7rx=

AmritMahotsav

ofri st€ : ftIt€ : coFFEE BoARD: BENGALURU

No.ADM/EB.rlRl/MrN -405t2022-nt 61a Datetd.07.2022

zl-
Office Memorandum

Sub: Cyber Security guidelines for Government employees formulated by the

l\.4inistry of Electronics & lnlormation Technology ([.4eitY)- Regarding
Ref: Emaildated 27h June, 2022 ofthe DoC

The Cyber Security guidelines for Government employees including contractual and
outsourced employees issued by the Ministry of Electronics & lnformation Technology
((MeitY) is placed in Board's website. The guidelines specify "DO's and DON'Ts for ensuring
proper cyber security in Government Offices.

All the Board's employees including temporary, contractual/ outsourced are hereby
instructed to strictly adhere to the guidelines (Cyber Security DO's and DON'TS) mentioned
in the MeitY's document. Board's officers are requested to sensitize the staff working under
them to follow the Cyber Security guidelines.

Non-compliance of the guidelines, if any, noticed would be viewed seriously and action as
deemed lit would be initiated.

.ro,n,on"#1]#.----.-,"n,r"y
To:
'1. All Sub Offices/Units
2. AllSections at Head Office

Copy lo:

'1. DSto Secretary

2. PA to Director of Finance/Director of Research, CCRI
3. DD(R), MIU - To place in Board's website
4. SE Guard file
 (q RESTRICTED

Government oflndia
Cyber Security Do's & Don'ts

1 INTRoDUCTION

lnformation and communication technologies (lCT) have become ubiquitous

amongst government ministries and departments across the country. The increasinB
adoption and use of ICT has increased the attack surface and threat perception to
government, due to lack of proper cyber security practices followed on the ground
ln order to sensitize the government employees and contractual/outsourced
resources and build awareness amongst them on what to do and what not to do
from a cyber security perspective, these guidelines have been compiled. By

following uniform cyber security guidelines in government offices across the

country, the security posture of the government can be improved.

2 CYBER SECURITY DO,S

1. Use complex passwords with a minimum length of 8 characters, using a

combination of capital letters, small letters, numbers and special characters.
2. Change your passwords at least once in 45 days.

3. Use multi-factor authentication, wherever available.

4. save your data and files on the secondary drive (ex: d:\).

5. Maintain an offline backup of your critical data.

6. Keep your Operating System and BIOS firmware updated with the latest
updates/patches.

7. lnstall enterprise antivirus client offered by the government on your official

desktops/laptops. Ensure that the antivirus client is updated with the latest

virus definitions, signatures and patches,

8. Configure NtCs DNs server lP (lPv4: 1.10.10.10 / lPv6: 2409::1) in your

system's DNS Settings.

National lnformatics Centre

 RESTRICTED

Government oflndia
CyberSecurity Do,s & Don,ts

9. Configure NIC's NTp Service (samay1.nic.in,

samay2.nic.in) in your system,s
NTP Settings for time synchronization.

10. Use authorized and licensed software only.

11.Ensure that proper security hardening is done

on the systems.
12.When you leave your desk temporarily, always
lock/log_off from your
computer session.

13.When you leave office, ensure that your computer

and printers are properly
shutdown.

14. Keep your printer,s software updated with the latest

updates/patches.
15.Setup unique passcodes for shared printers.

16. Use a Hardware Virtual private Network (VpN) Token for

connectjng privately
to any lT assets located jn the Data Centres.
17. Keep the Gps, bluetooth, NFC and other sensors
disabled on your computers
and mobile phones. They maybe enabled only when
required.
18. Download Apps from official app stores of google (for
android) and appte (for
ios).

19. Before downloading an App, check the popularity

of the app and read the user
reviews. Observe caution before downloading any
app which has a bad
reputation or less user base, etc.

20.Use a Standard User (non_administrator) account for accessing your

computer/laptops for regular work.
21.While sending any important information or document over electronic
medium, kindly encrypt the data before transmission. you
can use a licensed

National tnformetics Centre 6

 RESTRICTED

Government oflndia
Cyber Security Do's & Don'ts

encryption software or an Open PGP based encryption or add the files to a

compressed zip and protect the zip with a password' The password for

opening the protected files should be shared with the recipient through an

alternative communication medium like SMS, Sandes, etc.

