Sherab Lhamo

Bhutan Computer Incident Response Team (BtCIRT) officials said that the agency has been seeing an increasing number of phishing and scams along with vulnerable application systems.

They said that Bhutanese are unaware of the risks of sharing their information online while registering on social media. “They are unaware of the consequences of a data breach that makes personal information or data accessible to unauthorised individuals,” the experts from GovTech told Kuensel.

Once their personal information gets into the hands of malicious people they could use it against them to spread false information, create fake accounts, identity theft, hack accounts, commit frauds, and send phishing and spam emails or messages.

“That is why individuals and organisations must adopt security measures to secure data information that is being collected, stored, and transferred,” the officials said.

In an attempt to ensure data security, since July 1 last year, all agencies handling citizen information for official purposes were asked to “proactively take measures to safeguard personal data and sensitive information”. This included implementing necessary actions against unauthorised access, processing, and disclosure.

GovTech is drafting data management guidelines, legal gap assessment, and guidelines aimed to address legal gaps and provide a framework for best practices in handling data of the whole lifecycle of data from data collection, storage, use, sharing, deletion, and archival.

To stay safer online and protect one’s social media accounts, the GovTech said users should secure their credentials by keeping their devices up to date with the latest security patches, and not clicking on unknown links or attachments shared by friends via email or social media apps. “Not get lured into a bait and offers like lottery scams, scholarship scams, and VISA scams, among others.”

GovTech and cybersecurity experts from Welchmen Keen, a strategic advisory firm specialising in cybersecurity, among others, organised a three-day workshop on May 23 for various government agencies, corporate and private sectors specifically targeting high-level decision makers, managerial-level staff, and data protection-related officers in Thimphu.

According to officials from GovTech, the purpose of the workshop was to introduce governance, risk management, and compliance (GRC) in cybersecurity concepts, which are crucial for educating individuals, organisations, and businesses that are involved in Bhutan’s digital transformation journey and are part of the cyber ecosystem.

The trainers talked about cybersecurity privacy, policies, and areas surrounding cybersecurity including cybersecurity for electronic government (e-Gov) services and their benefits, risks, and threats.