Security – Cyberlaws.org http://www.cyberlaws.org Compliance | Security | Legal Mon, 12 Jul 2021 04:01:47 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.9 http://www.cyberlaws.org/wp-content/uploads/2020/03/cropped-logo-1-32x32.png Security – Cyberlaws.org http://www.cyberlaws.org 32 32 WHY DATA PRIVACY IS IMPORTANT FOR EVERY ORGANIZATION? http://www.cyberlaws.org/data-security-is-most-important-requirement-to-the-customers-or-user-if-the-organisation-wants-to-run-a-business-successfully/ Thu, 15 Apr 2021 17:12:41 +0000 http://www.cyberlaws.org/?p=673 What is Data and Data Privacy?

Data security is most important requirement to the customers or user. If the organisation wants to run a business successfully, they need to give surety of data protection as it gives customers the assurance that their data is being collected, processed, and transferred through secure mechanism. Data is most critical and important for businesses of all sizes, from a small start-up to a global conglomerate and so is data privacy.

Data is information processed by a computer system and stored in a system known as server. This information may be in the form of text, image, documents, audio clips, software programs, patents, financial information, secret information, health data, personal information or other types of data.

Every organisation collect data with different mediums either by old traditional method or by modern digital methods. Be it hospitals, banks, companies, government departments etc data is everywhere. Processed data is known as information.

Sometimes a set of data can formulate a sensitive information, so Data privacy is a mechanism to maintain our privacy online, because information is a highly value asset and sought-after commodity by malicious users and cyber criminals. As an end user it is very essential to know what is happening with our online information, what can be done with the data or who all can have access to it. Users often give their consent and allow companies to track and store their data can have disastrous results, so one should have a say in the matter.

Normally organisation focus on the risks originated hackers and cyber criminals, however this is much more than this. Protecting your data privacy is as significant as managing your data security.

Firstly, and fore mostly, Data Privacy is an arm of data security and its motive is to safeguard the data from unauthorized access. Data privacy aims to the proper handling of information based on its significance-

  • Regulatory requirements and data privacy laws
  • Consent of the data owner
  • Privacy Notice
  • About the public expectation of privacy.

Main objective of Data privacy is to safeguard the users’ data as per the regulations and users’ rights. Main factors to consider are:

  • How to collect and share the data legally
  • Whether to data can be shared with the third parties and identification of the third parties with whom data can be shared.
  • Adhering to the regulatory compliance and laws limits such as-HIPPA (Health Insurance Portability and Accountability Act), GDPR (The General Data Protection Regulation), GLBA (The Gramm-Leach-Bliley Act), CCPA (The California Consumer Privacy Act), ECPA (Electronic Communications Privacy Act 1986),Personal Information Protection and Electronic Data Act (PIPEDA) and so on. Different countries have different data protection regulations and all these regulations have their own set of rules and legislation pertaining to a specific area, purpose, and type of companies or individuals.

In a nutshell this means protection of critical user information primarily PII (personally identifiable information) of an individual:

PII consists of: – 

  • Full Name,
  • Address,
  • Contact details,
  • Date of birth,
  • Social Security Number
  • Bank Account Number
  • Driving License Number
  • Some more personal information such as an-
    • IP address,
    • Profile photo,
    • Social media post,
    • Financial Information
    • Medical Information
    • Location
    • And many based on regulatory compliance.

Importance of Data Privacy and Data Security for Business

 Data privacy and security helps in protection of customer’s data privacy.

It helps reduction of the number of information security incidents like data breaches that an organization can suffer.

  • It is helpful in maintaining, improving and retaining brand value of the business.
  • It is helpful in safeguarding the business from hefty penalties for violating the rules. Regulators impose huge penalties in case of data breach which could be few thousand dollars or a big part of revenue generated, and it’s different for various types of data breach incidents.
  • Data sharing will be limited and identification of third party would be done on prior basis according to the risk level of data.
  • It saves the organisations from the theft of data by hacker or cyber criminals, that can cause enormous monetary losses
  • Data privacy limits the access of customer’s critical data and hence safeguarding the right of customers to be free from uninvited surveillance
  • This helps the organisations to keep track of their data breach records and organisations can learn lesson in order to avoid future recurrence.
  • Now a days most of the business run on customer’s critical data safeguarding the privacy expectations should be priority of the organisation.
  • It helps the organisations from loss of revenue.
  • It is also provided competitive advantages to business.
  • Last but not the least it is helpful in adherence to the strict policies of how PII is collected, accessed, protected, and erased.
  • Data security and privacy controls are helpful in enhancing company’s reputation and built customer trust.

Importance of Data Privacy for Users

  • It provides assurance from unauthorised access of data.
  • It will keep customers personal, health and financial information safe.
  • It generates a trust value for the customer.
  • It provides a legal right to the end user or customer to challenge the company in case of any data breach.
  • Data can only be collected by receiving consent from the users.
  • Companies which collect the data provides data security guarantee to the end user.

Tips and Tricks to help protect your personal data

Data privacy is such an important issue, nowadays many government organizations and companies spend a good part of their revenue each year to help protect their data—which could include your PII (Personally identifiable information)—from exposure. As an end user may not be able to implement high end security solutions to safeguard their personal data, however there are inexpensive ways whichyou can take to help protect your data. Below are a few suggestions:

  • Use strong passwords for your online accounts also avoid having same password for multiple accounts. Change password on regular basis.
  • Chane the default password for your home network devices, especially Wi-Fi device. A weak password is easy to guess and any unauthorized person can connect to your network with malicious intent.
  • Avoid clicking on any random link received via mail or message, these can have malicious links which will give access of your device to cyber-criminal who could eavesdrop your network traffic including personal data.
  • Don’t ever share your personal details like bank account number, credit card detail, social security number, Aadhar card number etc over call.
  • Avoid writing your personal details like phone number and address at public platform unless necessary. This could sometimes be very dangerous if accessed by any cyber criminal.
  • Avoid sharing too much personal information on social media platform.
  • Always use security setting on social media accounts, which you can always secure your accounts by changing in Privacy settings. Always keep your social media count in most private mode in order to avoid disclosure of personal information.
  • Use VPN (Virtual Private Network) for online activities, however avoid the freeware for financial transactions.
  • Share your personal details over the websites which are using encryption.
  • Carefully shred all the personal document, receipts, bank statements and your courier packaging as well before discarding.
  • Use genuine software on your system.
  • Install antivirus and anti malware.
  • Always keep firewall on.

