Amid cyber risks, no data storage on cloud services; action if leakage: DoT to staff

With incidents of cyber attacks on government’s official email ids and websites on the rise, the Department of Telecommunications (DoT) has issued fresh instructions to its employees asking them not to store any official and classified information on private cloud services such as Google Drive, Dropbox, iCloud, and others.

If any such information is stored on these private cloud services, the employee storing such data may be liable for penal action in case of a data breach, the DoT said in a communication to all its staff.

Further, any kind of classified work must be “strictly be carried out only in a standalone computer which is not connected to internet”, the DoT said.

Employees have also been asked to avoid, when on officials tours, any mobile or internet-based service that requires their location, “unless it is necessary for discharge of office duties”.

These instructions are a part of the DoT’s instructions on best information security practices. Last year in July, the telecom department had written to all web portals and websites within its ambit to conduct a security audit and submit a compliance certificate as soon as possible.

The Telecom Ministry had then also written to all other ministries and departments requesting them to migrate their websites and web-portals to the ‘gov.in’ domain by August 31, 2020 if they had not done so already.

A similar letter was sent by DoTto all web portals and websites yielded no results. In that letter, dated October 7, the DoT had said that a security audit was necessary for the “robustness of information systems and associated networks”.

The letter was sent after the DoT was alerted that “data exfiltration” was taking place from one of the web portals of the ministry that did not have a valid cyber-security audit. Data exfiltration occurs when a malware or a virus gains unauthorised access to any computer connected to a network.