Standalone systems, no internet: MHA issues communique to Centre, state officials after AIIMS server shutdown

New Delhi: The Ministry of Home Affairs on Saturday asked officials to carry out classified work only on a standalone computer not connected to the internet. In a document prepared by MHA's Cyber and Information Security division, personnel was suggested to use strong passwords by combining numerals, letters and special characters which would span at least 10 characters.

"Don't leave the computer unattended with sensitive information on the screen," the official communique to both Central and state government officials, accessed by ETV Bharat, read. It further suggested employees lock the computers before leaving the workplace to prevent any unauthorized access.

Classifying various categories of computer safety, the note included internet browsing, password management, removable information storage media, e-mail communication, home wi-fi network, social media usage by government officials as potential points of attack.

Referring to the use of social media by government officials, the MHA document suggested all personnel including employees, contractual staff, consultants, partners third-party staff etc who manage, operate or support information systems, facilities, or communication networks to not access social media on any official device (computer, mobile etc).

New Delhi: The Ministry of Home Affairs on Saturday asked officials to carry out classified work only on a standalone computer not connected to the internet. In a document prepared by MHA's Cyber and Information Security division, personnel was suggested to use strong passwords by combining numerals, letters and special characters which would span at least 10 characters.

"Don't leave the computer unattended with sensitive information on the screen," the official communique to both Central and state government officials, accessed by ETV Bharat, read. It further suggested employees lock the computers before leaving the workplace to prevent any unauthorized access.

Classifying various categories of computer safety, the note included internet browsing, password management, removable information storage media, e-mail communication, home wi-fi network, social media usage by government officials as potential points of attack.

Referring to the use of social media by government officials, the MHA document suggested all personnel including employees, contractual staff, consultants, partners third-party staff etc who manage, operate or support information systems, facilities, or communication networks to not access social media on any official device (computer, mobile etc).

Also read: Ransomware attack on AIIMS a conspiracy, planned by forces that are significant: MoS IT Chandrasekhar

"Officials should not disclose official information on social media or social networking portals or applications," it also said. Noting social engineering was a common technique to gain access to information through misrepresentation, the ministry alerted officials to stay vigilant on the cyberspace.

"It is the conscious manipulation of people to obtain information without realizing that a security breach is occurring. It may take the form of impersonation via telephone or in person and through email," the MHA stated.

It highlighted unsolicited phone calls, messages and visits from individuals seeking personal or government information as possible social engineering attempts. "If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company," the communication read.

Reiterating that insecure wireless configuration can provide an easy open door for malicious threat actors, the Home Ministry suggested the government officials to use their home Wi-Fi network to do office work and in order to secure their home Wi-Fi network, "turn on WPA2 or higher encryption features in wireless routers."