It’s time to ride the ‘digital protection’ wave

Advertisement
It’s time to ride the ‘digital protection’ waveWhen the National Payments Council of India confirmed recently that more than 3.2 million debit cards issued by Indian banks may have been compromised, most card users in India scrambled to check if they were safe. The magnitude of the issue has once again raised eyebrows on how secure is our money and data in an era where the digital medium is exponentially growing into a new playground.
Advertisement

While the Internet of Things has the potential to be the biggest enabler of simplifying the consumer experience, in a world of hyper connected solutions and experiences, data protection cannot be ignored.

News reports suggest that, the current compromise of data is believed to have originated on a payments switch run by third-party ATM service provider for one of the leading private bank. While experts work over time to identify the cause, the end effect is a data breach that has impacted a considerable number of stakeholders. Generally, data theft at the consumer end leads to data breaches of this nature. This is generally done through social engineering techniques and layered up by compromising on a system that is dependent on weak security of IT systems.

Let’s look at the social engineering aspect first. “DOXING” is a term which plays a major role in such data breaches. Doxing is the internet-based practice of researching and broadcasting private or identifiable information (especially personally identifiable information) about an individual or organization. The methods employed to acquire this information include, searching publicly available databases and social media websites, hacking, and social engineering. It is closely related to internet vigilantism and hacktivism. Doxing may be carried out for various reasons, including to aid law enforcement, business analysis, extortion, coercion, harassment and online shaming.

Generally, data breaches and acquisition are key objectives of social engineering. When hackers are experts with such powerful tools and techniques, a question arises as to how can we prevent this data theft that is further leveraged for a breach? Below are a set of guidelines for consumers as well as businesses that manage data and services.

Advertisement

For consumers:
Some simple rules like below might help to some extent if we take some care.

1. Try to make your internet profiles private so that they don’t show up on search engines.

2. Maximize the profile settings of your social network profiles.

3. Try to create separate email ids for different reasons, for eg banking, gaming, forums etc.

4. Always check for “https” in the address bar of web browser along with lock symbol when doing financial transaction. https stands for “Secure hypertext transfer protocol”.
Advertisement

5. Avoid to provide personal information about your phone number, email id, age, gender etc as much as possible on these social network sites.

Another important aspect to be considered is that of card cloning or card skimming. Card skimmers at ATM kiosks can easily clone your card. Watch out for these skimmers that have removable slots in ATM machines with micro cameras which capture your pin. Additionally, cross check the slot to see it’s not removable before making any such transaction. A similar process should be followed when making payments through POS (point of sale, card swiping) machines at in hotels and restaurants.

For businesses:
Let’s look now at the IT or technical aspect of these data breaches. Data security as such covers a wide gamut of things, however multiple layers of defense can isolate and protect data. A very simple trick is to encrypt data using data encryption solutions so that it is protected as it is transmitted over open networks. Businesses must also ensure that the systems used for confidential data are up to date with latest signatures, antispyware and antivirus programs from reputed organizations.

System security at all layers is key, right from communication, transport, application, database to web servers. Firewalls act as the primary doorkeepers for the internet and should be configured with proper policies to counter attacks from the internet.

Advertisement
Users at the business end need to be regularly sensitized about the importance of clearing the cache and temp files, setting up the browser to not remember passwords, not opening unfamiliar emails and attachments from unknown sources. While they might sound simple, these quick fixes at the user level are among the best practices to get the systems tested for any vulnerability and penetration at pre decided frequency. Having multiple perimeter rings of security makes it the toughest ship to crack for hackers.

Technology is a boon but can be curse too if not used properly is no longer myth and we need to be alert citizens to keep our devices and data protected by using these simple techniques.

We live in a society bloated with data yet starved for wisdom. The next time you go online to shop or use an ATM keep an eye on what's happening and do not don't store unnecessary data. The current incident reminds me of what Clay Shirky, a professor at N.Y.U. once said “It used to be expensive to make things public and cheap to make them private. Now it’s expensive to make things private and cheap to make them public “. This might not be the last time such an incident has taken place, but the next time it happens we should be certainly better protected than we are today.

(Image Credits: Flickr)

(About the Author: This article has been contributed by Mandar Sahasrabudhe, Head IT Infrastructure – APAC, TÜV SÜD, Based out of India.)

Advertisement