KATHMANDU, JANUARY 27
The National Cyber Security Center under the Ministry of Communication and Information Technology has issued a detailed cyber security advisory for users of government information technology systems. The advisory emphasizes the need for enhanced security measures to protect sensitive data and ensure the safe operation of IT systems in government offices.
The advisory urges government offices to regularly update and manage secure frameworks, conduct website security audits, and address vulnerabilities in websites, applications, servers, storage, and network systems. It recommends the installation of SSL certificates and stresses the importance of regular data backups, archival processes, and implementing a robust business continuity plan.
It highlights the necessity of using genuine hardware and software while ensuring regular updates and patching for antivirus, databases, applications, operating systems, network devices, and security servers. The advisory calls for a strict password policy, including the use of complex, non-trivial passwords that are changed every three months, and recommends the adoption of multi-factor authentication for email systems.
To ensure secure access control, the advisory suggests limiting root account access, monitoring logins, segmenting networks for servers, sensitive data, and services, and using access control systems such as door locks for data centers and server rooms. It also emphasizes the use of IP cameras for surveillance and providing regular security training on data, applications, networks, and cloud systems for employees.
Government offices are advised to ensure the use of genuine and updated operating systems, software, and antivirus programs on all devices, including desktops, laptops, and printers, with limited access to secure data. The advisory also includes guidelines on safe browsing practices, such as typing URLs manually, updating browsers, avoiding third-party tools, and being cautious with shortened URLs that could lead to phishing or malware.
The advisory warns against opening emails or attachments from unknown sources and advises caution in the use of removable media. Additionally, it emphasizes social media safety, recommending users not to share private or sensitive information, avoid accepting requests from unverified accounts, and enable multi-factor authentication on social media accounts.
For mobile devices, it stresses updating operating systems regularly, enabling features like WiFi, GPS, Bluetooth, and NFC only when needed, downloading apps only from reputable sources such as Google Play Store and Apple App Store, and reviewing app permissions carefully. Users are also advised to save their device's IMEI number, disable automatic downloads, and enable tracking features in case of device loss.
