Online Etiquette and Cybersecurity

The collection, analysis, and reporting of EiE data (such as information on displaced children, teacher locations, and damaged infrastructure) require vigilance to protect against cyber threats. The goal is to ensure data integrity, confidentiality, and availability.

What to Look Out For (Key Risks)

Officials must be aware of the following primary online security risks:

• Phishing and Social Engineering:

  • Risk: Deceptive emails, calls, or texts attempting to trick you into revealing login credentials, passwords, or sensitive data. For example, an email seemingly from a UN partner requesting your login to "verify a critical report."

  • Impact: Unauthorized access to the Education Management Information System (EMIS), financial systems, or private communications.

• Malware and Ransomware Attacks:

  • Risk: Malicious software (like viruses or ransomware) that can be downloaded by clicking a suspicious link or opening an infected attachment.

  • Impact: Encryption and loss of critical EiE data (e.g., student lists, assessment results), system downtime, and potential ransom demands.

• Weak Passwords and Authentication:

  • Risk: Using simple, short, or reused passwords across multiple government and personal accounts.

  • Impact: Easy access for attackers, especially to accounts holding sensitive data, as simple passwords can be cracked quickly.

• Data Interception (Man-in-the-Middle):

  • Risk: Data transmitted over unsecured Wi-Fi networks (e.g., in public places) can be intercepted by a malicious third party.

  • Impact: Confidential information about beneficiaries or staff being stolen while in transit.

• Outdated Software and Systems:

  • Risk: Using old operating systems (Windows, macOS) or applications that contain known security flaws (vulnerabilities) that hackers can exploit.

  • Impact: Providing an "open door" for attackers to penetrate your device or the ministry's network.

How to Keep Yourself Safe (Best Practices)

Officials must adopt a proactive security culture with these key protective measures:

1. Protect Your Credentials and Access

• Use Strong, Unique Passwords: Create long, complex passwords (at least 12 characters, mixing letters, numbers, and symbols) for every work system. Never reuse the same password across multiple accounts. Consider using a trusted password manager.

• Enable Multi-Factor Authentication (MFA): Where available, always activate MFA (e.g., a code sent to your phone after entering your password). This prevents an attacker from logging in even if they steal your password.

• Practice "Think Before You Click": Never click on links or download attachments from an unexpected or suspicious email. Verify the sender's identity through a separate channel (like a phone call) if the request is unusual or urgent.

2. Secure Your Data and Devices

• Encrypt Sensitive Data: Ensure that all sensitive EiE data is encrypted both at rest (when stored on a computer or server) and in transit (when sharing or uploading it online). Use secure government platforms and encrypted file formats.

• Maintain Up-to-Date Software: Regularly install operating system and application security updates and patchesimmediately when they are released. These updates often fix critical security vulnerabilities.

• Use Anti-Malware Software: Ensure you have reputable anti-virus/anti-malware software installed and running on your work devices, and that its definitions are updated daily.

• Backup Data Regularly: Maintain regular, encrypted backups of critical EiE data, preferably stored offline or in the cloud in a separate, secure location. This ensures you can recover quickly from a ransomware attack or equipment failure.

3. Secure Your Network Connection

• Use Secure Connections (HTTPS/VPN): Only enter sensitive data into websites that use HTTPS (look for the padlock symbol in the browser bar). When working remotely or using public Wi-Fi, use a Ministry-approved Virtual Private Network (VPN) to encrypt your internet traffic.

• Avoid Public Wi-Fi for Sensitive Tasks: Do not log into sensitive work accounts or transfer confidential files when connected to public, unsecured Wi-Fi hotspots (e.g., cafes, airports).

4. Implement Data Handling Policies

• Principle of Least Privilege: Only access the data you absolutely need to perform your job. Do not share your access credentials with anyone.

• Securely Dispose of Data: Follow Ministry guidelines for the secure deletion or destruction of sensitive data (physical and digital) when it is no longer needed.

• Report Incidents: Immediately report any suspected security breach, phishing attempt, or lost/stolen work device to the IT support team or designated official. Do not attempt to fix it yourself.