How prevention is better than cure in cyberspace

Safer Internet Day is observed on February 5 worldwide

hacker-cyber-crime The freshman was studying engineering and used a keystroke logger to steal instructors' confidential login information, hacked into multiple campus computers

So, you installed the latest version of a quality anti-virus software, black-taped your computer’s camera lens above the monitor, have advised all around you never to click on unknown links that pop up online—and then send personal information on email?

Sounds pretty standard for official emails and de facto address settings, but the danger could be manifold. According to IT experts, the largest volume of security breaches in the world happens through email.

No, not because some hacker stole your information over the airways or used some hi-tech method to get into your computer and the documents stored there. It happened because you willingly and unwittingly offered up information in an email.

As the world observes Safer Internet Day on February 5, this, and many other stringent safeguards, need to be adopted to counter the increasing menace of internet hacking and cyber breaches. From chat rooms and ‘juicy’ websites promising a brave new world of privacy and independence at the beginning of the internet age in the late nineties, to realising that nothing is really secret or safe in the online world, we have come a complete circle. Only, the hidden warriors on the other side of the cyber hole have gotten more enterprising, innovative, and seemingly, all pervasive.

“We Indians have a habit of sharing. We willingly share private information to our neighbourhood and all around us, like who got married, what are the issues etc.,” said Alok Gupta, founder and CEO of Pyramid Cyber Security & Forensic Private Limited, a cyber security firm, at a discussion at the recent Convergence India summit in New Delhi. “Twenty-seven per cent of data breaches happen due to human error.”

And there are no apparent legal remedies, too, in case you are subjected to a cyber attack. “We don’t have a law pertaining to cyber security,” said Gautam Kapoor, partner with the consulting firm Deloitte, “The Data Protection Law is wrongly named, because it is actually a privacy law. All [we have now] are guidelines issued by regulators (like RBI, for example). Only guidelines, not law. We are absolutely behind on cyber security. The law is still playing catch-up.”

With our personal, social, official and financial lives irretrievably entwined with the online space, going luddite is hardly a solution. The only way out is to take the best precautions. THE WEEK asked Pradipto Chakrabarty, regional director of CompTIA India, a cyber training and certification firm, to list practices all of us need to put in place while going online:

  • Avoid public Wi-Fi or third party wired network when it comes to banking applications and online shopping. For example, one should never use these apps on an airport or hotel Wi-Fi. Ensure such sites are secure—the browser bar should show a padlock and the site name should start with https:// rather than http://

  • Set strong password for your home Wi-Fi router. In most cases, people use the default password that comes along with the devices

  • Change passwords regularly and use special characters. Practically, it is difficult to remember many passwords for different applications leading to something called “password fatigue”. Use secured and trustworthy password vault applications.

  • It is not only about installing an anti–virus, but update regularly. Same goes for your OS, too

  • Two-factor authentication: This is extremely important. We need to always use devices, social media sites or applications which enable two-factor authentications. This enables an immediate information to the user if there are any unnatural logins from other devices or browsers that the user normally does not use.

  • Never save your credit card or banking details for faster check-out even though the site may state that they do not save your CVV. It takes just a couple of seconds to fill the card data (every time) rather than exposing your financial details by saving and storing it on sites.

  • Make it a practice to always log out from banking sites or social media accounts after usage.

  • It is of utmost importance to review the security and privacy setting on social media platforms. Most of the times, we really do not bother about these setting. For example, Facebook has features that asks whether the user can be searched through email ID or phone number that he or she has provided. Another such feature is if the user allows search engines outside Facebook to link his or her profile. Users should be aware of the security and privacy and switch them on or off depending on the usage and amount of personal information that they feel could be non-risky.

And if, even after all this you are victim to an online intrusion, what can you do? File a case at a police station, but as an IT expert at Convergence India pointed out, ensure that it is filed under the IT Act and get the cyber crimes unit of the police involved, instead of the local station constables trying to ‘solve’ it.