Data Protection regulations and laws of different countries are developed and designed in order to maintain the data privacy of the citizens of that particular country. There are many countries where data privacy is already in place, however there are countries where there are no such laws. Having a framework for data privacy and security will definitely safeguard the critical information. A set of defined roles and responsibilities, network security controls like firewalls, secure configurations, Intrusion detection and prevention systems, monitoring, logging the activities, having proper procedures and processes in place of conducting any activity like access provision, de-provisioning, change management, patch management, backup management, privilege access management, physical security management etc certainly provide a more secure environment to data and information systems. Expectation and responsibilities of third-party service providers also plays critical role in data security. Technical controls should be according to the organisations risk appetite and relevant regulations.

Although cyber criminals are inventing new techniques to intrude into the networks but using encryption techniques will help the data in non-readable formats.

 Data is the most precious asset for both organisation and customer, a vigilant consumer and an organisation with adequate resources, diligent employees, regular monitoring, proper governance, periodic reviews can safeguard their information assets and maintain data privacy and security.

#Keywords,-Data security, data privacy, encryption, Cybercriminals, hackers, GDPR,HIPPA,GLBA , CCPA , ECPA ,PIPEDA, password protection, network security, patch management,

]]> Cybersecurity in Crypto Currency Business http://www.cyberlaws.org/crypto-currency-is-secured-by-using-cryptography-techniques/ Thu, 18 Mar 2021 10:14:29 +0000 http://www.cyberlaws.org/?p=649 Cybersecurity in Cryptocurrency Business

A crypto currency as the name suggest is a secured virtual or digital currency. Crypto currency is secured by using cryptography techniques, which makes it highly secure and nearly impossible to forge or replicate. Crypto currencies are based on block chain technology on decentralized networks—a distributed ledger enforced by a disparate network of computers.

As crypto currencies become more popular worldwide, there’s concern that cyber criminals or hackers will try to use them to masquerade their illegitimate activities in other platforms, particularly when it comes to laundering funds.

The digital currency using principles of cryptography to secure transactions. Where the regulators and governments are still trying to figure out appropriate legal structures and business norms governing crypto currencies., hackers and cybercriminals are finding intelligent ways to exploit that window of opportunity by identifying the vulnerabilities in crypto currency business.

 Since Cyber Security of crypto currency is a concerning issue and it is obvious that the cyber security industry has to significantly consider crypto currency security and the issues surrounding it. The crypto currency being untrack able and irreversible transactions leads to many potential issues for consumers and organizations alike who occupy crypto currency.

Despite the cyber security threats and risk, many individuals still want to participate in the crypto currency market and would want to acquire it – few of them are technology enthusiasts who would want to be the part of new wave of technology and another big number is of those who wants to become a millionaire in quick span of time. If you’re either of the category of those people, these tips may help secure your crypto currency account.

There are few To Do’s on which the security experts agree to keep crypto currency out of the hands of cyber criminals or hackers-

Use of Hard Wallets

The first and foremost thing to consider is to keep cyber security the topmost priority, since an individual’s private key is the way to access crypto currency, therefore it’s essential to keep it safe. Do not keep your keys online in safeguard yourself. One may use a hardware wallet — an item that looks like a USB and contains their private code. Your key will be kept in an encoded format in hardware wallets and one can simply plug the wallet to your system in case of any transaction, code will always remain in the device and hence there will be hardly any chance that it would be accessed or stolen from your system by cyber criminals or any other unauthorised users. One can make duplicates of the wallets which can be kept another safe place, so that there would be a backup always available with you. It is highly recommended to use crypto currency hard for the strong security.

Use unique and strong Passwords/Passphrases:

Use of strong passwords will help to keep crypto currency security safer, the passwords/passphrase used for crypto currency accounts should not resemble any passwords/passphrases utilized for other types of logins. Passwords should always be considered as security and not as a convenience. Long and complex phrases with digits and letters and special characters that would be impossible to guess are recommended to use. A good password should be non-guessable by cybercriminals or hackers. Avoid using personal information like name, age, date of birth and spouse name as password. Also don’t share too much personal information online. Try to remember your password, in any case if you want to stored it at some place, better to keep it offline and out of reach from any unauthorised person.

Create Separate encrypted email accounts

Next recommendation is to create a separate encrypted email account for the communication regarding crypto currency. There are ample of secured and encrypted email services which offers free accounts which are often best to use, one can get extra premium features by paying a small amount which enhances the security of the account. Commonly free available email servers can be easily compromised and can leave important information accessible to unauthorized personal or cyber criminals. Having a separate encrypted email account which is not connected to other types of activities especially social media, keeps confidential & critical information and communication separate from each other and less prone to cyber-attack.

Use Ad Blocker Software:

Use of ad blocker software for computers and devices utilized for crypto currency is vital, now a days many anti-viruses are providing ad-blocking services. The ad blocker features on the browsers shall also be enabled for extra security. Keeping your systems free of malware and other types of cyber-attacks automatically reduce the risk. Restarting the computer and cleaning the cookies after each is highly advisable in conjunction with the software.

Validate the URL:

While you are dealing with crypto currency it is very important to validate the URL (Uniform Resource Locator) of the site you were utilizing before entering any critical information. Phishing attacks are very common attacks regarding crypto currency websites. Avoid clicking on any link received on mail or message without verifying it. Phishing attacks can be avoided by confirming the web address is correct address associated with the desired account or platform.

Unlike paper-based currencies which are controlled by governments, crypto currencies or digital currencies are fully decentralized and operate independently of any regulation. Crypto currency is still not regulated in many countries, so there are no security audits assessments or controls when it comes to crypto currency systems, In spite of that a lot of media coverage and high returns are luring customers to invest in it. The security risks, however, are real and that can be financially disastrous for those who don’t pay attention towards them and not keen to know how to safeguard themselves from the dangers associated with digital currency.

Crypto currency is certainly providing an ease of use and globalisation of currency, however the improper and insure   can lead to a catastrophic result. Technology if not used properly can results into disaster.

Undoubtedly, acquiring crypto currency is both extremely interesting and filled with risk. Knowing what the threats are and how to safeguard digital assets will help you make an informed decision to determine if investing in digital currency is the right choice for you or not.

Keywords: Cryptocurrency, cybersecurity, digital currency, cybercriminals, hackers, password protection, ad-blocker, digital keys, cyber attacks.

