New Delhi: The central government has cautioned its employees against accessing social media on official devices, including mobile phones and computers, unless permitted. It also directed officials not to carry out classified work on computers connected to Internet and instead use standalone systems.
“All personnel, including employees, contractual staff, consultants, partners, third-party staff who manage, operate and support information systems, facilities, communication networks and information created, accessed, stored and processed by or on behalf of the government, unless authorised to do so, shall not disclose official information on social media or social networking portals or applications,” says the 24-page Union home ministry note reviewed by ET.
The ministry’s cyber and information security division deals with cybercrime, National Information Security Policy & Guidelines (NISPG) and implementation of NISPG. The move, officials said, was to prevent security breach and ensuring sensitivity of data. “On an average, 30 attempts are made every day by foreign entities to hack into or deface government portals and unlawfully extract confidential information,” an official told ET.
The ministry’s note also says: “No classified information of government can be stored on private cloud services (Google drive, Dropbox, iCloud etc) and doing so may make you liable for penal action, in case of data leakage.”
A Niti Aayog study stated that by 2020, there would be 730 million Internet users in India and of them 75% would be new users from rural areas. The findings also suggest that in the next two years, the country would have 175 million online shoppers and travel and ecommerce transactions would also grow by 50% and 70%, respectively. “A large number of employees use smartphones and at times get exposed to malware infected website unknowingly,” an official said.
On the use of removable storage media in government offices, the MHA note says: “Classified data should be encrypted before copying into the removable storage media designated to store classified information. Classified information should be stored only on organisation allocated removable storage media for work purpose.” It further bans taking away a USB device out of offices unless authorised.
For e-mail communications of government employees, the home ministry note says: “Classified information should not be communicated via emails and official email accounts should not be accessed from public Wi-Fi connections.”
A list of best practices have been provided by the MHA for government officials in case they are using their home Wi-Fi networks for official work. It says: “Consider using the Media Access Control or ‘MAC’ address in your wireless router. Every device that can connect to a Wi-Fi network has a unique ID called the physical address or MAC address. Wireless routers can screen the MAC addresses of all devices that connect to them, and users can set their wireless network to accept connection only from devices with MAC addresses that router will recognise.