Amid cyber dangers, no knowledge storage on cloud providers; motion if leakage: DoT to workers

With incidents of cyber assaults on authorities’s official e mail ids and web sites on the rise, the Department of Telecommunications (DoT) has issued contemporary directions to its staff asking them to not retailer any official and categorised info on non-public cloud providers similar to Google Drive, Dropbox, iCloud, and others.
If any such info is saved on these non-public cloud providers, the worker storing such knowledge could also be answerable for penal motion in case of a knowledge breach, the DoT mentioned in a communication to all its workers.
Further, any type of categorised work have to be “strictly be carried out only in a standalone computer which is not connected to internet”, the DoT mentioned.
Employees have additionally been requested to keep away from, when on officers excursions, any cellular or internet-based service that requires their location, “unless it is necessary for discharge of office duties”.
These directions are part of the DoT’s directions on greatest info safety practices. Last 12 months in July, the telecom division had written to all net portals and web sites inside its ambit to conduct a safety audit and submit a compliance certificates as quickly as potential.
The Telecom Ministry had then additionally written to all different ministries and departments requesting them emigrate their web sites and web-portals to the ‘gov.in’ area by August 31, 2020 if that they had not carried out so already.
An analogous letter was despatched by DoTto all net portals and web sites yielded no outcomes. In that letter, dated October 7, the DoT had mentioned {that a} safety audit was obligatory for the “robustness of information systems and associated networks”.
The letter was despatched after the DoT was alerted that “data exfiltration” was happening from one of many net portals of the ministry that didn’t have a sound cyber-security audit. Data exfiltration happens when a malware or a virus positive factors unauthorised entry to any pc linked to a community.