]]> How to Handle Cyber-Security Incidents in Start-Ups http://www.cyberlaws.org/how-to-handle-cyber-security-incidents-in-start-ups/ Sun, 07 Mar 2021 12:10:01 +0000 http://www.cyberlaws.org/?p=644 HOW to HANDLE CYBER-SECURITY INCIDENTS in Start-Ups

In the current age where information technology has penetrated in almost every area of our lives, both personal and professional has huge impact of Information technology, in other words our live has been completely dependent on technology. Be it organizational or personal, the amount of data collected and processed by big-companies and start -ups is alarming. Human beings have become so much dependent on technology, be it hardware or software, holdable to wearables to insertable, technology is all but inseparable.

Be it office or daily household tasks, technology has invaded in every sector and make the work easier and more efficient to perform., however, all the technology gadgets and services have one thing in common, that is data processing. In order to process the data like PII(Personally Identifiable Information),PHI Protected health information about individuals, and critical financial, scientific, confidential  data of organizations and countries is  extremely lucrative  to competitors and cybercriminals, ranging  hackers to , script kiddies, the wannabes, elites, activists, crackers, and phreakers to punks ciphers

For an example you are start-up organization providing information technology services to any government or any other big organization which is processing critical data, then a vulnerability in your system can be a potential risk which could lead to data breach of your client. As per recent trends, at least one new zero-day vulnerability was found each week. As zero-day vulnerabilities are discovered, they just serve as a tool for cybercriminals/hackers to intensify attacks. Hence by enabling proactive measures such as incident management or cyber crisis management plan can be an effective way to limit or even prevent the propagation of a cyber security attack.

IMPACTS OF CYBER SECURITY BREACHES IN START-UPS

Cybersecurity breaches impacts   organizations and companies in different ways. Many of which cause serious damage to the organizations and start-ups, if not permanent. Some effects of cyber breaches are:

  • Organizations leads to financial losses: An intense cyber security breach can damage critical servers and hardware which could lead to financial loss. In addition to it an organisation which is not capable to secure its information assets and prone to frequent cyber security attacks is liable for penalties imposed by client or government.
  • Organizations do experience loss of confidential data. This is often the major consequence of a cybersecurity attack. Confidential Data, which could range from credit card numbers, Aadhar number, PAN number, phone numbers, social security numbers, health records, right up to software design, code, military confidential or classified information, medical formulas could be stolen.
  • Loss in Reputation and value degradation in the business market have often been cited as a significant concern. Trust and value built from customers (service providers) to companies(clients) after a mishandled cybersecurity attack starts discrediting and is brought into question, especially when the company fails to respond promptly to a cybersecurity attack.
  • Competitiveness between firms and organizations becomes compromised. This can cause disaster, from which small to medium organizations or start-ups might never recover.

 Cyber security breaches or incidents can sustain by opting different kind of strategies. Few of them is setting up preventive measures to avoid a potential attack, and the other being how to respond when a breach or attack occurs as a corrective measure in case of any Zero-day attack. However, both the methodologies require intense monitoring of the information systems.

STEPS TO AVOID A POTENTIAL CYBERSECURITY ATTACK

Cyber security attacks are of various kinds and natures, and there is an enormous number of resources out there stating how to prepare for the inevitability of a cyber-attack. Cyber risk can come from various points like open ports, unattended laptops, desktops, improper patch management etc and this activity requires involvement of top to lowest level of employees the organisation. There is no perfect methodology or solution available to handle cyber security incidents or attacks in any organisation, however the impact can be minimised if handled properly. Below are the points to strengthen cyber security:

  • Perform Cyber Security Risk Assessment: Perform an intensive risk assessment for your business and identify all the possible weak points which could lead to cyber security attack and find out a risk mitigation plan for each risk, don’t leave any risk unattended
  • Employees Training. In any organisation aware employees can be helpful to handle cyber security incidents. Any organisation or start-up should provide adequate training those handling sensitive data.
  • Regularly backup sensitive data. Data is the core of every company. Unavailability of data can destabilize, disrupt, and even lead to shut down of start-ups, or organizations. Having data backup at an alternate location online/offline is the key of surviving a cybersecurity breach or incident. Remember, data availability is one of the key components of cybersecurity.
  • Employee Screening prior to employment. A proper policy and SOP for employee screening shall be developed and followed with due diligence. Since employees are often the weakest link in a cyber-security plan, all the future employees should be screened to validate their cyber-security skill sets desired for their respective positions in the organisation or start-ups.
  • Keep systems updated by regular patch updates. Most of the start -ups and small companies don’t have proper patch management programs for systems and software which could lead to a serious cyber threat because these vulnerabilities can be exploited by cybercriminals to access your systems. Applying timely security patches to software and hardware systems routinely can reduce cyber security threats, as most of the threats exploit known vulnerabilities(weaknesses).
  • Adapt Security culture and take cyber threat seriously. As part of the organisation’s culture, cyber-security must be priority by the management. Negligence can lead to unrecoverable cyber-attacks. Management should provide adequate budget for enhancement of cyber-security in the organisation.
  • Develop Cyber Crisis Management Plan. Since Cyber incidents comes unannounced organizations and start-ups should identify and classify different cyber -security attack scenarios and generate mitigation plan for it. Table top exercises are helpful to understand the readiness. A contingency plan shall be developed

A well skilled team for handling cyber security in any organisation is very important. Having the Data Privacy Officer (DPO), Chief Information Security Officer (CISO), and the Chief Information Officer (CIO), etc., with well-defined role are helpful for any organisation

HOW TO RESPOND TO SECURITY BREACHES?

  1. Establish an Incident Response Team (IRT).

Create an IRT with skillsets and capable to handle Cyber security incidents. Define roles and responsibilities of each member which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Finance Compliance and Human Resources.

Your (IRT)Incident Response Team should include your Chief Information Security Officer (CISO), who will lead the team organisation’s security policy direction. In case of start-up Virtual CISO can be a guide.

  1. Identify the type and extent of incident.

A impact matrix for incident should be clearly defined for damage assessment and determine the appropriate response. For example, an incident where a computer virus is easily detected and removed and which has not impacted any external or internal parties can be categorised as low and should not be escalated.

However, an incident which impacts clients and customers should be escalated to the IRT.

  1. Escalate incidents as necessary.

Employees are the first one to observe the cyber security incidents, any kind of incidents including abnormal system behaviour, phishing mails, fraud mails etc shall be immediately escalated to IRT so that timely corrective action can be taken.to mitigate suspicious vulnerabilities and avoid unexpected downtime.

