Virus of cyber kind: Only behavioural change can ensure digital security

Indian firms slow on cybersecurity
A few days ago, Meena Bose (name changed), a young media professional, received an email from someone claiming to have hacked into her laptop camera. He demanded she send $1,000 to him, failing which he’d share videos he had recorded from her camera to the contacts in her email directory. She had 24 hours to pay up. Bose would have ignored the email if the hacker hadn’t correctly guessed an often-used password and told her about it.

She reached out to Anand Prakash, a Bengaluru-based white-hat hacker who runs AppSecure, a cybersecurity company. “I immediately knew the threat was fake because the same thing has been happening a lot lately,” says Prakash.

Bose’s details had been leaked though a shopping app. It’s common for passwords to get stolen from compromised databases.

“But cases where personal information has been used to blackmail someone or where a fraudulent email related to coronavirus has duped someone, have gone up since we’ve all been working from home,” says Prakash.

He’s seen 15 to 16 cases in just the last few weeks, including those where the targets were start-up founders who had raised Series B and Series C funding.

The pandemic undoubtedly has brought with itself a litany of concerns directly related to Maslow’s hierarchy of needs, but this is not the time to be lax about digital security, warn experts. According to cybersecurity firm K7 Computing, between February and March, there was a 12 per cent increase in the number of devices in India that received at least one threat, a figure that is expected to grow as people spend more time online, for work or leisure.

“Cyber threats are very adaptable by nature. They are designed according to what’s happening in the market at the time,” says Maninder Bharadwaj, partner, Deloitte India. One example of this is the attempts to hack into the PM-Cares Fund, as well as the fake handles in circulation that sound like the real deal, albeit with minor differences.

“Everyone is at risk right now,” says Apar Gupta, lawyer and executive director of Internet Freedom Foundation, a New Delhi-based digital rights advocacy group.

Cybersecurity has become a core issue not just for large companies that spend millions on digital security but also individuals. Those running micro, small and medium enterprises (MSMEs) have been forced to shift to smartphone applications without adequate training,” says Gupta. Times are such that “you don’t have to just drive the car today; you also have to be the mechanic”.

For hackers, the value of potential targets has increased with people conducting their businesses from home, says Bharadwaj.

“A lot of information is being sent out on emails. There can be Trojan horses on a network which will collect sensitive information,” he says.

Information gleaned through these emails can be used to craft baits for a number of scams. A Bengaluru man recently thought he was interacting with a potential recruiter in this time of furloughs and lay-offs. He had applied for a job through placement portals, and realised he’d been duped only after Rs 30,000 had been debited from his account.

Hackers often demand payment within a specific time frame. Creating a scarcity of time is a common tactic, says Bharadwaj.

The first course of action should be to secure assets in such cases.

Precautions will depend on each person’s own threat assessment, says Gupta. “The starting point for any such conversation has to be to first look at what tools one uses. Map your needs. Much like a medical check-up, one has to individualise one’s security needs,” he says.

Besides, through formalised frameworks, such as educational institutes as well as chapters of industry groups and associations, resources on cyber education and security should also be made available in local languages for a robust system, adds Gupta.

There’s more than finance at stake. When a young girl was being blackmailed, Prakash recalls she developed a fear of the web. “Children are particularly at risk because cyber security is not something they’ve been told enough about,” he says.

There’s no need to fear tech in anticipation of cybercrime. “When you step out, you make sure the door is locked. The same parallels of security need to be drawn in the cyber space too,” says Bharadwaj.

Just like one would keep a copy of significant documents, one should also keep a backup of important digital files. Many, including folks at Internet Freedom Foundation, also have slidable stickers (which they also distribute to members) they use to cover the laptop camera when it’s not in use.

The security in place for our physical worlds has to be replicated onto our virtual ones.

How To Stay Secure

  • Change passwords every 60 days
  • Create strong passwords. Keep different passwords for banking apps
  • Opt for two-factor authentication where possible
  • Keep a backup of important digital files on a USB drive
  • Never share one-time passwords (OTPs)
  • Keep 16-digit passwords on wireless routers
  • Upgrade software on wireless routers regularly
  • Avoid clicking on suspicious links and posts 
  • Tape the laptop camera when not in use (without directly touching it)

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel