Kathmandu. A 102-point ‘advisory’ has been issued for the security of government websites, data and networks. The National Cyber Security Center has issued a cyber security advisory to protect the information technology systems of government offices and protect them from potential cyber threats.
The advisory includes various security measures related to the use of government office websites, applications, servers, networks, desktops, laptops, mobile devices and social media. The advisory was issued after problems were observed on government office websites, cyber attacks, information theft, etc., informed the center’s director Rajkumar Maharjan.
‘Serious cyber problems are being created due to general ignorance or negligence. “If we inform the users about this, the problem is expected to decrease,” he said. “This advisory is not only for the employees of this government agency, but for all citizens.”
The Center has also written to all ministries, commissions, and departments to designate a ‘focal person’ to contact in case of a problem with a government website or application. The advisory has advised to regularly update the website, conduct security tests, and implement a business continuity plan for website and network security. Similarly, instructions have been given to update antivirus, databases, application libraries, and operating systems and implement multifactor authentication.
The advisory recommends using only licensed software for desktop, laptop and printer security, automatically updating the system and BIOS, and isolating printers from internet access. For password management, it is recommended to use passwords that cannot be easily guessed, change them at least once every three months, and use multifactor authentication to maintain privacy. For internet browsing security, it is recommended to use secure browsing methods, use updated browsers, and not share personal information on unauthorized websites.
It is emphasized that unauthorized content should not be posted on social media and personal information should be used in limited quantities, and that mobile devices should be protected by updated operating systems and apps downloaded only from trusted sources. The center has also urged that regular cybersecurity training be provided to the concerned employees to implement these measures effectively.
The center has said that cyber security can be strengthened by focusing on website updates, data backups, secure passwords, multi-factor authentication, network segmentation and antivirus updates. These security measures are expected to protect government systems from cyber threats and increase citizen awareness, said Maharjan, director of the center.
Password Management
The center has advised creating strong passwords that cannot be easily guessed to make passwords secure. For this, a password of at least eight characters with a combination of uppercase and lowercase letters, numbers and special symbols should be used. Similarly, the advisory states that passwords should be changed every three months. It has been asked not to use personal information such as name, date of birth, address, etc. as passwords. It has been emphasized that the default password of any system should be changed immediately and multi-factor authentication should be used.
Similarly, it has been suggested not to use the same password in different services or systems and to keep the password secret and not share it with unauthorized persons.
Internet Browsing Security
The advisory states that private browsing/incognito mode should always be used when using government applications, banking services or other important services. Similarly, it is advised to manually type the domain in the browser’s address bar instead of clicking on links on any website, use the latest version of the browser, and update it regularly. It is also recommended not to save passwords or payment information in the browser. It is advised not to use unauthorized third-party services, such as Nord VPN, Express VPN, or proxies, and to avoid downloading suspicious or pirated content.
Protection from email and phishing attacks
To avoid phishing attacks through email, it is advised not to immediately open emails from unknown people and to avoid opening suspicious attachments or links. Suspicious emails should be reported as spam and deleted, and web pages should not be subscribed to unless necessary. The advisory states that multi-factor authentication should be activated in email services, business emails should not be opened using public Wi-Fi, and a secure VPN should be used as much as possible.
Removable media security measures
When using removable media (USB, external hard drive, etc.), it should be scanned before use and sensitive content on it should be protected through password or encryption. The advisory states that media obtained from unauthorized sources should not be used and only media approved by the office should be used.
Regarding social media security
It has been advised to limit personal information when using social media, check carefully before accepting friend requests or messages from strangers, and avoid making government information public. It has been suggested not to post government email addresses on social media and to implement multifactor authentication on social media accounts.
Mobile Security Measures
For the security of mobile devices, it is advised to apply the latest updates/patches, download applications only from trusted sources and carefully check the permissions requested by the application. It is advised to keep sensors like WiFi, Bluetooth, NFC GPS disabled unless necessary and to install antivirus software on the mobile. The advisory also mentions enabling the feature to track a lost mobile and keeping the IMEI number safe.
प्रतिक्रिया दिनुहोस्