  1. Notify affected parties, government bodies and outside organizations.

Identify and assign responsibility to one member of the IRT managing communication to affected parties (e.g.  government bodies, investors, third party vendors, etc.). Depending on the severity of the incident, the IRT member should inform the affected parties and law enforcement agencies

  1. Gather and analyse evidence.

IRT is responsible for identifying, gathering and analysing both physical and electronic evidence as part of the investigation. These evidences shall be kept securely as a part of artefacts. Lesson learnt should be documented for future.

  1. Mitigate risk and exposure.

Technical members of the IRT shall be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences.

Since cyber security is the responsibility of everybody in the organisation the necessary disciplinary action shall be defined for the guilty. An adequate amount of penalty or action shall act as a deterrence and helpful in reducing the cyber-security incidents.

Keywords: Cyber-Security, Information Security, Cyber-Security incidents, CISO, Virtual-CISO, hacking, cybercriminal, start-ups,incident-response

]]> cyber security dos and don’ts during covid 19 http://www.cyberlaws.org/cybersecurity-dos-and-donts-during-covi19/ Sat, 06 Jun 2020 01:35:55 +0000 http://www.cyberlaws.org/?p=510 Cyber Security dos and don’ts during covid 19

cyber security dos and don’ts during covid 19. Cyber Security has been a matter of concern for the organisations from a long time and on top of it Covid-19 brought lot of challenges to attain the same.

The COVID-19 situation has compelled organisations and individuals to take up security measures like social distancing and remote working. Governments and civil administration are bringing up new ways to ensure that their citizens would remain hopeful and stable. New economic plans, relief packages have been announced by the government. While the world is focused on the health and economic threats created by COVID-19, cyber criminals all around the world without a doubt are taking advantage on this crisis.

There is a huge spike in phishing attacks, ransomware attacks and malware attacks as attackers are using COVID-19 to lure employees and customers by impersonating government agencies, brands or any other important entity.Such attacks are aiming to infect more personal computers and phones. Attackers are targeting businesses as well as individuals by downloading ransomware disguised as legitimate applications.

Managing Cyber Security has become more challenging in the Work from Home scenario. Following are the Do’s and Don’t for employees and individuals.

DO’s

CYBERSECURITY DOS DURING COVI19

  1. Use hard-to-guess passwords or passphrases. A password should have a minimum of 8 characters using uppercase letters, lowercase letters, numbers and special characters.
  2. Create an acronym. An acronym is easy for you to remember but hard for anhacker attacker to guess. For example, pick a phrase that is meaningful to you, such as “My dad’s birthday is 12 December, 1975.” Using that phrase as your guide, you might use Mdbi12/Dec,75 for your password.
  3. DO change your password in a regular interval, within every 30 days. This will make difficult for the hacker to use your cracked password.
  4. DO use different passwords for different accounts. If one password gets compromised, your other accounts are still safe.
  5. DO pay attention to the mails you receive, phishing traps in email and watch for tell-tale signs of a scam. DON’T open mail or attachments from an untrusted source. Whenever you receive a suspicious email, the best thing to do is to delete the message, and report it to your manager and Chief Information Security Officer (CISO)/designated security representative.
  6. DO change your default username and password of your Wi-Fi router, remember that wireless is inherently insecure. Avoid using public Wi-Fi hotspots. Use your organisation provided virtual private network software to protect the data and the device.
  7. Always keep your system updates, install the updates pushed by your organisation
  8. DO keep your passwords or passphrases confidential. Never share your passwords with others or write them down. You are responsible for all activities associated with your credentials.
  9. DO place confidential paper at proper places at home and destruct it properly prior to putting in dustbin.
  10. DO destroy information properly eg. by shreddinga, when it is no longer needed.
  11. Always backup your critical data to the drives and location provided by your IT Team
  12. Never turn off antivirus system installed on your PC and keep it updated.
  13. DO avoid printing confidential information outside personal printers. Always be aware of your surroundings when printing, copying, faxing or discussing sensitive information
  14. DO keep your work devices are either shut down or locked—including any mobile phones you use to check email or make work phone calls.
  15. DO report all cyber incidents and suspicious activity to your reporting manager and CISO/designated security representative.

DON’Ts

CYBERSECURITY DONTS DURING COVI19

  1. DON’T leave sensitive information lying around the home if you live with roommates and young children.
  2. DON’T leave important printouts or portable media containing private information on your desk. Keep them in a safe place drawer to reduce the risk of unauthorized disclosure
  3. DON’T use your official laptops and desktops for personal work. Avoid accessing social networking sites via official systems.
  4. DON’T share any private or sensitive information, such as bank details, credit card numbers, passwords or other private information, on public sites, including social media sites, and DON’T send it through email unless authorized to do so. Always use privacy settings on social media sites to restrict access to your personal information. In a nutshell avoid sharing too much personal information on social media.
  5. DON’T click on illegitimate links from an unknown or untrusted source. Cyber criminals often use them to trick you into visiting malicious sites and downloading malware that can be used to steal data and damage networks.
  6. DON’T use your private email address to send work-related emails and vice versa. Not only does it look unprofessional, but also expose your official email to unauthorized users many a times.
  7. DON’T share your confidential information to unauthorized person over call and mail. Voice Phishing is a very easy way for an unauthorized person to call and pretend to be an employee or business partner.
  8. DON’T respond to emails and phone calls requesting confidential data.
  9. DON’T avoid patch installation warning on your systems.
  10. DON’T install unauthorized software on your work computer, use only software authorized by your Information Technology department. Malicious applications often pose as legitimate software.
  11. DON’T plug in portable devices without permission from your Information Technology department. These devices may contain malicious code just waiting to launch as soon as you plug them into a computer.
  12. DO lock your computer by using (Windows + L)and mobile phone when not in use. This protects data from unauthorized access and use.
  13. DON’T leave devices unattended. Keep all devices, such as laptops and cell phones physically secured. If your official device is lost or stolen, report it immediately to your manager and ISO/designated security representative.
  14. DON’T leave wireless or Bluetooth services on laptop and mobiles turned on when not in use. Use password for Bluetooth and wireless connections. Use these services only in a safe environment.
  15. DON’T use vulnerable video conferencing software

Cyber Security is a mutual responsibility of the organisation and its employees. Each and every individual play a crucial role in safeguarding organisations critical information assets. Current pandemic situation of course has increased the cyber security risk for the organisation, however proper technology measures and security awareness among employees shall certainly help to overcome these issue.

Keywords: COVID-19, pandemic, cyber security, DO’S and DON’TS, password security, Wi-Fi security, hacking, malware, phishing, patch management, antivirus.

