All Government employees should take responsibility when using the department’s Information Communication and Technology (ICT) facilities and devices which include access to systems, networks and services such as internet, phone, email, printer, Wi-Fi etc. The Organization monitors and records use of its ICT facilities including the internet, intranet and email. The department’s email system is not an authorized recordkeeping system. Employees when using the department’s ICT facilities and devices should follow adequate access procedures of organization. The Government employees should handle official data with atmost care.
Government Staff must ensure that Confidentiality, Privacy and Commercial Sensitivity Standards, Practices and Requirements are followed to the use the organization equipment and the storage, retrieval, access and while giving out of system and networks information.
Please answer the following questions:
Do you have an official e-mail ID?
Do you follow internet ethics?
Do you have an access policy in your organization?
Do you have any policy guidelines for accessing /using the organization resources?
Do you maintain any confidential data in your organization?
Do you make any download on your official computer?
Do you have security policies in your organization?
Now go through the Guidelines provided to safeguard yourself and organized resources.
Always follow the Internet Ethics while using internet and the moral principles that govern the usage of computers. One of the common issues of computer ethics is violation of copyright issues like illegal downloads from torrents etc. Downloading the document/paper from the internet and distributing to others without proper permission from the author etc. for more
You should be always honest, respect the rights and property of others on the internet. One has to accept that Internet is not a value free- zone .It means World Wide Web is a place where values are considered in the broadest sense so we must take care while shaping content and services and we should recognize that internet is not apart from universal society but it is a primary component of it.
Always use strong login password for the systems/Laptops and need to change once in a 30 days. Do not share the work related information to the peoples outside of your organization. There are social engineering approach like phishing, vishing, baiting, dumpster diving etc to gain access to personal information through misrepresentation. It is the conscious manipulation of people to obtain information without realizing that a security breach is occurring. It may take the form of impersonation via telephone or in person and through email. Some emails lure the receiver into opening an attachment that activates a virus or malicious program in to your computer. You should follow some paper/e-mail methods to give the information to the outside peoples and also the reception/front desk should be aware with such kinds of social engineering attacks.
When surfing the Internet, you always should check about the browser security to avoid risks of exposing personal information such as disabling the option “Remember my ID on this computer”. User ID or Username also should be secured along with password to avoid track passwords by next user. It is good to use “Private Browsing” in Mozilla Firefox Web Browser and “Incognito Window” option in Google Chrome Web Browsers to avoid such type of attacks.
Keep your computer operating system up-to date which is very important to run your computer fast and safe. The security of the operating system running on various PCs plays an important role in the security of the network as a whole. Not updating one system in the network may affect the security of the other systems in the network. Today we have a highly sophisticated operating system with lots of features, but it may be vulnerable if they are not administered, configured and monitored properly. Sometimes updating the operating system with latest patches may lead to interoperability issues with other operating systems. Hence proper care should be taken while updating the operating system in a separate System/PC.
If government employees are using the mobile phones, you have to ensure that serial number/Model number and IMIE Number are maintained in an assets register offline or online. If they are using the personal mobiles/portable devices accessing the organization network must take written approval from their IT Managers/Director to connect the same. Always see the devices which you are using must be meeting the IT Security policies. Use secure passwords to the devices and lock when not in use.
The organization does not accept liability for any loss or damage suffered to personally owned devices as a result of using the department’s ICT facilities, systems, network or services and is not responsible for any repairs or maintenance. The department further does not provide any technical or software support to an employee’s personally owned device. Information and system backup procedures and archiving must be in place to ensure that in the event of a loss restoration can take place within acceptable parameters to ensure business continuity.
Content credits: https://infosecawareness.in