Data is the new oil of today’s digital economy. Being more valuable than ever, data is the key to the smooth functionality of everything from the government to local companies, and without it, progress would halt. In such a scenario – especially when mobile phones are there in every hand – maintaining its privacy is of utmost importance as private/personal data in the wrong hands could lead to misuse. Akarsh Singh, CEO and Co-founder, Tsaaro, a data protection and cybersecurity company, takes you through different points of concern with regard to data privacy, data threats, data protection and more, in a conversation with Ramesh Kumar Raja. Excerpts:
What is data privacy and why is it important?
Think of data as your wardrobe, which is yours; you would give some pieces to other people, who ‘you’ want to give it to, but it wasn’t something you allowed when someone gets their hands on your clothes from your wardrobe. Data privacy is handling information responsibly, similar to handling how you share your clothes in the above case. When we talk about handling information, we refer to personal information like health records, financial data, addresses, and so on. For businesses, it goes even beyond personal information about clients and employees and could refer to trade secrets, proprietary research, operation data, etc.
Data privacy has always been of utmost importance. Private data in the wrong hands could lead to misuse. Corporations need to prioritize data privacy policies not just because of the hefty fines a data breach includes but also an ethical and moral duty to ensure that the data you collect is not used for anything else other than intended. Further, companies also need to protect their trade secrets and additional proprietary information from their competitors. At a higher level, government agencies need to protect sensitive data as top-secret, as information in the hands of an enemy state could prove to be disastrous.
What are the most common data threats nowadays as they keep changing/ evolving with time or day-to-day lifestyle trends?
With the number of NFTs and other digital assets that have come into the picture, the number of phishing and ransomware attacks on individuals has grown exponentially and are common these days. Phishing is when hackers send digital messages to trick people into clicking links, installing malware to compromise sensitive data. Remember seeing that one message in your inbox that said you have won a lottery of a few billion dollars, click this link to get the money transferred to your account, phishing and ransomware attacks hide in plain sight using these methods.
Such attacks enable hackers to steal user logins, credit card credentials, and other types of personal financial information and gain access to private databases. Ransomware attacks are where the hackers kidnap an entire database of an individual or an organization for ransom (mainly in the form of cryptocurrencies).
Also Read: “Customer-centricity has been the cornerstone of Huawei’s strategy in India”
When it comes to data protection, how vulnerable are we as individuals, especially when mobile phones are there in every hand?
Ever since we’ve started wearing our tech on our wrists and have been ordering our AI assistance to turn the lights on and off of our house, we are constantly dealing with data. Simply put, almost everything we do in our everyday life is associated with data, which makes us extremely vulnerable.
Mobile phones are an ideal target for data privacy threats in this day and age. Our increased dependence on technology has fueled data creation exponentially. Google now processes 40,000 search queries every second. According to DOMO’s ‘Data Never Sleeps’, every minute of the day – WhatsApp users share over 41 million messages, Instagram users post 300,000 stories, and LinkedIn users apply for over 69,000 jobs. The fact of the matter is that there’s an enormously high amount of data being generated every second merely by engaging with such platforms. While most companies collect user data for the purposes of targeted advertising or website management, the amount of personal and non-personal data they collect varies. In the absence of any data protection regulation, your data may most likely end up with anyone from a researcher to an advertiser to a foreign intelligence agency.
The most common threats to mobile security include mobile malware. There are many ways your mobile security could be under threat, such as application-based threats where you download an app that looks legitimate but starts stealing your data from the device without you even realizing.
Sometimes while browsing the web, people may come across harmful websites which seem fine on the front but automatically download malicious content into your device. Do ensure that in case you use public Wi-Fi, you are susceptible to your unencrypted data being stolen. Further, the increased use of wearable techs like the Apple Watch or physical devices such as Alexa connected to your systems can enable bad actors to use IP addresses to access your system.
| “According to DOMO’s ‘Data Never Sleeps’, every minute of the day – WhatsApp users share over 41 million messages, Instagram users post 300,000 stories, and LinkedIn users apply for over 69,000 jobs. The fact of the matter is that there’s an enormously high amount of data being generated every second merely by engaging with such platforms” |
How can data privacy be strengthened in India? What’s your opinion about Data Loss Prevention (DLP) in India?
