Cyber Security Policy 2080

1st January 2022, Kathmandu

Cybercrime is a term that is related to the internet’s relationship to technological and electronic elements, including software, hardware, and information systems.

Cyberlaw of Nepal was established on 15th September 2004.

Why are banks getting threats for a cyber attack?

In July 2021, fifteen banks in Nepal were threatened by an email sent by a group illustrating that the system has been compromised. The email created lots of panic in the banking sector, but later nothing happened.

Similarly, recently in December, an email was received threatening to compromise various systems of the bank. Cyber attacks can cause substantial financial losses for banks and customers. Banks also stand to suffer significant reputational damage as a direct consequence of a data breach, leading to a progressive erosion in customer trust, competitive advantage, and a narrowing of future sources of revenue.

Why is the Nepali finance sector getting such threats? What can we do to minimize the risk of cybercrime?

Cybersecurity is an important component as it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems. Here are some which can prevent or at least help in the situation.

  1. Evaluate the cloud security’s current state against security benchmarks, best practices, and compliance standards.
  2. Keep all systems up to date to minimize vulnerability and avoid side loading applications to minimize the chances of zero-click attacks.
  3. Formulate a well-structured disaster recovery plan to avoid massive data loss and downtime in case of a cyber-attack.
  4. Use vulnerability management tools to automate threat detection and protect against potential threats.
  5. Install automated backup options with secured encryption and Privileged access management (PAM)
  6. Many users never change their passwords. Or even if they do, they just make cursory changes. This leaves such accounts vulnerable. Using Multi-Factor Authentication (MFA) as a protection layer (introducing another factor of authentication such as sending a code sent to a customer’s mobile phone or email address) decreases the chance of a breach.
  7. Blocking all emails from illegitimate email senders.

For tracing email sources, there are different tools –


Please enter your comment!
Please enter your name here