The government has issued strict cybersecurity guidelines for all government employees including contract workers. The new guidelines by the Ministry Of Electronics & Information Technology are issued for all ministries and departments across India to “sensitise government employees” about the importance of cybersecurity.
“The increasing adoption and use of ICT has increased the attack surface and threat perception to the government, due to lack of proper cyber security practices followed on the ground. In order to sensitise the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do
from a cyber security perspective, these guidelines have been compiled,” according to the guidelines.
The government has warned that “any non-compliance may be acted upon by the respective CISOs/Department heads” and employees may have to face consequences.
According to the guidelines, here is the list of 24 things that government employees must keep in their minds:
1. Don’t use the same password in multiple services/websites/apps.
2. Don’t save your passwords in the browser or in any unprotected documents.
3. Don’t write down any passwords, IP addresses, network diagrams or other sensitive information on any unsecured material (ex: sticky/post-it notes, plain paper pinned or posted on your table, etc.)
4. Don’t save your data and files on the system drive (Ex: c: or root).
5. Don’t upload or save any internal/restricted/confidential government data or files on any non-government cloud service (ex: google drive, dropbox, etc.).
6. Don’t use obsolete or unsupported Operating Systems.
7. Don’t use any 3rd party DNS Service or NTP Service.
8. Don’t use any 3rd party anonymization services (ex: Nord VPN, Express VPN, Tor, Proxies, etc.).
9. Don’t use any 3rd party toolbars (ex: download manager, weather tool bar, askme tool bar, etc.) in your internet browser.
10.Don’t install or use any pirated software (ex: cracks, keygen, etc.).
11.Don’t open any links or attachments contained in the emails sent by any unknown sender.
12.Don’t share system passwords or printer passcode or Wi-Fi passwords with any unauthorized persons.
13.Don’t allow internet access to the printer.
14.Don’t allow printer to store its print history.
15.Don’t disclose any sensitive details on social media or 3rd party messaging
16.Don’t plug-in any unauthorized external devices, including USB drives shared by any unknown person
17.Don’t use any unauthorized remote administration tools (ex: Teamviewer, Ammy admin, anydesk, etc.)
18.Don’t use any unauthorized 3rd party video conferencing or collaboration tools for conducting sensitive internal meetings and discussions.
19.Don’t use any external email services for official communication.
20.Don’t jailbreak or root your mobile phone.
21.Don’t use administrator account or any other account with administrative privilege for your regular work.
22.Don’t use any external mobile App based scanner services (ex: Camscanner) for scanning internal government documents.
23.Don’t use any external websites or cloud-based services for converting/compressing a government document (ex: word to pdf or file size compression)
24.Don’t share any sensitive information with any unauthorized or unknown person over telephone or through any other medium.