Several steps taken to check data compromise, phishing
Mohinder Verma
JAMMU, May 21: In view of growing risks associated with unauthorized digital platforms and incidents of data compromise and phishing, the Government of Union Territory of Jammu and Kashmir has deactivated with immediate effect all privately hosted/unauthorized departmental websites and made it clear that no official communication will be made or responded to if transmitted from non-Government email accounts such as Gmail, Yahoo, Rediffmail etc.
Follow the Daily Excelsior channel on WhatsApp
EXCELSIOR in its edition dated May 14, 2025 had exclusively reported that official websites of several Government departments and Public Sector Undertakings (PSUs) have been disabled after they failed to produce valid security audit certificates from the CERT-In (Computer Emergency Response Team-In), which offers security audit and certification process to help organizations validate their websites security and protect against potential cyber threats.
Now, the Government has taken several steps to ensure adoption of standard cyber security practices and compliance with Information Technology governance protocols. Further, several instructions have been issued for enforcing secure, standardized and policy-compliant digital and IT environment across Government establishments.
It has come to notice that various departments are operating official websites using private domains such as “.com”, “.org” or “.net” which are not aligned with Government of India guidelines on official domain usage, the General Administration Department has mentioned in a circular issued following discussions held in a meeting chaired by Chief Secretary.
Accordingly, all such privately hosted/unauthorized departmental websites have been deactivated forthwith and NIC, J&K Centre has been asked to assist departments in migrating all existing websites to secure and authenticated Government domains preferably under “.gov.in” or “.jk.gov.in”. “No future departmental websites shall be developed or hosted on non-Government domains and all proposals for new websites must be routed through NIC and approved by Information Technology Department”, read the instructions.
Moreover, to maintain data confidentiality and prevent leakage of sensitive information, no official communication will be made or responded to if transmitted from non-Government email accounts such as Gmail, Yahoo, Rediffmail etc. “All officers and officials shall mandatorily use NIC-provided email IDs (..@jk.gov.in/…@gov.in” ) for all forms of official correspondence. The Heads of Departments shall ensure immediate issuance and activation of official NIC email IDs for all staff involved in administrative or public-facing roles. Any email received from non-NIC domains shall be treated as unofficial and may not be acted upon”, the circular read.
All the Chief Information Security Officers (CISOs) and Information Security Officers (ISOs) designated in each department have been asked to conduct a detailed census and audit of IT infrastructure which include number and specifications of desktop/laptop systems, status of operating systems, inventory of installed software (genuine or pirated), antivirus/firewall status and last update logs and network architecture, access points and security configuration.
It has been made clear that all machines must run genuine, licensed and currently supported operating systems and no pirated, obsolete or end-of-life software is used. Moreover, NIC has been asked to organize mandatory sensitization sessions for departmental CISOs/ISOs.
All the departments have been asked to ensure that procurement of IT hardware conform to the minimum technical specifications notified by the Information Technology Department and they must discontinue usage of pirated or obsolete software including unlicensed office suites, design tools or database applications.
Each and every department is under instruction to submit a detailed compliance report to the Information Technology Department through their respective administrative departments within 15 days. The report will specifically include domain name status of departmental websites, compliance with Government email usage, audit findings from IT infrastructure census and list of pirated/outdated software, if any, and proposed rectification plan.
“Failure to adhere to these instructions will be viewed seriously and may invite disciplinary action under relevant rules governing official conduct, IT usage and administrative responsibility. All the departments shall accord top priority to the implementation of these guidelines in the interest of secure and accountable e-governance”, read the circular.
Follow our WhatsApp channel
