The National Cyber Security Center has issued a cybersecurity advisory to employees at government offices. The directive comes to address security concerns that have grown over the past few months.
The advisory also tells the employees to change passwords of all communication systems at offices, keep phones outside during important meetings, and not install any games. The advisory was issued on Magh 08.
NCSC aims to protect the cyberspace of government offices. The advisory includes steps to take to secure website, application, network, and data security. Essentially, it includes ways to protect government websites, application servers, storage, networks, computers, printers, etc.
Nepal’s government offices have been receiving more cyber threats in the past months. The government websites computers, and even digital boards are increasingly coming under cyber-attacks. This has raised questions about their security reliance and possible hazards to public and national security. So, the National Cyber Security Centre directed civil servants to take extra measures to step up security arrangements.
Also check out the list of rules for social media: What you can and can’t do
Cybersecurity advisory for government office employees:
The advisory by the National Cyber Security Centre for government office employees is an 8-page guidebook under eight different topics. Here are more details:
- Section A (Ka): The advisory asks ICT users at government offices to frequently update the websites, and manage the framework. The government also tells employees to frequently run site security audits. It also tells them to use non-trivial (complex) passwords, scan and update OS, application libraries, security devices, etc. Additionally, the advisory instructs employees to install an IP Camera for surveillance.
- Section B (Kha): This section offers guidelines to ensure the safe use of desktops, laptops, printers, and such devices to avoid cyberattacks. It also talks about using licensed operating systems and software, regularly updating the operating system and BIOS firmware, and turning on GPS, Bluetooth, NFC, and other sensors only when necessary. The guidelines also tell civil servants to verify the person while accepting their friend request on social media and not share government email and internal data on social networks.
- Section C (Ga): The advisory suggests that users consider strong passwords for accounts at offices. A password should have capital and small cases, special symbols, numbers, etc. to ensure maximum difficulty for anyone to guess. It also instructs employees that they don’t change the password every three months and not use the same password for different services.
- Section D (Gha): Government officials are told to use private browsing or incognito mode while using government applications, email services, banking services, and sensitive digital systems. It also states that users shouldn’t click the link directly to open a website but rather manually type the URL. They should also not save any username and password—likewise, the advisory talks against using VPNs, download managers, AskMe Toolbar, etc.
- Section E (Nga): The section tells users not to open emails coming from unknown people or organizations without verification. Such emails can be an asset for hackers for phishing attacks. And if there’s such an email, the advisory mentions that users should delete them and report them as spam. Likewise, it suggests that users never use their business email in public hotspots/WiFi.
- Section F (Cha): In this section, the National Cyber Security Center instructs users to format their removal media before them, formatting them, scanning them with an anti-virus, etc.
- Section G (Chha): The cybersecurity advisory for government office employees also tells users to avoid sharing personal information on social networking sites and only accept friend/chat requests after verification. Never share government email addresses on social network platforms.
- Section H (Jha): This section has advice on mobile security. It states that users update their phones to the latest security patch. WiFi, GPS, Bluetooth, etc. should be on only when necessary. Likewise, users should be careful while allowing permissions during an app installation process. It also instructs users to use passcode/security patterns to prevent unauthorized access to mobile phones.
Don’t miss: ICT/Telecom industry in the budget of FY 2081/82: All details
If you have any suggestions, advice, or curiosity regarding the advisory, you can contact the NCSC at 01-4211198 (telephone) or at 9851402289 (spokesman), 9763692289 (Information Officer) to convey your opinion.
