NIRD&PR

हिंदी
Skip Navigation Links

INFORMATION SECURITY BEST PRACTICES

General Computer Usage
  • Don't connect your system to internet strictly, when you are carried out with classified work.
  • Don't keep easy password, create strong passwords for login by using a combination of letters, numbers, and special characters with minimum of 8 characters.
  • Don't leave the computer unattended. Always lock your computer before leaving workplace to prevent unauthorized access. Enable auto lock with password protection. (#)
  • Backup your important files at regular intervals to avoid unexpected loss. (#)
  • Do not store or download any official information on computers in cyber cafe, make sure you delete permanently (Shift + Del) all the documents after you are done with your work.
  • File shredder software should be used to delete sensitive files on computers. (Shredder8 software available in windows store). (#)
General Internet Browsing
  • Don’t click on any links, if it's unexpected or suspicious for any reason. Always be careful when clicking on links or downloading.
  • Classified information of government cannot be stored on private cloud services (Google drive, Dropbox, iCloud etc.,) and doing so may make you liable, in case of data leakage.
  • Make a habit of clearing history from the browser after each logout session. (#)
  • When on tour, avoid using services that require location information, unless it is necessary for discharge of office duties.
  • Popup blocker option should be kept turned ON in the browser and may be selectively allowed for trusted sites, if required. (#)
  • "Free" Screensavers etc., often contain malware. So be aware of such online free offers.
  • Don't use website which is not having "https:". Check for an “https:” with a green padlock icon in your browser address bar to verify that a site is secure.
  • Avoid using public computers and public Wi-Fi connections to access and carryout any official work. Accessing government email (gov.in /nic.in) on such computers has a risk.
  • Don't use "Save Password" option prompted by the browser.
Removable Storage Media
  • Removable media should not be taken out of office unless permitted by the competent authority in your office.
  • In order to minimize physical risk, loss, theft or electrical corruption, all storage media must be stored in an appropriately secure and safe environment.
  • In case of damage or malfunction of device, the same should be returned to the designated authority in your office for repair/replacement. Never ever handover such devices to outsiders or other vendors for repair.
  • If the USB device is no longer a functional requirement after issuance, then the same should be returned to the issuing authority.
  • The contents of removable media must be removed/erased after the official purpose has been served.
  • Do not copy the classified data into the removable storage media before encrypting, designated to store classified information. (#)
  • Do not store any classified information in personal / other storage media, it should be stored only on organization allocated removable storage media for work purpose.
  • Do not disable “Show hidden file and folders” option in computer, those are used to view hidden malicious files in USB storage devices.
  • Do not use any removable media without scanning with anti-virus software.
  • Don't leave removable media like USBs, CDs etc., unattended.
Email Communication
  • Don't use private mailing domains, use only Government provided email address for official communications (e.g. gov / nic email).
  • Avoid downloading email attachments or clicking on suspicious links received in emails from unknown or untrusted sources.
  • Do not communicate Classified information via emails.
  • Avoid accessing official email accounts from unsecured and unknown Wi-Fi connections.
  • Don't enable Auto save of password for email accounts.
  • Don't leave the computer with mail account logged in, Logout from mail accounts after your work is done.
  • Do not click on the links received in an email, User should type the complete URL in the browser.
  • Do not open / forward / reply to any suspicious e-mails.
  • Don't click on tiny or shortened URLs (appears like http://tiny.cc/ba1j5y) which you have received from unknown sources. (#)
  • Do not open attachment having extension such as EXE, DLL, VBS, SHS, PIF, SCR. Typical example., .txt.exe, .doc.exe.
Use of Social Media by Government Officers/Officials
  • Do not Access social media on any official device (computer, mobile etc.).
  • Do not Disclose official information on social media or social networking portals or applications.
Avoiding Social Engineering Attacks
  • Be careful to unsolicited phone calls, visits, or email messages from individuals asking about personal or other Government information.
  • Do not reveal personal, sensitive or financial information in email or messages.
  • Don't reveal any sensitive information over phone calls.
  • Be cautious of the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). In general, all government websites have gov.in or nic.in at the end of their names. For example, a malicious website may have name as www.nirdprorg.in or www.nird.pr.org.in against the actual name www.nirdpr.org.in
  • It's safer to type a URL into your browser instead of clicking on a link. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.

Note: For all the items tag with (#), please contact IT Team (CICT) for further details.

 

Last Update :


Return to Top ⇧

National Institute of Rural Development and Panchayati Raj, Rajendranagar, Hyderabad - 500030, T.S, INDIA | Phone: 91-40-24008526 | Fax:91-40-24016500



©2016,IT Team Web and Software Development Centre