NIC issues guidelines to safeguard against cyber attacks

The National Informatics Centre has issued “cyber security guidelines for government employees” with do’s and don’ts to protect themselves from cyberattacks.

Recently, virtual private network (VPN) companies such as NordVPN, ExpressVPN, Surfshark, and Tor have pulled out of India after the Indian Computer Emergency Response Team (CERT-In’s) norm asked all VPN service providers to store user data for five years.

The NIC has issued more than 20 each of “Do’s and Don’ts” of cyber security in the guidelines, such as: changing passwords at least once in every 45 days; maintaining an offline backup of critical data; installing an enterprise antivirus client offered by the government on official desktops and laptops; setting up unique passcodes for shared printers; not using the same password in multiple services/websites/apps; don’t install or use pirated software; and don’t allow Internet access to the printer.

“All government employees, including temporary, contractual, and outsourced resources, are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads,” the NIC guidelines note said.

“The increasing adoption and use of ICT has increased the attack surface and threat perception for the government due to a lack of proper cyber security practices followed on the ground. In order to sensitise the government employees and contracted/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled,” the note added.

When contacted by BusinessLine, a senior official at NIC confirmed the guidelines but declined to give further details.

“With cyber-attacks against corporate networks increasing 50 per cent YoY, it has become clear that the past year has seen a dual pandemic, a biological and a cyber one. To defend against an expanding attack surface, security teams are increasingly adopting new cyber security products to protect networks, cloud infrastructure, IoT devices, as well as users and access, “Sundar Balasubramanian, Managing Director, India, and SAARC, Check Point Software Technologies, said. The Hindu BusinessLine