Post the AIIMS ransomware attack, the central government and its various ministries and bodies have gone on high alert with many issuing separate cybersecurity advisories, warning employees of existing threats to their systems, the ways they can prevent cyber attacks and so on.
Last year, a major ransomware attack hit the country's leading hospital and research institute, which left centralised records inaccessible. Hospital services such as generation of unique health identification numbers, new registrations, laboratory reports, billing and patient discharge were also hit.
In December, the Central Pollution Control Board (CPCB) warned its employees not to access torrents through the office network.
The CPCB stated in a set of cybersecurity guidelines issued on December 5, "Kindly do not use the office network for accessing restricted P2P networks such as torrents." Moneycontrol reviewed the guidelines.
Torrent is a method of distributing files over the internet that is primarily used for illegally downloading or uploading movies, music, and software. The lack of system safety checks also exposes torrent users to the risk of downloading viruses, trojans, and malware.
Another CPCB guideline urged employees not to install any pirated software.
"No official shall download or install pirated software on the computer systems as they are illegal and can create a backdoor entry to the system through trojans, etc," CPCB said.
The Controller General of Defence Accounts (CGDA), which oversees the Defence Accounts Department (DAD) in the Ministry of Defence, also issued a similar cyber security advisory for its employees in December.
"A rise in incidents of data breach and data leaks affecting data/PCs and emails is being continuously observed in the official environment. Attackers use a variety of techniques to gain access to the internal network's servers and databases," said the Controller General of Defence Accounts in an official circular issued on 6 December.
This advisory was significant because the DAD is responsible for payment, financial advice, internal audits, and accounting of the expenditures and receipts of the Armed Forces, including the Coast Guard, Defense Research and Development Organization laboratories, and defence ordnance factories.
The CGDA said that CERT-In has issued a set of guidelines on how to avoid data breaches, which it urged employees to follow.
One of these guidelines from CERT-In, which appeared in the CGDA's circular, stated: "Employees must be advised to avoid mixing personal with work email and/or work documents, or allowing someone they shouldn't to use their official device or sharing official information with them."
Another cybersecurity advisory from December came from the Office of the Principal Accountant General in Bhubhaneshwar.
The circular which Moneycontrol has reviewed said that the National Informatics Centre's two-factor authentication system for government email services should be downloaded from authentic sources.
Kavach is a two-factor authentication (2FA) system that the National Informatics Centre implemented last year to strengthen the government's email infrastructure. It has been made mandatory, and all government officials must use 2FA from Kavach to access their accounts.
"Any Google search for 'Kavach', may lead to fake sites resulting in breach of security of systems/mobile phones. In view of the above, it is requested to download 'Kavach' application for Windows/Android only from authentic site," the circular read.
This circular also came at a time when cybersecurity firm Secureonix found that threat actors were targeting the two-factor authentication system, Kavach.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
