PS ICT & Innovation releases guidelines on cyber hygiene for government staff working from Home
The Principal Secretary, State Department of ICT & Innovation, Jerome Ochieng, has released guidelines on cyber hygiene for government staff working from home.
In a letter dated 19th March to all Ministries, Departments & Agencies, the PS pointed out that this was in line with the Presidential Directive to deter the spread of the virus, Government Offices, Businesses and Companies are encouraged to allow employees to work from home, the Ministry of ICT has activated policy guidelines on Information Security as well as the internet and other support services.
The PS noted that the ICT Authority, a State Corporation under the Ministry of ICT is mandated to establish, develop and maintain secure ICT infrastructure and systems, has put in place the following measures to ensure cyber hygiene and security of government of Kenya systems is maintained in line with the GoK Information Security Standard:
1. To staff in all Government agencies who are logging & Accessing Government Systems, to comply with the following guidelines:
(a) To Secure Wi-Fi and VPN connection, all remote connections to critical government systems shall be via secure VPN connections and where possible, limit and monitor the staff connections continuously.
(b) All Ministries, Departments & Agencies should ensure they have in place valid and updated Anti-virus and Anti-Malware Software.
(c) All Ministries, Departments & Agencies should ensure their Security tools/Softwares such as privacy tools, add-ons for browsers have been updated with the latest patch levels and regularly checked/monitored.
(d) Agencies shall ensure that critical systems are regularly backed up in line with their respective backup policies.
(e) For all government communications, all Government of Kenya employees shall use secure connections that guarantee encryption (ssl).
(f) ICT Officers and Information Security officers of the respective Agencies are advised to be extra vigilant and to continually monitor their Infrastructure and security systems. Any unusual and strange activity on the networks they manage must be flagged out and reported using the respective escalation lines.
2. The next set of measures are targeted at staff engaged in teleworking:
(g) All government of Kenya employees to ONLY use secure Public Wi-Fi Access points in connecting to government systems.
(h) Access to all critical government systems/data shall be restricted to the designated VPN link/Connection by the relevant Ministry, Department & Agency.
(i) All government Agencies are to activate a Clear Screens Policy to ensure that Screens for teleworking devices are locked at all times of inactivity. This is to ensure that confidential, restricted or sensitive information is kept out of unauthorized access.
(j) Only use authorized back-up and storage media to be used by Officers if working and doing backup remotely.
(k) All government of Kenya should ensure their machines are running the latest patch level of an Anti-Virus and anti-Malware.
(l) All employees to ensure that their laptops and Machines require authentication & Log-ins prompt for any user to log-in.
(m) Employees are discouraged from the use of public cyber cafes to access government systems but instead encouraged to use private connections (data bundles)
(n) All Officers are required to report any unusual and strange activity on your machines and laptops to your respective ICT contact persons.
(o) Government of Kenya Employees shall be vigilant and wary of social engineering schemes not to divulge sensitive government information through coercion.
Compliance with these instructions and initiatives for both the staff and agencies will greatly enhance the safety and hygiene of our systems across government.
In the event there be a business need to assist please urgently, the PS asked agencies to notify ICT Authority through firstname.lastname@example.org
Dated Saturday 4th April 2020