices that have been warned by regulatory authorities not to be used.

The Vietnam's social insurance industry on a daily basis actively monitors and ensures the data's safety.

VSS also recommends units and individuals not to open suspicious emails, files or links (even for the previously contacted ones but show unusual signs); not to access unsafe websites or websites with harmful content; not to use unsafe peripheral devices (USB, CD-ROM). Along with that, it is necessary to install anti-virus softwares and Endpoint Detection and Response (EDR) for all computers being used at the unit and to guarantee installations on all computers; to install additional software to prevent data loss, manage network access for computers of staff in charge of data processing, drafting the direction and administration reports of industry leaders; to set strong passwords and periodically change email account passwords and professional software or internal software, etc.

Recently, the Department of Cyber Security and High-tech Crime Prevention (Ministry of Public Security) has conducted an inspection and assessment on network and information security at the VSS. The results have shown that VSS has built technical infrastructure solutions to ensure safety for information systems at the Industry Data Centers and Data Backup Centers of international standards. Notably, the network system is planned separately into partitions to set up appropriate security policies for multi-layer protection.

In addition, the VSS has disseminated and thoroughly grasped the Party's undertakings and the State's policies and laws. To concretize those contents, VSS has issued numerous implementation plans, such as: Plan No. 3280/KH-BHXH on response to network security incidents in the industry; Official Letter 1709/IT-HTA on the campaign to scan and handle malware in 2020; Official Letter No. 3690/BHXH-IT on reorganizing the management of ensuring information security, etc.

Illustrative image.

At the time of inspection, a number of displayed malicious codes were detected and prevented by the VSS firewall. Risks of information security loss incidents are reported daily to all units through the email system of the Industry. However, in some IP addresses of users using peripheral devices, the internet connection is not yet secure.

In addition to appreciating the industry's work of ensuring information security, the VSS Deputy General Director Pham Luong Son also requested the IT Center to immediately handle security errors and overcome the gaps in the entire industry's information security system; at the same time, to continue to monitor and promptly report to the Vietnam Social Security; to urge and remind all civil servants and employees to comply with security measures in using passwords of official accounts; to update, supplement and upgrade softwares