#Tags: #COVID, #Workfromhome, #WFH, #compliance, #informationsecurity

Relevant Links

Cyber Security during COVID 19

]]> CYBER SECURITY CHALLENGES FACED BY FINTECH START-UPS http://www.cyberlaws.org/cyber-security-challenges-faced-by-fin-tech-start-ups/ Tue, 26 May 2020 16:22:56 +0000 http://www.cyberlaws.org/?p=423

Cyber Security Challenges by Fin tech

cyber Security Challenges Fintech. This era of digitization and digitization, where every segment of businesses is using technology to provide services to customers, banking and financial industry has transformed their services by financial technology- FinTech.

Fin Tech were providing their services in the form of e-wallets, online and mobile payment systems (Paytm,PayPal, Apple Pay), virtual buying of stocks, etc. But the recent times did bring a bunch of new disruptors that will displace traditional e-commerce providers.Such new FinTechstart-ups are offering more efficient services, seamless customer’s experience, and free person-to-person payments.

FinTechs business can increase profitability and enhance a company’s performance while helping them improve customer service. FinTech also provide an opportunity for companies to expand their portfolio online while solving industry issues such as credit card processing, money transfers, or processing a loan.

But everything is not so smooth with Fintech business. There are few cyber security challenges and risk associated with Fintech business, which every FintechStatups shall be aware of.

 

WHAT IS FIN TECH?

Fin Tech is the abbreviation used for Financial Technology which aims to compete with traditional method of finance. There are many financial institutions consider this term as backend of their business and sometimes regular banking apps are included in this term.

Fintech business includes mobile payments, money transfers, loans, crowd funding, asset management and many other things.

In simple words-FinTechis the implementation of modern technology in traditional financial services and in the management of financial aspects in various companies and business. Anything from the financial mobile apps and new software installed, processing the money transactions and calculating business models.

Risk in Financial Sector:

Even, in general ,every individual and organisation ,  are worried about information and cyber security , conditions in financial sector is more critical  and fin tech business take the issues more seriously. Some of the recent studies shows that banks are investing a large amount of their funds in designing and implementing security to safeguard themselves from cybercriminals

Few more areas of concern includes cloud based technologies, mobile updates and system upgrades. These findings show that cyber security is the most important risk which the Fin Tech companies are facing.

CYBERCRIME AND CYBER SECURITY IN FINTECH LANDSCAPE

As FinTech start-ups and companies continue to disrupt the global financial landscape, a peculiar feature and perhaps their biggest advantage is that they are not held back or burdened by law, regulations, or existing systems. Also, they are more aggressive, more agile, and more willing to explore and make risky choices. But this total dependence on technology and adventurous attitude to aid financial services delivery may also be their greatest weaknesses.

 

FINTECH FIRMS ARE FACING CYBER SECURITY CHALLENGES  IN FOLLOWING AREAS

CYBER SECURITY CHALLENGES FACED BY Fin Tech START-UPS
CYBER SECURITY CHALLENGES FACED BY Fin Tech START-UPS

Application Security

Fin Tech firms mainly relies on applications that can access users’ financial profiles to perform a variety of real-time transactions. Applications are used by multiple persons and, are an increasingly common attack vector, and vulnerable code can be exploited as an entryway into financial networks.

FinTech firms and Banking companies need to ensure that a secure application security strategy such as a virtual private network is in place to protect user data. This should include a web application firewall enabled with current threat intelligence to identify and mitigate known and unknown threats, as well as to detect and patch vulnerabilities

Network and Cloud Security

Like other organisations, many FinTech firms also utilize cloud services to provide consistent, salable performance with lower upfront costs, rather than the traditional network. However the cloud infrastructure shall be secured differently than a data center or traditional network. Banks and FinTech firms must ensure that the same security standards they apply to their networks are applied in the cloud.

Along with detection and prevention, this security must also be dynamically salable and adaptable to ensure that is can grow seamlessly alongside cloud use. Additionally, in order to secure financial data, FinTech firms need to implement aloud access security, along with internal segmentation to improve data visibility while integrating industry security standards.

Inadequate Threat Intelligence

Threat Intelligence is another challenge for Fin Tech firms, an integrated defense needs to be enabled with automated threat intelligence to become a holistic system. As Fin Tech firms and banks enter partnerships, it will be impossible for IT teams to gather and assess all of this threat intelligence promptly manually. Automation, artificial intelligence and Machine learning will be integral to this process.

Cyber criminals are already leveraging automation to make attacks more persistent and effective. Likewise, artificial intelligence, machine learning and automation integrated into network security tools enable the detection and prevention of attacks in real-time, allowing organizations to keep pace with cyber-criminals.

LACK OF ESTABLISHMENT OF BETTER SECURITY PROTOCOLS

This is one of the most significant issues that Fin Tech start-ups firms face is selecting best security mechanism, like security protocols to enhance encryption data. Inadequate security protocols, data is easily exposed, leaving companies vulnerable to attacks.

Tunneling protocols used in VPNs are effective at encrypting Fin Tech data. Some of the best-known tunneling protocols include:

  • Internet Protocol
  • Point-to-Point Tunneling Protocol.
  • Layer Two Tunneling Protocol.
  • Internet Key Exchange version 2.
  • Secure Socket Tunneling Protocol.

These tunneling protocols provide different levels of protection and provide security in different ways. Fin Tech should research and become more familiar with the different types of protocols and how to use them within a virtual private network – this is especially true in a financial environment where cyber threats are imminent and ongoing

ADDRESSING VULNERABILITIES IN INFORMATION TECHNOLOGY SYSTEMS

Integration of multiple systems and technologies leads to multiple cyber vulnerabilities. When two systems that are not designed at the same time by the same developers often pose compatibility issues and challenges in security, given the limitations in technology. Technology Engineers face issues while integrating two different systems, sometimes engineers working on different systems doesn’t even know how the other system works and vice versa, which makes identification of vulnerabilities more difficult.

Cyber criminals like hackers exploit these vulnerabilities to gain access to the system.

Many cyber criminals gain access to applications and networks because of improper configuration during installation. There are other techniques that are often used like spear-phishing, where humans mistakenly open spam emails and download malicious attachments or enter confidential information into fake websites to which they are redirected. So this is important for all Fin tech Startups to  raise awareness of cyber criminal risks and educate the newly banked on digital and financial literacy to teach them best practices to ensure security when engaging in financial transactions online.

LACK OF COMPLIANCE REGULATIONS RELATED TO CYBER SECURITY

Rapid growth in happening fast in Fin Tech firms. Fin Tech start-ups are flexible enough to change and adapt to evolve alongside consumer demands, rapidly.They are flexible and quick partly because there are not the same regulatory rules as traditional financial services for them. However, there are no regulations are controlling the way start-ups conduct their business. This is making the Fin Tech firms vulnerable because, they can sacrifice cyber security in order to capture the market as fast as possible.

