To ensure the security of stored data on newly purchased computers intended for critical use, all departments are advised to adhere to the following guidelines:

• Pre-Purchase Consideration: Departments procuring new computers for critical operations must ensure that the systems meet the necessary security and compliance standards.
• Mandatory Security Check: Before deployment, the Computer Centre shall conduct a comprehensive security check on all newly acquired systems intended for critical-use. This includes detecting any hidden files, folders, or features that could potentially compromise data security.
• Departmental Coordination: Departments must coordinate with the Computer Centre before putting newly acquired systems into operation to ensure proper verification and risk mitigation.
• Implementation & Compliance: The security verification process is mandatory for all critical-use systems, and departments must obtain clearance from the Computer Centre prior to deployment.

To enhance cybersecurity and safeguard official data, all departments are advised to implement the following measures:

• Admin Privileges: Administrative privileges for computers used for internet browsing shall be restricted to the System Administrator only. All other users should be granted only standard user privileges to minimize security risks.
• Data Storage Restriction: Users with access to internet-connected computers are strongly advised not to store any official data on these systems to prevent potential data breaches.
• Access Control: Any computer storing official data must not be accessible from external sources via the internet. This measure is enforced for all essential services. For other systems, departments must ensure strict compliance with this guideline to prevent unauthorized access.
• Implementation & Compliance: Departments must coordinate with their respective technical teams to implement these security measures effectively. The Computer Centre will provide necessary assistance in enforcing these protocols.

To enhance security and prevent unauthorized access, all departments are advised to implement the following measures:

• Disabling File & Print Sharing: If file sharing is not essential for daily operations, departments must ensure that file and print sharing features are disabled on all computers to minimize potential security vulnerabilities.
• Restricting Remote Access: Remote access to computers should be restricted unless explicitly required for operational needs. Only authorized personnel should be granted remote access, and appropriate security measures must be in place.
• Implementation & Compliance: Technical teams within each department should verify and enforce these security settings on all systems. The Computer Centre will provide guidance and support where necessary.

To prevent data loss due to incidents such as malware infections, hardware failures, and software malfunctions, all departments are advised to implement the following data backup measures:

• Regular Data Backup: Departments must ensure that critical data is backed up periodically. Backup frequency should be determined based on the sensitivity and criticality of the data.
• Backup Security: All backup data should be encrypted and securely stored to prevent unauthorized access and potential data breaches.
• Restoration Procedures: Departments should establish clear procedures for data restoration to ensure quick recovery in case of data loss. Regular testing of backup restoration should be conducted to verify its effectiveness.
• Compliance & Monitoring:
  - This directive is enforced for all essential services within the organization.
  - Department heads are instructed to oversee the implementation of these backup measures.

To ensure data security and prevent unauthorized access, all departments are advised to strictly adhere to the following guidelines:

• Prohibition of Cloud Storage Usage: No official documents should be synchronized or stored on third-party cloud storage services. This measure is essential to protect sensitive information from potential breaches and unauthorized access.
• Data Storage Compliance: Departments must ensure that all official documents are stored only on secure internal servers or designated local storage systems.
• Departmental Responsibility: All department heads must ensure compliance with this advisory and prevent the use of unauthorized cloud storage for official data.

To maintain cybersecurity and prevent potential threats, all departments are advised to adhere to the following guidelines:

• Mobile Charging Restriction:
  - Mobile phones should not be charged using data cables connected to CPUs or computers.
  - Using data cables for charging poses a security risk, as it may lead to unauthorized data transfer or malware infections.
• Prohibition of Unauthorized File Uploads:
  - Uploading or storing songs, games, or any non-work-related files on office computers is strictly prohibited.
  - Such files may introduce security vulnerabilities, impact system performance, and divert resources from official tasks.

To mitigate the risk of residual critical digital data remaining after an insecure deletion on PC-based systems, all departments are advised to implement the following measures:

• Use of Secure Deletion Software:
  - Departments, especially those handling sensitive data and R&D activities, should utilize file and folder deletion software that ensures the secure removal of data from secondary storage.
  - This measure will prevent unauthorized recovery of deleted data, thereby enhancing data security.
• Compliance and Best Practices:
  - Departments should establish internal guidelines to ensure that all critical digital data is securely deleted when no longer required.
  - Employees should be trained on proper data deletion practices to reduce the risk of data remnants being exploited.
• Departmental Responsibility:
  - All department heads must ensure compliance with this advisory and encourage the adoption of secure deletion practices within their respective department.

