Information Security Awareness for Govt. Employee
All Government employees should take responsibility and follow adequate access procedures of organization when using the department's Information Communication and Technology (ICT) facilities and devices which include access to systems, networks and services such as internet, phone, email, printer, Wi-Fi etc. The Organization monitors and records use of its ICT facilities including the internet, intranet and email. The department's email system is not an authorized recordkeeping system. The Government employees should handle official data with atmost care.
Government staff must ensure that Confidentiality, Privacy and Commercial Sensitivity Standards, Practices and Requirements are followed to use the organization's equipment, storage, retrieval and access of information to/from systems and networks.
Please answer the following questions:
- Do you have an official e-mail ID?
- Do you follow internet ethics?
- Do you have an access policy in your organization?
- Do you have any policy guidelines for accessing /using the organization resources?
- Do you maintain any confidential data in your organization?
- Do you make any download on your official computer?
- Do you have security policies in your organization?
If your answer is 'yes' to all these questions then go through the guidelines provided to safeguard yourself and organized resources.
Always follow the internet ethics while using internet and the moral principles that govern the usage of computers. Two common issues of computer ethics is violation of copyright issues like illegal downloads from torrents etc.. Downloading the document/paper from the internet and distributing to others without proper permission from the author etc..
You should always be honest, respect the rights and property of others on the internet. One has to accept that internet is not a value free-zone. It means World Wide Web is a place where values are considered in the broadest sense so we must take care while shaping content and services and we should recognize that internet is not apart from universal society but it is a primary component of it.
Always use strong login password for the systems/laptops and need to change once in 30 days. Do not share any work related information to the people outside of your organization. There are social engineering approach like phishing, vishing, baiting, dumpster diving etc. to gain access to personal information through misrepresentation. It is the conscious manipulation of people to obtain the information without realizing that a security breach is occurring. It may take the form of impersonation via telephone or in person and through email. Some emails lure you into opening an attachment that activates a virus or malicious program into your computer. You should follow some paper/e-mail methods to give the information to the outside people. Even the reception/front desk should be aware with such kinds of social engineering attacks.
When surfing the internet, you should always check about the browser security to avoid risks of exposing personal information such as disabling the option “Remember my ID on this computer”. User ID or Username also should be secured along with password to avoid track passwords by next user. It is good to use “Private Browsing” in Mozilla Firefox web browser and “Incognito Window” option in Google Chrome web browsers to avoid such type of attacks.
Keep your computer operating system up-to-date which is very important to run your computer fast and safe. The security of the operating system running on various PCs plays an important role in the security of the network as a whole. Not updating one system in the network may affect the security of the other systems in the network. Today we have a highly sophisticated operating system with lots of features, but it may be vulnerable if they are not administered, configured and monitored properly. Sometimes updating the operating system with latest patches may lead to interoperability issues with other operating systems. Hence proper care should be taken while updating the operating system in a separate system/PC.
If government employees are using the mobile phones, you have to ensure that serial number/model number and IMIE Number are maintained in an assets register offline or online. If they are using the personal mobiles/portable devices accessing the organization network must take written approval from their IT Managers/Director to connect the same. Always see that the devices which you are using must meet the IT security policies. Use secure passwords to the devices and lock when not in use.
The organization does not accept liability for any loss or damage suffered to personally owned devices as a result of using the department's ICT facilities, systems, network or services and is not responsible for any repairs or maintenance. The department further does not provide any technical or software support to an employee's personally owned device. Information and system backup procedures and archiving must be in place to ensure that in the event of a loss restoration can take place within acceptable parameters to ensure business continuity.