The National Cyber ​​Security Center has issued an 'advisory' to change the passwords of information systems of government offices every three months, keep mobile phones away while participating in sensitive discussions, do not install any games on office computers and various other precautionary measures.

The advisory issued by the Center on January 8 includes steps to be taken for website, application, network, data security. Topics include security of government websites, applications, servers, storage, networks, desktops, laptops and printers, password management, ways to avoid email and phishing attacks, social media and mobile security.

In section (a) of the eight-page long advisory, security framework should be implemented on government office websites, data should be regularly backed up and archived, business continuity plan should be implemented, mandatory security audit should be conducted at least once a year, source code should be updated and kept safe, It is mentioned that the source code of the information technology system including the email being used should be updated and kept safe.

'Keep passwords in a non-trivial policy that cannot be easily guessed,' says the advisory, 'Arrange the system to be changed every three months.' Network segmentation to secure servers and other network equipment related to important data and services To implement, arrange for mandatory installation of SSL certificates on websites and applications, access control and door lock systems in data centers and server rooms, IP cameras Asked to connect. 

Section (b) provides guidelines on desktop/laptop and printer security in the office. The measures to be adopted for safe use of these devices and to avoid cyber attacks are to use only genuine licensed operating systems and software, to update the operating system and BIOS firmware regularly, to use antivirus, to lock the desktop and laptop when not in use, GPS, Bluetooth, NFC and Other sensors should be turned on only when needed and turned off otherwise, set unique passwords on shared printers, and not connect printers to the Internet, the Center asked. is. 

'Using hardware VPN or software VPN to remotely access technology and infrastructure in the data center,' the center said, 'not using any external mobile app-based scanner service, such as CamScammer, to scan internal government documents.'

social In terms of network security, it is recommended that government information technology users use and disseminate personal information in a limited and controlled manner. Verify verification before accepting friend requests, do not share government email addresses on social media, and do not post or share internal government information or documents on social media. 

Section (c) mentions the issues that need attention for password management and security. Instead of an easy-to-guess password, you are asked to set a password that contains a combination of upper and lower case letters, numbers, and special symbols. It is recommended not to use the same password for different services and not to keep the default password in any system.

"Mandatory use of multifactor authentication for access to systems containing sensitive data/information," the advisory reads, "do not simply combine words in the dictionary when creating passwords." Do not share system, printer and WiFi passwords with any unauthorized person. Using an offline OTP authenticator app like Google Authenticator.' 

Similarly, section (d) of the advisory covers points to consider regarding internet browsing security. The center said that private browsing or incognito mode should always be used while using government applications, email services, banking services and important digital systems. When opening a website, enter the site by typing the domain name of the website in the address bar of the browser without clicking the link, and do not save the username and password of any website in the browser. It is clearly instructed not to use third-party services like NordVPN, ExpressVPN, Tor and third-party tools like Download Manager, Weather Toolbar, Ask Me Toolbar.

It is mentioned in section (e) of the advisory that it is necessary to be careful before opening emails from unknown persons, to ensure that the attachment is safe before opening it or clicking on the link, not to exchange confidential information through email.

'Don't reply or respond to e-mails, messages, phone calls etc. that are sent with incentives such as prizes, gifts, lottery etc. Or send it encrypted using a digital certificate.' The points that should not be mentioned. It is recommended to download apps only from trusted sources like Google Play Store and Apple App Store, and not to accept Bluetooth pairing or file sharing requests from unknown sources. "Turn off your mobile phone or put it away in a safe place when participating in sensitive discussions," the advisory said, "and disable the automatic download feature on your phone."