To enhance cybersecurity and detect potential threats, all departments are advised to implement the following measures:

• Enabling Hidden and System File View:
  - The option to view hidden files and system files must be enabled on all computers.
  - The setting "Hide protected operating system files" should be disabled to allow visibility of all files, including potentially harmful hidden files.
• Detection of Malicious Files:
  - This measure is particularly important for identifying unusual or hidden files in USB storage devices, which may contain malware or other security threats.
  - Users should regularly check for any unauthorized or suspicious files and report them to the Cybersecurity Team.
• Implementation and Compliance:
  - For essential services, make sure these security settings have already been enforced.
  - Technical teams within departments should ensure that these settings are applied across all systems and educate students/staff on recognizing potential threats.

To ensure robust cybersecurity and system integrity, all departments are advised to implement the following measures:

• Regular Updates:
  - Operating Systems (OS), Antivirus software, and other applications must be updated regularly to safeguard against security vulnerabilities and emerging threats.
  - Automatic updates should be enabled wherever possible to ensure timely patching.
• Use of Licensed Software:
  - Departments must use a licensed version of Windows to ensure access to the latest security updates, including Microsoft Windows Defender updates.
  - Unauthorized or outdated software poses security risks and must be avoided.
• Safe Antivirus Installation:
  - Antivirus software should preferably be downloaded by CDs instead of pen drives to reduce the risk of malware infection during installation.
  - Technical teams of the concerned departments should ensure that only verified and updated antivirus versions are used across all systems.
• Implementation & Compliance:
  - Department heads must oversee the enforcement of these security measures.

To enhance cybersecurity and prevent the risk of malware infections, all departments are advised to adhere to the following guidelines:

• Restriction on Pen Drive Usage:
  - The use of pen drives on official computers and laptops should be restricted.
• Mandatory Malware Scanning:
  - Departments should ensure that all systems have updated antivirus software capable of detecting and removing potential threats.
• Implementation & Compliance:
  - Technical teams of the department must implement security policies restricting unauthorized USB device usage.
  - Employees should be trained on safe data transfer practices and the risks associated with using external storage devices.

To enhance cybersecurity and protect sensitive data, all departments are advised to implement the following measures:

• Periodic Security Audits:
  - Computers used for sensitive work and R&D must undergo regular security audits conducted by the in-house audit team of the concerned department.
  - These audits will help identify vulnerabilities and ensure compliance with security protocols.
• Incident Reporting:
  Any security breach, including but not limited to:
  1. Hacking attempts
  2. Malicious emails (phishing, malware attachments, etc.)
  3. Virus or ransomware attacks
  4. Theft of computer hardware
  5. Unauthorized use of personal storage devices (USBs, external hard drives, etc.)
  Must be reported immediately to the Cybersecurity Team cybersecurity@iitk.ac.in. Prompt reporting will allow swift action to mitigate risks and prevent further damage.
• Departmental Responsibility:
  All department heads must ensure compliance with this advisory and actively support security audits and incident reporting procedures.

To prevent unauthorized data transfer and potential security breaches, all departments are advised to implement the following measures:

• Prohibition of Mobile Phone Connections:
  - Mobile phones should not be connected to official computers or laptops via USB cables, Bluetooth, or any other means.
  - This measure is necessary to prevent the risk of malware infections and unauthorized data transfer from official systems to mobile devices.
• Security Risks:
  - Infected mobile phones may contain undetected malware capable of copying sensitive data from computers to the phone’s memory card.
  - Such malware can later transmit confidential data to unauthorized sources without detection.
• Implementation & Compliance:
  - Technical teams within departments must enforce technical restrictions to block unauthorized mobile device connections.
  - Students/Staff should be made aware of the risks and must strictly adhere to this policy.

To prevent potential security threats and unauthorized data access, all departments are advised to implement the following measures:

• Restriction on External Media Usage:
  - Pen drives, CDs, and other external media devices brought from outside should not be used on official PCs within the unit.
  - This precaution is necessary to prevent malware infections, unauthorized data transfers, and potential security breaches.
• Designated Standalone PC for Presentations:
  - A separate, standalone PC should be chosen for presentations and other temporary external media usage.
  - This system should be isolated from the main network to minimize security risks.
• Implementation & Compliance:
  - Technical teams within departments must enforce technical restrictions to block unauthorized external device connections.
  - Students/Staff should be informed and trained on this policy to ensure strict adherence.