- Do not leave the desktop screen unattended with sensitive information on screen. Use a temporary lock by typing ‘windows +L’ or ‘Ctrl + Alt + Del’
- Use shortened URL expander websites (www.expandurl. net) to take an informed decision about the website where you are about to be directed by clicking on an unknown link
A set of cyber safety guidelines has recently been circulated among all state government officials across all government departments.
The guidelines have been drafted by a team headed by former Kolkata police commissioner Rajeev Kumar who is now the state’s information technology secretary.
While he was the city police commissioner, Kumar was known for his IT prowess. He had also been accused by some sections of stretching the scope of technology in surveillance and investigation.
A cyber security manual drafted by “none other than Rajeev Kumar” and his team has naturally created a buzz in informed circles.
The guidelines issued by the Cyber Security Centre of Excellence — a unit of the IT department, headed by Kumar — range from small steps to protect one’s email or desktop password to sharing advice on the maintenance of backup data. “...Without data, decision making will be reduced to intelligent guesswork.
Hence, there is a tendency on the part of every application to collect as much user data as possible with an ostensible purpose to improve the experience of the user,” Kumar has mentioned in the document addressing all government employees in West Bengal.
“However, this tendency to collect data has raised serious privacy concerns and in many cases has resulted in irreparable loss to users. Hence, understanding the role as a user what to share and what not to share; also, at the same time, understanding as government organisation/employee how much data to collect, how to keep the collected data securely and who to allow use of this collected data are the natural questions which need elaborate and detailed explanations,” he has added.
Kumar is a 1989-batch IPS officer and a BE in computer science from the erstwhile University of Roorkee (now the Indian Institute of Technology, Roorkee).
In the guidelines, all government employees have been advised to take precautions while setting passwords.
“Use a passphrase instead of a password, use nonsensical unusual words and avoid easy-to-guess words or common number patterns,” the guideline mentions.
Multifactor authentication while registering in e-mails or social media platforms — adds an extra layer of security by sending a One-Time Password to the registered mobile number. “By adding a layer of authentication, one can get an instant alert on his or her phone if there is any attempt to breach his or her email or social media profile,” said an IPS officer who is not attached to the IT department but is privy to the content of the guidelines.
The guideline mentions that government officials should “never leave their computers unattended with sensitive data on their screen and should always lock the screen by typing ‘windows +L’ or ‘Ctrl + Alt + Del.’”
Several bureaucrats The Telegraph spoke to said government officials were especially vulnerable to online crimes and data theft and were exposed to a variety of people whom they have to interact with without any background check or identity verification.
By virtue of their post, their official email IDs and phone numbers are also in the public domain, which can be easily targeted.
The Telegraph had reported a few weeks ago how a senior official of the state housing department was targeted by a cheat posing as the secretary of the department, asking him to pay money through WhatsApp.