May 31, 2020, Kathmandu
The Department of Information Technology (DoIT), Nepal has issued security guidelines for websites and apps.
Cyberattacks in Nepal is in an increasing trend. So, the department issued these guidelines keeping in view the increasing incidents of cyberattacks in recent times.
From the very beginning of the lockdown in Nepal, there have been cases of data breaches and website hacks. Examples are Foodmandu – online food delivery service and Vianet – Internet Service Provider. Similarly, threat actors also targeted the website of the Nepal Aviation Authority.
Furthermore, the recent border dispute between Nepal and India triggered a cyberwar between the hackers of the two countries. Indian hackers defaced many government websites easily while hackers from Nepal also defaced several Indian websites.
As the hackers continue to exploit the weakness of government websites, the department issued a notice on Sunday (May 31) urging to be vigilant by following the security guidelines for the safety of websites and apps.
What Does the IT Department Recommend?
Firstly, the department urges to store both online and offline backups of website/web application files. These backup files will help to restore the website in case of any data loss or compromisation. Similarly, it recommends removing unwanted and unused files, databases, or applications hosted on the server.
The department also promotes the use of a strong & encrypted password and SSL encryption for websites and web applications. Likewise, multifactor authentication is recommended.
Usually, keeping applications updated removes existing vulnerabilities. Thus, the department urges to update the server, environment, framework, platform, and script. At the same time, the hosting should restrict the upload of just any type of file.
Take a look at the security guidelines issued by the DoIT: