Civil servants and public office holders have been urged to exercise extreme caution in the use of personal flash drives (pen drives) in their offices as the storage devices expose the state to malware and other viruses that compromise government information.
The Minister of Communication, Mrs Ursula Owusu-Ekuful, who made the call, observed that even though unintentional, the practice could leave the government’s information and communication technology (ICT) infrastructure vulnerable to predatory hackers.
She was speaking to journalists after opening the National Cyber Security Technical Working Group retreat at Aburi in the Eastern Region. The three-day meeting was meant to review the performance of the group, review the country’s cyber security policies and infrastructure and make recommendations.
Cyber kidnapping
Mrs Owusu-Ekuful also raised concern about what she described as “increasing cases of cyber kidnapping” where hackers take over websites and ask for money in exchange for releasing the website.
She said all public office holders and civil servants would be banned from using private emails for government business by the end of the year as part of efforts to maintain institutional memory and reduce the state’s vulnerability to hackers.
“It is unacceptable for people to use private emails for official work.
Those public platforms are not safe.
All your information could be accessed if you use those platforms. Depending on what you do your information must be private and confidential.
“It is unacceptable for ministers, members of parliament, heads of public organisations and people occupying critical positions in our public service to be using private emails for official work,” she said.
Major vulnerability
She said the ministry saw the practice as a major vulnerability and has flagged it and received Cabinet approval to migrate all public servants onto the gov.gh domain, which is the official domain name for all public servants.
Mrs Owusu-Ekuful said the use of domain names, including gmail, yahoo and hotmail, did not create the impression of professionalism or seriousness if public officials were using such emails for official purposes.
She said after the migration exercise, persons who refused persistently to migrate might be sanctioned, as it meant they had other motives other than pursuing institutional interest.
Cybersecurity points of contact
As part of measures to ensure effective and timely response and support to victims of cybercrimes and cyber security breaches, the government would soon launch the Cybercrime and Cybersecurity Points of Contact (PoC).
The initiative is to facilitate reporting of cybercrime and cybersecurity incidents through SMS, voice calls, the National Cyber Security Centre (NCSC) website and a dedicated App for raising awareness and reporting incidents.
The PoC will work with all relevant stakeholders, especially the CID and the Data Protection Commission, to ensure effective and timely response and support for victims of cybercrime and cyber security breaches.
Mrs Ekuful said starting this year, the ministry would be demanding monthly reports on cyber security incidents covering all sectors since Cabinet had required regular briefing on the state of the country’s cyber security.
She said a technical team that had been working on the country’s cyber security issues for the last two years was expected to design the protocol to collate cyber security incidents for analyses and reporting.
Budapest Convention
Meanwhile, Parliament is expected to ratify the Convention on Cybercrime, also known as the Budapest Convention, by Thursday.