The government has issued strict cybersecurity guidelines for all government employees including contract workers. The new guidelines by the Ministry Of Electronics & Information Technology are issued for all ministries and departments across India to “sensitise government employees” about the importance of cybersecurity.
According to the guidelines, here is the list of 24 things that government employees must keep in their minds:
1. Don’t use the same password in multiple services/websites/apps.
2. Don’t save your passwords in the browser or in any unprotected documents.
3. Don’t write down any passwords, IP addresses, network diagrams or other sensitive information on any unsecured material (ex: sticky/post-it notes, plain paper pinned or posted on your table, etc.)
4. Don’t save your data and files on the system drive (Ex: c: or root).
5. Don’t upload or save any internal/restricted/confidential government data or files on any non-government cloud service (ex: google drive, dropbox, etc.).
6. Don’t use obsolete or unsupported Operating Systems.
7. Don’t use any 3rd party DNS Service or NTP Service.
8. Don’t use any 3rd party anonymization services (ex: Nord VPN, Express VPN, Tor, Proxies, etc.).
9. Don’t use any 3rd party toolbars (ex: download manager, weather tool bar, askme tool bar, etc.) in your internet browser.
10.Don’t install or use any pirated software (ex: cracks, keygen, etc.).
11.Don’t open any links or attachments contained in the emails sent by any unknown sender.
12.Don’t share system passwords or printer passcode or Wi-Fi passwords with any unauthorized persons.
13.Don’t allow internet access to the printer.
14.Don’t allow printer to store its print history.
15.Don’t disclose any sensitive details on social media or 3rd party messaging
16.Don’t plug-in any unauthorized external devices, including USB drives shared by any unknown person
17.Don’t use any unauthorized remote administration tools (ex: Teamviewer, Ammy admin, anydesk, etc.)
18.Don’t use any unauthorized 3rd party video conferencing or collaboration tools for conducting sensitive internal meetings and discussions.
19.Don’t use any external email services for official communication.
20.Don’t jailbreak or root your mobile phone.
21.Don’t use administrator account or any other account with administrative privilege for your regular work.
22.Don’t use any external mobile App based scanner services (ex: Camscanner) for scanning internal government documents.
23.Don’t use any external websites or cloud-based services for converting/compressing a government document (ex: word to pdf or file size compression)
24.Don’t share any sensitive information with any unauthorized or unknown person over telephone or through any other medium.