In its first-ever social media and Internet policy for government employees, the Union Home Ministry has cautioned its employees against accessing social media on official devices, including mobile phones and computers, unless permitted. In addition, it has also directed officials not to carry out classified work on computers connected to the Internet and instead use standalone systems.

The 24-page MHA note stated, “All personnel, including employees, contractual staff, consultants, partners, third-party staff who manage, operate and support information systems, facilities, communication networks and information created, accessed, stored and processed by or on behalf of the government, unless authorized to do so, shall not disclose official information on social media or social networking portals or applications.”

The norms come as the ministry’s cyber and information security division that deals with cybercrime wants to prevent security breach and ensuring the sensitivity of data. An official told ET that on an average, 30 attempts are made every day by foreign entities to hack into or deface government portals and unlawfully extract confidential information. In addition, a large number of employees use smartphones and at times get exposed to malware-infected website unknowingly

The note further added that no classified information of government can be stored on private cloud services (Google drive, Dropbox, iCloud etc) and doing so may make one liable for penal action, in case of data leakage. It also states that classified data should be encrypted before copying into the removable storage media designated to store classified information. It mandates that classified information should be stored only on the organization allocated removable storage media for work purpose. Also, it further bans taking away a USB device out of offices unless authorized.

Similarly, for e-mail communications of government employees, the ministry mandated that classified information should not be communicated via emails and official email accounts should not be accessed from public Wi-Fi connections.

As per a recent survey titled “D&O: Personal Exposure to Global Risk” by Willis Towers Watson,cyber-attack and data loss/breach top the list of risks which are causing directors of companies most concern.