22.observe caution while opening any shortened uniform resource locator

(URLs) (ex: tinyurl.com/ab534r. ManY malwares and phishing sites abuse URL

shortener services.

23.observe caution while opening any links shared through sMs or social media,

etc., where the links are preceded by exciting offers/discounts, etc, or may

claim to provide details about any current affairs Such links may lead to a

phishing/malware webpage, which could compromise your device'

24,Report suspicious emails or any security incident to incident@cert-in org in

and [email protected].

25.Adhere to the security advisories published by Nlc-cERT (https://nic-

cert.nic.inladvisories.isp ) and CERT-ln (https://www'cert in'ors.in)'

3 CYBER SECURITY DON,TS

1. Don't use the same password in multiple services/websites/apps'

2. Don't save your passwords in the browser or in any unprotected documents'

3. Don't write down any passwords, lP addresses, network diagrams or other

sensitive information on any unsecured material (ex: sticky/post-it notes,

plain paper pinned or posted on your table, etc.)

National lnformatics Centre

 RESTRICTED

Government oflndia
Cyber Security Do's & Dof,ts

4. Don't save your data and files on the system

drive (Ex: c:\ or root).
5. Don't upload or save any intern a l/restricted/confidentia
I government data or

files on any non government cloud service (ex: google

drive, dropbox, etc.).
6. Don't use obsolete or unsupported Operating Systems.
7. Don't use any 3'd party DNS Service or NTp Service.
8. Don't use any 3d party anonymization services (ex: Nord VpN,
Express VpN,
Tor, Proxies, etc.).

9. Don't use any 3d party toolbars (ex: download manager, weather

tool bar,
askme tool bar, etc.) in your internet browser

10.Don't installor use any pirated software (ex:

cracks, keygen, etc.).
11'Don't open any rinks or attachments contained
in the emairs sent by any
unknown sender

12'Don',t share system passwords or printer passcode

or wi-Fi passwords with
any unauthorized persons.

13.Don't allow internet access to the printer.

14.Don't allow printer to store its print history.

15.Don't disclose any sensitive details on
social media or 3d party messaging
apps.

16. Don't plug,in any unauthorized external devjces,

including USB drives shared
by any unknown person

17.Don't use any unauthorized remote administratjon

tools (ex: Teamviewer,
Ammy admin, anydesk, etc.)

National lnformatics Centre

i
 RESTRICTED

Government oflndia
Cyber SecuritY Do's & Don'ts

18.Don't use any unauthorized 3'd party video conferencing or collaboration

tools for conducting sensitive internal meetings and discussions'

19.Don't use any external email services for official communication'

20. Don't jailbreak or root your mobile phone.

21.Don't use administrator account or any other account with administrative

privilege for your regular work.

22.Don't use any external mobile App based scanner services (ex: camscanner)
for scanning internai government documents.

23. Don't use any external websites or ctoud-based seryices for

converting/compressing a government document (ex: word to pdf or file size

compression)

24.Don't share any sensitive information with any unauthorized or unknown

person over telephone or through any other medium.

4 CYBER SECURITY RESOURCES

The following resources may be referred for more details regarding the cyber
security related notifications/information published by Government of lndia:

5.1

1, https://www. meity.gov.in/cYber- Laws, Policies & Guidelines

security-division
2 https://www.cert-in.orgjn
3 https://nic-cert.nic.in
4 https://www.csk.gov.in
5 https://infosecawareness. in/
6 http://cybercrime.gov.in
Security Advisories, Guidelines & Alerts
Security Advisories, Guidelines & Alerts
Security Tools & Best Practices
Security Awareness lvlaterials
Report Cyber Crime, Cyber Safety Tips

Nationa I lnformatics Centre 9

 RESTRICTED

Government oflndia
Cyber Security Do,s & Don,ts

5 CoMpLtANcE

Ailgovernment emproyees, incruding temporary,

contractuar/outsourced resourc;
to the suiderines mentioned in tnis aocument
::::T:::lj:'::1y.1*,:
non compliance may be acted upon by
any
the respective CISOs/Department heads.

National lnformatics Centre

10