Suppose you are a boss of a company, and you send your employees a confidential email about internet safety. A few days later it gets leaked. How will you feel?
That’s exactly what has happened in India. Indian government a few days ago issued guidelines with information regarding internet communication and technology. The guidelines which were supposed to be confidential are now in the public domain as they got leaked.
The guidelines which were sent to approximately 30 million workers under the central government got leaked immediately. As reported by The Register, it got leaked on a government website.
According to the document, an increase in usage of internet-based technology lead to an increase in the possibility of cyberattacks on government departments. Cyberattacks threat is very prevalent as cybersecurity practices are not unfollowed properly by many employees.
The document explains that its purpose is to sensitize government employees regarding cybersecurity and create awareness among them regarding what to do and what not to do while handling important cases related to government.
According to a document accessed by news agencies, there were 24 points regarding what should not be done while using the internet.
Guidelines say that employees should not reuse passwords or note them down anywhere in the office. Only supportive operating systems must be used, and toolbars of third-party browsers should be avoided. Saving data on local drives is also strictly prohibited. It is also clearly mentioned as employees should refrain from clicking on any links or attachments from unknown parties.
Government employees are also not allowed to use any third-party online tools for converting files or mobile phone apps to scan anything. Installation and usage of pirated software are also strictly prohibited.
Other guidelines in the documents are mentioned below –
- Uploading internal/restricted/confidential government data or files to any non-government cloud service (ex: Google Drive, Dropbox, etc.);
- Use of third-party DNS or NTP services;
- Using third-party anonymization services such as VPNs or Tor;
- Connecting printers to the internet, or allowing them to log job histories;
- Disclosure of “any sensitive details on social media or third-party messaging apps”;
- Connecting “any unauthorized external devices, including USB drives, shared by an unknown person”;
- Use of unauthorized remote administration tools;
- Use of unauthorized third-party video conferencing or collaboration tools for conducting sensitive internal meetings and discussions.
The government has also informed employees to ensure that they use strong passwords and if possible;e multifactor authentication. All software should be updated regularly, and antivirus software should be active all the time. The document also suggests that all users must use DNS server 1.10.10.10.10 which is India’s national’s server.
Regarding data transmission and encryption, the document prescribes encrypting data before any kind of transmission.
The irony is that a document, which was marked as “Restricted” with access only to government personnel, got leaked on the government website itself. By putting up the documents and their information on the website, whoever did it has violated a point mentioned in the document regarding sharing of sensitive information.