102-point advisory issued for government website, data and network security

KATHMANDU, JANUARY 26 : The National Cyber Security Centre (NCSC) has issued a 102-point advisory to safeguard government websites, data, and networks from potential cyber threats. The advisory outlines essential security measures aimed at protecting the information technology systems used by government offices, including websites, applications, servers, networks, desktops, laptops, mobile devices, and social media accounts.

The advisory recommends several actions to enhance security, such as regularly updating websites and conducting security tests. It also advises the implementation of a business continuity plan that includes regular data backups. System updates are emphasized, including updates to antiviruses, operating systems, databases, and application libraries. Additionally, multifactor authentication is encouraged for added protection.

For device security, the advisory advises using only licensed software for desktops, laptops, and printers, ensuring automatic updates for systems and BIOS, and limiting internet access to printers. It also highlights the importance of strong password management, recommending passwords that are difficult to guess and advising users to change them every three months. The use of multifactor authentication is also recommended to enhance privacy.

Regarding internet browsing, the advisory suggests using secure browsing methods and updated browsers while cautioning against sharing personal information on unauthorized websites. It also warns against posting unauthorized content on social media and recommends limiting the amount of personal information shared online. For mobile device security, the advisory stresses the importance of keeping the operating system updated and downloading apps only from trusted sources.

The NCSC has also urged ministries, commissions, and departments to designate focal persons to address any issues with government websites or applications. Furthermore, the Centre has called for regular cybersecurity training for employees to ensure these security measures are implemented effectively.

Director Raj Kumar Maharjan of the NCSC explained that the advisory was prompted by recent cyberattacks and data theft incidents affecting government systems. He emphasized that many of these problems stem from negligence or lack of awareness, and the aim is to reduce these issues by informing users. The advisory is intended for both government employees and the general public, and the Centre believes these measures will strengthen government systems, raise awareness, and improve overall cybersecurity.