Like a kingdom’s fortress needs to be strengthened, like the security of a highly-priced art piece needs to be strengthened, even the concepts and applications to ensure data privacy is in place which needs to be strengthened. Strengthening focus on user consent lies at the centre of the complex issue of data privacy. However, consent is conceptually a complex issue. We need to incorporate policies to help individuals better understand how their data is being used and the consequences of sharing such data. Transparency within organizations needs to be enhanced. Individuals need to understand what they consent to while going through a privacy policy.
With additional focus on meaningful consent, we can push the boundary on inclusivity, and privacy, thereby cementing India’s position as a global leader in an individual-centric data economy.
Just when we thought that saving files on the cloud helps us ensure that we don’t lose a set of data, we realize that it isn’t enough, you will have to back the data in physical copies as well, quite redundant, we know, but to prevent data loss, it is necessary. But what is DLP?
Data loss prevention solutions are growing in popularity as enterprises look for ways to reduce the risk of sensitive data leaking outside the company. DLP is a set of technologies that analyze the data to identify sensitive data and prevent incidents accurately. DLP technology inspects data sent via emails or messaging over the network and executes responses to address the risk of data leaks.
With increasing innovations, threats are also on the rise. Prevention and management of data are most crucial so as to maintain a secure and maintained cloud space. DLP (Data Loss Prevention) solutions are gaining utmost significance considering the threats, anticipations, and apprehensions of the cyber world
Data is an organization’s most precious asset, and understanding the various data states can help determine the best security measures to deploy. Technology like DLP gives both IT and security personnel an overall perspective on the organization’s location, distribution, and use of information. It eliminates all possibilities of data theft, including fines and lost income.
India is among the most evolving markets and companies, especially those that produce/handle significant amounts of data, need to be aware that protecting it is essential. Data breaches can cause many damages, including financial, reputational, and legal ones; thus, prevention is the best idea.
The government is working to bring Personal Data Protection Bill. What are the implications of the bill on end-users?
In the absence of any regulation to protect data, individual data could very likely end up with anyone to a marketing researcher for advertisements to a foreign intelligence agency.
The Personal Data Protection Bill is undoubtedly a step in the correct direction. But when we talk about what the available draft of the Personal Data Protection Bill has in store for the individuals and organizations, we think it would do great, if people would refer to a recent survey report we had published quite recently.
One of the most significant implications would be regarding data collection practices of businesses. Users will be able to exercise various rights to protect their data, such as the right to access, correct and erase their data or even withdraw their consent. Each individual is provided with the right to ask for confirmation regarding their data being processed by whom and for what. However, certain aspects of the bill, such as non-applicability to non-personal and anonymised data, are something that needs to be improved.
| “The Personal Data Protection Bill is undoubtedly a step in the correct direction. But when we talk about what the available draft of the Personal Data Protection Bill has in store for the individuals and organizations, we think it would do great, if people would refer to a recent survey report we had published quite recently” |
Rapid adoption of Cloud and IoT technologies are resulting in growing complexities pertaining to data security, network infrastructure, and security regulation & compliance, thereby boosting demand for cybersecurity solutions and services across the country. What’s your take on this, especially when threat points have increased?
The global pandemic pushed a lot of organizations towards the technical direction, and many organizations ended up utilizing information technology to reduce the workforce or be able to keep costs in control. Also, the hybrid work environment resulted in using various technological resources by the organizations to digitize their operations to survive the crisis.
Remote working has made it imperative for organizations to deploy cloud-based applications, like SaaS (Software as a Service), to ensure uninterrupted access to data and servers with complete security protocols. We’re able to continue our digital lives through Zoom Video and Slack because of cloud services such as Amazon Web Services, Microsoft Azure, and Google Cloud.
Internet of Things (IoT) is the umbrella term for devices connected and operated through the Internet. The application of IoT is not limited to the IT industry only. The pandemic has made it imperative for the Manufacturing and Production industries to employ IoT in their operations too. To reduce expenditure, improve the efficiency of processes, and become resilient to future crises, organizations have started to accelerate the adoption of IoT in their activities.
While remote working became the saviour, it also raised concerns regarding privacy breaches and the loss of essential data from unprotected devices and systems. As per Campaign India, India ranks third in the top 10 most affected countries by cyber-attacks. This reliance on digital platforms and services has left several businesses vulnerable to cyber threats and malicious attempts.
Also Read: The 5G Craze: How Consumers Are Looking For A Smartphone Beyond Cameras