Govt issues cybersecurity advisory to departments

The Delhi Government has issued an advisory to its departments, asking them to strengthen cybersecurity measures and refrain from accessing anonymously shared links or attachments and unfamiliar websites on office computers.

The advisory issued on Thursday by the information technology (IT) department of the Government asked all the heads of the departments to ensure that they also nominate an assistant chief information security officer on priority.

The safety of the IT infrastructure is most important, and any breach may give a bad name to the Delhi Government, the advisory said, adding that all departments must ensure adoption of proactive steps to safeguard against any cyber incident.

All the websites or applications running in departments must possess valid security audit certificates, it said, and prohibited accessing anonymously shared links, websites or attachments on the office computers.

The advisory said only the National Informatics Centre (NIC) email should be used for official communication, and any third-party channel for official purposes must be avoided. It also directed that pirated software must not be used on office computers, and antivirus packages should be downloaded to thwart any glitch or cybersecurity breach.

Among the security measures recommended were shutting down computers while leaving the office, using strong passwords and multi-factor authentication for accessing sensitive data or information, and not sharing passwords with anyone.

The departments have also been advised to manage the inventory of IT infrastructure installed and backup data while also ensuring that the devices, operating systems and other installations are updated.

Previously, the Ministry of Electronics and Information Technology (MeitY) secretary had written to the states and Union territories to take immediate measures for enhancing cybersecurity.

According to the directions, the departments were to ensure MAC (media access control) binding to prevent unauthorised access, upgrade the operating system of all computers and devices to the latest version and remove obsolete equipment from the cyber network.