Fin Tech Companies are collecting and storing personal information, so they needs to safeguard customer data. Further the challenge of is the way they protect this data. Many of Fin Tech firms have adopted bank-level security measures and fine-tuned them for their digital platforms.

Use of secure applications , regular vulnerability assessments on networks and applications , patching the applications on time, using Secure socket Layer(SSL) encryption while transferring the data is the must for enhancing cyber security. Fintech can opt for ISO 27001:2013 (ISMS) for overall cyber security.

There is need of some strong regulation, which would inspire start-ups to invest some of that venture capital money into their security.  As the Fin Tech industry grows, so will their defense against breaches.

 

Related Articles

CYBER SECURITY CHALLENGES FACED BY FINTECH START-UPS

]]> HOW TO RECOVER HACKED WORDPRESS WEBSITE? http://www.cyberlaws.org/how-to-recover-hacked-wordpress-website/ Sun, 24 May 2020 22:48:48 +0000 http://www.cyberlaws.org/?p=395

RECOVER HACKED WORDPRESS WEBSITE

WordPress  is the most popular CMS nowadays because of this, WordPress websites are getting hacked more than other websites. But one should have a habit of taking backups and keep an eye on your website on a daily basis so that you can track, that when your website got hacked and then you can restore your backups.

Apart from taking backups your website, you should do steps to secure it initially only as hackers always find one or the other way of getting into your file structure.

It’s important to secure your website initially to avoid any future attacks. But now when your website has been hacked or you are unable to view your website, you can follow these steps

Step 1 – Locate The Error

You can locate error by following means :

  • Unable to log into your WordPress Admin Panel (yourwebsite.com/wp-admin)
  • Your website is redirecting to different URL
  • Google has marked your website insecure [RED SCREEN]

Step 2- Contact your hosting service provider

Many of the hosting service providers provide support for your hacked website but if you have bought cheap hosting services then they do not provide any support for this kind of errors.

Hosting service providers will perform a security check on your website and will notify you if your website has been hacked or not.

But before making any changes to the website, Contact them !!

Step 3: Restore your backup

If you have a habit of taking backup of your website, then you can restore it to the previous version.

After you have restored your old backup, remember this that it is already vulnerable to attacks. At that time perform the security points to your website to avoid malicious attacks again.

RECOVER HACKED WORDPRESS WEBSITE
RECOVER HACKED WORDPRESS WEBSITE

 

Step 4: Change your login credentials

Now that you have restored your backup, changes your login credentials immediately so that your website doesn’t get hacked again.

Step 5 : Install security plugins

There are many security plugins available online, but best is Sucuri Security wordpress plugin to secure your website from further attacks

Posted in blog, Servers, wordpress | Tagged clean wordpress website, hacked wordpress website, secure wordpress website, wordpress, wordpress security
Relevant Links
]]> Cyber Security during COVID 19 http://www.cyberlaws.org/cyber-security-during-covid-19/ Thu, 21 May 2020 15:00:40 +0000 http://www.cyberlaws.org/?p=376 Cyber Security during COVID 19

Cyber Security during COVID 19, The Most difficult time in this era, our generations witnessed, no one could imagine that this time could ever come and we have to face total Lockdown. We know that this type of situation has  occurred in the past, but this situation with the Internet in existence is all of the first of its kind.

Has anybody imagined, if the internet would not have been invented, then how would the whole world behave?

So the most important tool is the invention of INTERNET and if the internet was born then some hackers would also have been born 🙂

There comes Cyber Security Domain.

COVID 19 Pandemic came with side effects

  • Hampered the Business Continuity of many organization, we all know once business continuity is reset, this sometimes costs organizations 
  • Think about Power Plants, Industrial plants, and such large setups which can not take the weight of starting up and shutting down again & again, It Costs for every hour.
  • Setup cost to make workforce start working from home, giving them secure devices, high speed internet, we know work from home Networks are Not Secure – they could be a easy entry point 
  • Situations where organizations were at the verge of upgrading, what happened to broken systems.
  • Systems which were not designed to take loads & cyber secure, what happened to those.
  • Some of the basic basic hacking attempts have taken place in our lives have come out vigorously, should be noted that whenever there is a disruption in society these attacks will come out commonly.

These below threats will be very common

  • Payment Wallets –  You will be receiving many Freudian calls, asking you to check messages in which an encrypted url will be seen, as soon as you click on the link fishing attacks starts
  • Online ordering system – There are fraudulent websites on which people order online and will use their credit card details on the pages, and then transactions take place.
  • Phishing emails – Most number reports coming up since the lockdown. An Attempt to obtain information like usernames, Passwords and other details using emails is actually called as Phishing emails. This type of attempt has been increased due to unrest in governance.
  • Malicious App – Whenever you use mobile apps, we sometimes get a message to click on a promotional banner, which might be a message to instal new app.. Now one knows what these apps are capable to get your data and breach our mobile data. These attacks are more common these days.
  • Network Endpoints Attacks – There are malware’s on the internet which always keep finding the endpoints which are easily vulnerable and they get infected and penetrate into the system and then live inside the system as a host and wait for their master command further on to start damaging in one form or another.
  • Targeting Healthcare Systems at the time of covid – The most important is the healthcare system, this covid19 is a pandemic, most  of the people are dependent upon healthcare services and in these times healthcare systems are most common to get attacked.

Cyber Security teams should take the most common steps as mentioned below:

  • Online awareness workshop – Most important is increasing awareness in employees working from home. 
  • Backup of all Digital Assets – Digital Assets monitoring tools are becoming very common these days, Organizations should keep regular backups for all digits assets.
  • Endpoint Scanning – More and more endpoints increase because people are forced to work from home, hence they are using mobile, ipads, laptops etc in unsecured zones. Hence regular endpoint scanning is necessary.
  • Creating Groups, for risks  – Immediate Risk mitigation teams should be made, who would be taking care of cyber attacks.
  • Excessive use of Tools for monitoring – organizations should start using monitoring tools where you can get reports like Risk Observation, Endpoint Breach, DOS Attack report, Performance & Load Analysis etc.

Lessons from Covid 19 pandemic in reference to cyber security.

