Government employees must keep these 24 guidelines in mind to avoid cybercrime; Take a look

New Delhi: Strict cybersecurity guidelines have been issued by the government for all government employees including contract workers. The guidelines have been issued by the Ministry of Electronics & Information Technology for all the ministries and departments throughout India to “sensitise government employees” about the importance of cybersecurity.

According to the guidelines, “The increasing adoption and use of ICT has increased the attack surface and threat perception to the government, due to lack of proper cyber security practices followed on the ground. In order to sensitise the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled.”

Besides, the government has warned that “any non-compliance may be acted upon by the respective CISOs/Department heads” and employees may have to face the consequences.

The guidelines jot down 24 things that government employees must keep in mind. Take a look:

1. Don’t use the same password in multiple services/websites/apps.
2. Don’t save your passwords in the browser or in any unprotected documents.
3. Don’t write down any passwords, IP addresses, network diagrams, or other sensitive information on any unsecured material (ex: sticky/post-it notes, plain paper pinned or posted on your table, etc.)
4. Don’t save your data and files on the system drive (Ex: c:\ or root).
5. Don’t upload or save any internal/restricted/confidential government data or files on any non-government cloud service (ex: google drive, dropbox, etc.).
6. Don’t use obsolete or unsupported Operating Systems.
7. Don’t use any 3rd party DNS Service or NTP Service.
8. Don’t use any 3rd party anonymization services (ex: Nord VPN, Express VPN, Tor, Proxies, etc.).
9. Don’t use any 3rd party toolbars (ex: download manager, weather toolbar, askme toolbar, etc.) in your internet browser.

10.Don’t install or use any pirated software (ex: cracks, keygen, etc.).

11.Don’t open any links or attachments contained in the emails sent by any unknown sender.

12.Don’t share system passwords or printer passcode or Wi-Fi passwords with any unauthorized persons.

13.Don’t allow internet access to the printer.

14.Don’t allow printer to store its print history.

15.Don’t disclose any sensitive details on social media or 3rd party messaging apps.

16.Don’t plug-in any unauthorized external devices, including USB drives shared by any unknown person

17.Don’t use any unauthorized remote administration tools (ex: Teamviewer, Ammy admin, anydesk, etc.)

18.Don’t use any unauthorized 3rd party video conferencing or collaboration tools for conducting sensitive internal meetings and discussions.

19.Don’t use any external email services for official communication.

20.Don’t jailbreak or root your mobile phone.

21.Don’t use administrator account or any other account with administrative privilege for your regular work.

22.Don’t use any external mobile App based scanner services (ex: Camscanner) for scanning internal government documents.

23.Don’t use any external websites or cloud-based services for converting/compressing a government document (ex: word to pdf or file size compression)

24.Don’t share any sensitive information with any unauthorized or unknown person over telephone or through any other medium.