Finance Ministry Issues Instructions regarding NIC Guidelines on Cyber Security to Officers

The Ministry of Finance, Department of Revenue has issued a set of Instructions to all officers/officials of the Department of Revenue to follow Cyber Security Guidelines issued by the National Informatics Centre (“NIC”) to ensure Cyber Security in the Department.

The Ministry stated that in accordance with the NICs instructions, all officers/officials of the Department of Revenue are required to follow the Cyber Security Guidelines issued by the NIC to ensure Cyber Security in the Department.

1. Use complex password with a minimum length of 8 characters, using a combination of capital letters, small letters, numbers and special characters.
2. Change your passwords at least once in 45 days.
3. Use multi-factor authentication, wherever available.
4. User shall strictly be advised to download KAVACH application only from kavach.mail.gov.in and keep a check on Registered Devices’ and ‘User Country Policy’ in Kavach App/Web portal to allow only permitted devices and country to access respectively.
5.  Save your data and files on the secondary drive (ex: d:\). Maintain an offline backup of your critical data.
6.  Keep your Operating System and BIOS firmware updated with the latest updates/patches. Install centralized antivirus client offered by the Government on your official desktops/laptops.
7. Ensure that the antivirus client is updated with the latest virus definitions, signatures and patches.
8.  Observe caution while opening any links shared through SMS or social media, etc., where the links are preceded by exciting offers/discounts, etc., or may claim to provide details about any current affairs. Such links may lead to a phishing/malware webpage, which could compromise your device.
9.  Use authorized and licensed software only.
10. When you leave your desk temporarily, always lock/log-off from your computer session.
11. When you leave office, ensure that your computer and printers are properly shutdown.
12. Keep the GPS. Bluetooth, NFC and other sensors disabled on your computers and mobile phones. They maybe enabled only when required.
13. Use a Standard User (non-administrator) account for accessing your computer/laptops for regular work.
14.  Observe caution while opening any shortened uniform resource locator (URLs) (ex: tinyurl.com/ab534/). Many malwares and phishing sites abuse URL shortener services.