Cyber Security For The Common Man In India

How far do “we” trust the cyber world? – Here “we” is nothing but the common man whose daily life gets influenced by connecting to the digital economy. At the pace at which digitization, cashless transactions and social networking have spread across the world, the massive change in the common man’s life came when he/she innately became the part of these services. Now we can manage all our bank accounts and finances, social media accounts, private and sensitive mails through internet. But can we live with the peace of mind that all our online data is in safe hands and secured by a strong channel of protection mechanisms. If not, then this open digital world can pose as a great threat leading to Cybercrime, which can happen to anyone, be it a person, a firm, company, government agency, multi-billion corporate etc.

In definition, Cybercrime is where the perpetrators usually use or target the computer or mobile devices for their unlawful acts to gain any information which can cause heavy damage/loss to the owner of that sensitive information. Internet is the most common mean to illegally access such information from individuals, companies, firms, banks etc. Chapter XI of the Information Technology Act 2000 deals with all the cybercrimes and the punishments associated with them. Hacking; Online obscenity and pornography; Child pornography; Cyber stalking; Identity theft; Cyber fraud (money-related); Virus attacking; Cyber defamation; Cyber terrorism etc. are some of the crimes identified by the Indian Law.

It is considered an accepted norm that Multi-billion corporates or Government agencies require highest order of cyber security as they deal with the most sensitive and confidential data whose breach can cost them fortunes. It is true that such attacks can hit them worse. But in setting cautions and measures for companies and firms, we are sort of missing out the big picture of an Individual’s requirement for Cyber security. The stakeholders involved in the digital payment ecosystem play a major risk while carrying out transactions. So, if we can’t trust the digitization fully, should we put an end to it? – NO. It all comes down to the question of lack of awareness on the user’s side and the poor security provision for the transactions which needs to be altered altogether.

The recent mandate to link Aadhar with all bank accounts, telecom services etc. have sparked a debate of a person’s right to retain his personal and biometric information. With each passing day, a new service provider or government agency asks people to quote or link their Aadhar numbers for availing their services. However, there is a huge air of confusion as to how essential is it, is it optional, can it be put on hold etc. Such confusion also arose when the demonetization of 2016 forced people to opt for cashless transactions. In a recent response to an RTI query, the RBI stated it clearly that it has not issued any instruction for mandatory linking of Aadhar number with bank accounts. But this did not stop the banks from asking the details with a threat of account suspension, if not followed. Similarly, The KYC (Know Your Customer) details for mobile connections and apps like Ola have confused Indian citizens. However, on October 23, 2017, RBI claimed that linking the biometric identity to bank accounts is mandatory unlike their previous response to the RTI query.

The question remains- Is RBI and the Central Government taking the full responsibility for the cyber security, if we provide our Aadhar details? – Are the three pillars of democracy i.e. legislature, executive and judiciary skilled and ready to take on the challenge of cybercrime?

When Individuals and Companies both get affected

The recent 2017 ransomware cyberattack that swept the Globe affected India as well. In one case, the Jawaharlal Nehru Port (JNPT) in Mumbai which is India’s largest container port was disrupted in June 2017, shutting down operations at one of its three terminals. The security firm Bitdefender Labs dubbed “GoldenEye” as the ransomware virus causing the disruption (livemint 2017). Another ransomware, named “WannaCry” reportedly attacked in Odisha, Kolkata, Andhra Pradesh, Gujarat and Kerala, apart from other parts of the country which were later restored. (India Today, 2017)

In August 2017, Rachna Sagar Publishers’ computer system got hacked and their business accounting software and email were compromised. The only given way to decrypt the files was to make a payment in bitcoins. It is evident with this case that not just giant companies or government agencies, but also a small-scale publisher can easily fall prey to the online security invasion and illegal ransom attacks. Several domestic and multinational companies operating in the cyber security domain have set up transparency centres to help them and their clients but not for the nation at large.

Companies operating in Cyber Security solutions domain should work closely with government bodies like Indian Computer Emergency Response Team (CERT-In) and National Critical Information Infrastructure Protection Centre(NCIIPC) to secure the digital ecosystem across Indian territory. Cyber security is a right that everyone should enjoy and the need of the hour is a digital infrastructure more resilient, sustainable, safe, productive and efficient to thwart cyber security related threats.

Following are some guidelines which every day digital users should surely follow to maintain a safer experience:

1. The stronger the password we use at different interfaces, the better the security. It is advised that we should use a combination of lowercase and uppercase letters, digits and special characters, change the password periodically or when we suspect it is compromised, and preferably not reveal it to other people.
2. Phishing is one method of stealing information where hackers send some unknown links which when clicked, open up a page for login which looks similar to the one we often use. It can be a replica of Facebook page, a google login or Banking site which we use. If we enter the credentials and submit the same would be saved in attacker’s database. We should always check the domain URLs and prefer to use the site with a lock and ‘secure’ before domain URL in the address bar, written in green colour or a green symbol indicating the same. This segregation can be done well through
   installing web-advisors which come free and handy with the installation of a legal copy of any good antivirus, say McAfee antivirus and web advisor.
3. We often get some fraudulent phone calls, where the caller claims to be from some government agency or bank who have detected a problem in our debit card and can fix it by using our banking or card details. If provided, they can be used for transferring or drawing money from our accounts without consent. It is strongly advised to simply reject such calls as no banks or agencies ask for any such details under their followed protocol and client privilege.
4. The telemarketing and email scams sending spam mails or advertisements to lure people into fake lucky contests pose as a major issue. The provision of our debit/credit card details for the same can turn into a huge financial loss. We should not reply to such emails. It is wrong to assume that we can turn out so lucky to win something in millions without doing anything.
5. While doing online transactions and purchases, we all use debit and credit cards for payment gateways. It is best to use debit cards with CVV numbers at the back of the card which are more secure than non-CVV cards and make use of OTP or 3D secure password when we are transferred to our bank’s portal.