Govt employees asked not to use third-party VPN, Google Drive and Dropbox

Ten-page guideline from National Informatics Centre issues 'do's and don'ts' for cyber security

VPN, Virtual Private Network, VPN connection
The NIC’s 10-page guideline asks employees not to use third party toolbars, like download manager or weather tool bar in internet browsers, or external email services for "official communication"
BS Web Team New Delhi
2 min read Last Updated : Jun 17 2022 | 10:52 PM IST
Indian government employees are advised not to use third-party virtual private networks (VPN) and cloud services like Google Drive and Dropbox, according to a 24-point "cyber security don’ts" issued by the state’s National Informatics Centre (NIC).  
The NIC’s 10-page guideline asks employees not to use third party toolbars, like download manager or weather tool bar in internet browsers, or external email services for "official communication".

"Don’t use any 3rd party anonymization services (ex: Nord VPN, Express VPN, Tor, Proxies, etc.),” says the eighth point of don’ts. That advisory comes weeks after NordVPN, ExpressVPN, Surfshark, and Tor pulled out of India after the country’s Computer Emergency Response Team (CERT-In’s) asked all VPN service providers to store user data for five years.

“All government employees, including temporary, contractual, and outsourced resources, are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads,” said the NIC document labeled "restricted" and available on the highways ministry’s website.

“The increasing adoption and use of ICT has increased the attack surface and threat perception for the government due to a lack of proper cyber security practices followed on the ground. In order to sensitise the government employees and contracted/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled,” the note added.

BusinessLine website reported that a senior NIC official confirmed the guidelines but declined to give details.

The NIC document has a 25-point list of "security do’s", asking employees to use authorised software and report suspicious mails.

One subscription. Two world-class reads.

Already subscribed? Log in

Subscribe to read the full story →
Subscribe to Business Standard digital and get complimentary access to The New York Times

Quarterly Starter

₹900

3 Months

₹300/Month

SAVE 25%

Smart Essential

₹2,700

1 Year

₹225/Month

Save 46%

Super Saver

₹3,900

2 Years

₹162/Month

Subscribe

Renews automatically, cancel anytime

Here’s what’s included in our digital subscription plans

Access to Exclusive Premium Stories Online

  • Over 30 behind the paywall stories daily, handpicked by our editors for subscribers

Complimentary Access to The New York Times

  • News, Games, Cooking, Audio, Wirecutter & The Athletic

Business Standard Epaper

  • Digital replica of our daily newspaper — with options to read, save, and share

Curated Newsletters

  • Insights on markets, finance, politics, tech, and more delivered to your inbox

Market Analysis & Investment Insights

  • In-depth market analysis & insights with access to The Smart Investor

Archives

  • Repository of articles and publications dating back to 1997

Ad-free Reading

  • Uninterrupted reading experience with no advertisements

Seamless Access Across All Devices

  • Access Business Standard across devices — mobile, tablet, or PC, via web or app

Topics :Opera VPNGoogle CloudDropboxcyber securityNational Informatics Centre

Next Story