  • Emergency response  teams should get More Active 
  • Immediately activating multi tyre authentication 
  • System Performance & Load monitoring, in case situations like sudden traffic rise.
  • Cloud Security Preferences 

Summary

This pandemic is the first of its kind, which we have faced in this digital era. COVID 19 will be a perfect case study for future pandemics, the world will be now more prepared for these disasters.Some of the factors like how the digital industry behaves, all of a sudden change, immediate load and performance issues, systems scalability, penetration test, cyber attacks etc. Systems which fell or broke easily in this would be a great learning or case study for future.

Relevant Links

INFORMATION SECURITY-KNOW WHAT COMPLIANCE YOUR ORGANIZATION NEED

Cyber Security Consultants 

]]> What is Block Chain? http://www.cyberlaws.org/what-is-block-chain/ Sat, 16 May 2020 21:49:11 +0000 http://www.cyberlaws.org/?p=355 What is Block Chain?

What is Block Chain? People usually connect Block Chain with Bitcoin, but the fact is Block Chain is a technology and Bitcoin is a Crypto currency. Crypto currencies are using Block Chain Technology to come into existence and grow its usage.

Block Chain actually has given a solution to a problem. People think it’s a product, software or hardware… Of course they are supporting ingredients to make Block Chain work. But my recommendation is to treat Block Chain as a Technology Solution that’s makes decentralized process possible.

 

Block Chain will change the way Organizations work.
Block Chain will change the way Organizations work.

 

Block Chain will change the way Organizations work.

Block Chain is the only solution to moving Organizations and Industries from a Centralized system to one that is Decentralized in order to bring Trust, Integrity & Security.

Cyber Security

Let’s take an example of an online virus attack – whenever the world faces online virus attack, within a very small span of time, the whole internet faces problems.

In this scenario most of the antivirus companies start marketing their product, saying that they have the patch or solution upgrade, which can secure your computer.

How can Block Chain solve this problem? There are many solutions that come up around the world at the same time. Hence we can start punching these patches with the help of Block Chain and within a very small span of time, the whole world will be updated with a perfect security patch.

Hence this problem can be solved by decentralizing the update for antivirus and the perfect solution will be delivered at very low cost.

 Voting

Now-a-day’s countries follow a voting system that uses electronic voting machines. These voting machines have now come into the radar of being hacked. This has happened because voting is centralized. If countries use voting systems with the help of Block Chain, then there is absolutely no chance of hacking, because this will take support of decentralized mechanism.

 Media & News

We are experiencing fake news on many platforms of social media … This fake news harms society, people, community etc… Block Chain can solve this problem. Before sharing any news, if every media checks the news index provided by Block Chain, then fake news can be suppressed within minutes, and true news will keep on getting high index and will be validated.

Moreover this can help society vice versa i.e., most of the governments suppress news for their vested interests but after successful indexing of news via Block Chain, this problem will also be solved.

Legal Industry

The biggest problem in the Legal Industry is that it has many areas, like security of documents, forensics… etc. Over a period of time, Legal Industry is the domain and this has been in news. Block Chain can solve the problem of making it centralized to decentralized.

 Real Estate Registration

When a person buys a home, there are three parties involved – (a) Buyer (b) Seller (c) Registrar.

Whenever this deal takes place, papers are made and are registered with a centralized registrar which could be any Government Department. But Block Chain will solve this problem by making the centralized control to a decentralized one, hence making it more transparent, secure & cheap.

Money Transfer

In order to send money across borders, three parties are involved, i.e., Sender, Receiver and Company (Bank). In This case you will register a deal at the Bank or Company’s Server which is centralized… and they charge huge commissions on this transfer. Block Chain makes it secure, simple and even free of charge.

 Healthcare

Let’s talk about the Healthcare Industry. There is a big need to keep health records universal and secure. This can be achieved by using Block Chain Technology, again making it decentralized from centralized.

 Some of the below industries will also get affected by the new process implementation in future Education , IPR Industry, TelecomShare Markets, Genetics, Medical Research, Space etc.

(Note: “Centralized” – This is The word hated by Block Chain … That’s why the concept of Block Chain came into existence. Block Chain is De-centralized, that means many registrars and once the deal is finalized, every registrar updates their register and shakes hand. Please note – This Deal can’t be changed at all…By anything! Once punched, its registered..! This is Actually the Beauty of the Block Chain Concept.

This actually has solved the problem and the trust has increased….Business will become simpler, less expensive, cross border)

How does BITCOIN support the BLOCK CHAIN Concept?

Bitcoin is a crypto currency and it was in existence, but was finding its way to spread all around. It took the help of Block Chain to make it robust and go on … proved history.

 What is Crypto Currency?

It’s a Digital form of Currency which has some value attached it.

Types of Crypto Currencies?

After success of BITCOIN, there is a wave of crypto currencies in the world, some of being Litecoin(LTC), Ethereum (ETH), Zcash (ZEC), DASH, RIPPLE(XRP), Monero (XMR), Peercoin, Namecoin…

A more interesting fact is that the internet has come up with a new Crypto Currency Exchange also, which keeps giving live information regarding Market Capitalization, Exchange Price in ($), Supply, Volume  etc  and it’s Live..!

Who are Miners?

Mining is the process of solving some mathematical problem.

Cloud Mining or Cloud Hashing enables users to purchase mining capacity of hardware in datacenters.

Bitcoin cloud mining enables people to earn Bitcoins without managing hardware, software, electricity, bandwidth or other offline issues.

Hence all Bitcoin mining is done remotely online.

What is wallet?

Its a software which can be installed on computer or mobile. Functionality of the wallet is to store, send and receive digital currency.

Most of the crypto currencies have their own wallet. We can use third-party wallets for this also.

Wallet actually acts as a personal ledger for all transactions.

Security of the wallet depends upon the source of the wallet developing company. It is always recommended to download from known sources.

Every Wallet will give you a key to access as a user. You should never forget or lose that key. If you lose that key, then you will lose your coins also.

Types of Crypto Currency Wallets:

Cryptocurrency wallets are available in different forms. We have Desktop Software Wallet, Mobile App Wallet, Online Wallet, Hardware Wallet, Paper Wallet etc.

 

Relevant Links

https://bitcoin.org/en/

HIPAA COMPLIANCE A NECESSITY FOR HEALTH CARE SECTOR

]]> Startups are Easy target and more vulnerable http://www.cyberlaws.org/startups-are-easy-target-and-more-vulnerable/ Fri, 15 May 2020 14:44:23 +0000 http://www.cyberlaws.org/?p=307 Startups are Easy target and more vulnerable

 

startups are easy targets. Startup world is filled with examples of data theft and how a beautiful idea just came down thrashing. Startups have a very narrow financial funnel and Startups are weaker targets, in case of any cyber attacks they are unable to handle legal implications and die. Most important is Planning, cybersecurity threats in today’s times can not be ignored. Startups are more vulnerable and this will increase day by day.

