Cyber Security audit of different Ministries and Departments has revealed repetitive critical oversights and non-conformities, particularly connectivity of internal networks with the internet, ineffective password management policy, and credentials sharing.
The National Telecommunication and Information Security Board (NTISB) has issued a ‘Cyber Security Advisory – User Level Common Oversights’ while saying that cyber security audit of different Ministries/Departments has revealed repetitive critical oversights/non-conformities, particularly the following:
- Connectivity of internal networks with the internet.
- Ineffective password management policy.
- Credentials sharing.
- Device control mechanisms are observed.
Following remedial measures to safeguard against falling prey to Cyber incidents are emphasized:
- All internal-network-based IT systems/user terminals (including official correspondence system) should not be connected to internet.
- Password policy be enforced on all systems. Minimum criteria should include 10x character length (at least 1x special and 1x upper case character).
- Passwords must not be saved in browsers nor written/pasted on desks. Clear desk/clear screen policy be ensured by all appointments.
- Sharing of credentials (user name/password) be strictly avoided.
- Separate USBs (after whitelisting) be used for official systems.
- Strict device-control policy, particularly on USBs be implemented.
- Forwarding of official e-mails to personal e-mail accounts be strictly avoided.