The usage of remote desktop applications like Anydesk and Teamviewer in government departments is now prohibited under new security rules issued last week by the Indian cyber security body CERTin.
According to the regulations, government agencies must enable multi-factor authentication (MFA) for VPN accounts and use virtual private networks (VPN) to access network resources from remote locations.
"Ensure to block access to any remote desktop applications, such as Anydesk, Teamviewer, Ammyy admin etc," Guidelines on Information Security Practices for Government Entities explained.
The goal of these standards, according to CERT-In (Indian Computer Emergency Response Team), is to create a priority baseline for cyber security procedures and controls within government organisations and their affiliated organisations.
In an official statement, Minister of State for Electronics and IT Rajeev Chandrasekhar stated the government has taken a number of steps to guarantee an open, safe, trusted, and responsible digital world.
"We are expanding and accelerating on Cyber Security with focus on capabilities, system, human resources and awareness. The guidelines are an important part of our larger cybersecurity framework being built under the leadership of our PM Narendra Modi ji, as India takes rapid strides towards USD 1 trillion Digital Economy," Chandrasekhar stated.
The guidelines state that essential servers should either be made stand-alone or part of a specific secure zone. Servers are not required to connect with one another unless they are a part of the same application with dedicated ports and authenticated apps.
It's encouraging that CERT-In has released standard operating procedures in the aftermath of several claims and hypotheses that AIIMS systems were infected with ransomware and exposed to data leaks from government agencies. These will harmonise cyber security practises throughout India. Jiten Jain, director of the Voyager Infosec Digital Lab, predicted that it will lessen the amount of cyber security assaults in the nation.
Additionally, the guidelines include security measures for social media accounts associated with government departments in addition to protection for computer and network infrastructure.
Before anything is put on an official social media account, the guidelines require clearance from the relevant authorities.