The Federal Board of Revenue (FBR) has warned tax officials working from home to take extra precautionary measures to avoid cybersecurity threats that may result in the leakage of the confidential data of the taxpayers who are registered with the FBR.
The Pakistan Revenue Automation Limited (PRAL)-IT arm of the FBR has issued a stern warning regarding this to the tax officials who are work from home.
Senior FBR officials informed ProPakistani that necessary measures are being taken to avoid the theft of data and that other security issues during the current circumstances of the COVID-19 pandemic are also being addressed.
As per PRAL’s letter to the tax officials of the FBR, officials switching to working remotely because of the ongoing pandemic can create cybersecurity problems for an organization like the FBR and its employees. It added that attackers are exploiting the situation, which is why the officials must be wary of phishing emails, scams, and other hacking attempts.
Additionally, a new type of phishing attack that is focusing on COVID-19 is on the rise. Phishing 85 spam emails are sent to users instructing them to open an infected word document, claiming it to be an update report from either the World Health Organization (WHO) or the Pakistani Health Authorities.
Therefore, all the FBR’s resources who have been authorized to Work from Home (WFH) are directed to adhere to the following strategy points by the FBR:
- Avoid public Wi-Fi networks, and use the PRAL-recommended VPN for secure communications.
- The use of remote desktop software like TeamViewer, Anydesk, etc. is strictly prohibited.
- Ensure the use of a secure connection for your WFH environment.
- Keep passwords strong and change them regularly. Always memorize passwords; do not write them.
- Enable Two-Factor (2FA) or Multi-Factor Authentication, wherever possible.
- Encrypt home PC hard drives and USB sticks to save data in case of theft.
- Keep home PC operating systems patched. Install 85 updates on home PCs with top-rated antivirus, anti-malware 85 firewalls. Get the latest freeware antivirus and other security software from PRAL’s Technical Support team.
- Ensure that all the security software on home PCs is updated. Privacy tools, add-ons for browsers, and other patches also need to be checked regularly.
- All WFH resources are advised to communicate using official FBR emails only.
- All FBR remote workers are advised to be suspicious of emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source.
- The authenticity of the sources of such requests must be verified through other means. Do not click on suspicious links or open suspicious attachments.
- Always scan a suspicious file using an antivirus software recommended by the PRAL Technical Support team.
- All sensitive information must be handled with care, and its dissemination to all the concerned must be done through secure means.
- Beware of pop-ups on internet browsers or desktop screens. Do not enter confidential information on a pop-up screen.
- Establish and have signed a departmental-wise cybersecurity policy/undertaking from your team members who are working remotely from home.
- Have a back-up strategy. All important data should be backed up regularly.
- All the officers are to provide their teams with basic security knowledge, and are to contact PRAL for assistance in this regard.
- All the functional heads are advised to develop a contingency plan in coordination with PRAL. Contact PRAL Technical Support team for any assistance.
- In case of infections/compromises in your home computer system, immediately disconnect the computer from the Internet and contact the PRAL Technical Support team for advice.