 

Startups are Easy target and more vulnerable
Startups are Easy target and more vulnerable

 

 

  • Startups are Easy target or more easily vulnerable  – Large organizations already have procedures or have good infra & spending power to mitigate these threats, but small companies or startups are not so lucky. Cyber crime is increasing day by day and these startup’s are easy targets for them. Basic concern is protecting customer data. It’s all about protecting your digital assets, one of the ways is to use tools for Vulnerable Management.
  • Tarnish Reputation  – Basically startups have to be more vigilant  about their reputation, only a single incident in news can tarnish their reputation. Startups business are like planes taking off from the runway, it’s very important to be very vigilant while taking off. Once startups have enough customer base or good investments, then it’s easy to handle.
  • Dependency upon Third Party API’s – Most of the startups initially take support of third party API’s due to the fact that it’s impossible to develop API from scratch or the business model is not financially viable hence, third party API’s are the only source, using API means dependency and data exchange and we never know how this is taking place. Recommendation is that some legal documentation should be done before going for this arrangements.
  • Less Spending upon IT Infra & Technology  – It’s very important that you select the best IT infra and technology solutions, we are living  in an advanced era, although there are many IT infra solutions available these days which offer services on the basis of bandwidth usage, this actually means Pay as you use. Ie: AWS , Google Storage’s etc These tools have actually made life easier because we are getting the same quality which larger setups are getting and are actually paying on the basis of usage, these advantages were actually not available even a few years back.

 

  • Testing & Performance  – Most of the startups ignore this process called “Testing & Performance”. Although it’s a very important department, in case there is a financial crunch, startups can go for freelancers available at low cost and high quality.
  • Lack of Legal know how – We all know startups are betting on new ideas or playing on new technology which might disrupt the market, and it’s not possible that a legal journey would be so simple for the company, hence just starting on mere ideas is not the only important. Analyzing the legal aspect would be a very wise decision. It’s recommended to hire a Cyber laws expert before going forward, this will not only help the company get a second opinion.
  • Startups are Less Likely to fight back – Most of the startups have very small small financial backbone or narrow funnel for finances, In incidents like data thefts or legal notices, many startups haven’t even planned these financial aspects or we can say they have not planned for this situations, these incidents actually lose focus on the actual technology which they are working and leave the focus on what the actual idea was resulting in shutting down of startups or moving in wrong direction.
  • Less due diligence  – Duedelegence for the idea is very important, a startup team should spend more and more time on this, Managing their resources, Technology aspects, research, IPR, demographic, usage, bandwidth, People, taste etc.   There are the most important aspects in understanding businesses. It’s also important to understand the Cyber Laws, although the world is becoming borderless, the internet has no boundaries, but these cyber laws would be acting as borders for different communities. Hence it’s very important for IT startups to design their  software in a way that is easily configurable according to the change in laws. Scalability not only refers to the tech infra, but also refers to how immediately you change your policies and how easily it is configurable in your software.

 

Recommendation

Get your Idea Patented 

The Most important aspect of an idea is to get that registered, you again need some attorney and get to read some local or national laws just going to get your idea registered. Although it’s difficult and time consuming but people have come up with innovative ideas to get it mark in the history that they thought for the idea first and small small efforts they did in this direction could save them from losing their idea. 

 

Cyber Risk Analysis 

Cyber Risk Analysis is the best due diligence which you can start initially, this report will basically touch endpoints where cyber risks are involved. Moreover this gives more insights before taking steps.

 

Before going for full scalability, have a cyber laws lawyer on your panel.

It’s very important, startups need to have cyber security & Legal advisors on their panel, this will help them analyse local laws and understand the legal implications before taking any steps. This will help companies to do due diligence before going further. 

 

Keep a cyber security plan always ready in case of emergency response.

In case of data breach or cyberattacks, always be ready with Plan B and try to minimize the risk to customers data, because that will be the only way to safeguard, once this risk is mitigated all other risks seem secondary and will automatically be secured. 

 

Always be in touch with the regulators or authorities regarding any thefts which you think would be in advance addressed to policy makers.

If you think your product is new and is somewhat governance is needed with public authorities or regulators, always get connected via events with the regulators of industry. You never know  whom you need to connect at the time of crisis.

 

 Before releasing any version of your product always keep your Terms & conditions, and disclaimer updated and enforced.

The most important part is the disclaimer policy, most of the court cases have fought and won or loose on the basis of Terms & Conditions of usage and Disclaimer. It is strongly recommended that always keep your Policies Updates and keep it reviewed with your legal consultant every time. 

 

Be proactive in addressing issues with your users. 

Let’s assume, your system is attacked in past months, and you want users to change their passwords asap, don’t hesitate to this announcement, It’s a responsible step, we have seen any automobile companies recalling cars for some defective part, it’s similar to that, you are becoming responsible company trying to save your customers and their data.

 

Hence by becoming a proactive founder dont let your Startups become  Easy target and vulnerable. SAVE YOUR STARTUP

 

Related Articles :

CYBER SECURITY CHALLENGES FACED BY FINTECH START-UPS

]]> CRM Data Security  http://www.cyberlaws.org/crm-data-security/ Tue, 12 May 2020 20:54:58 +0000 http://www.cyberlaws.org/?p=268 CRM Data Security 

CRM Data Security. The CRM industry is facing new kinds of challenges, As Most of the CRM have been moved to the cloud  and are offering integrated services to their clients, CRM information security has become an integral part of this industry. Companies are spending a good chunk of money to find & research on various ways to secure their clients data.

Some of the basic and simple modules in crm data security.

 

CRM Data Security 
CRM Data Security

 

Encrypted Data Communication

Basically Encryption is converting data into another form, this is done so that at the receiving end data can be opened by people or code having the Key (description Key). CRM software should assure that the data communication taking place is totally encrypted and secured over the transportation layer. There are various data encryption available like AES, RSA, TripleDES, Twofish etc.

Data Storages Techniques

There might be various ways in which data from the crm is getting stored, Mobile App storage could also be a part of this. Various data storage techniques available are ON-PREMISES, COLLOCATION, PUBLIC Cloud, PRIVATE CLOUD etc. Now it’s up to the company to provide various solutions to the clients depending upon their need & Security.

HTTPS layer Protection

Most of the application frontend is on the web, and web is based upon internet communication, so HTTPS is Hypertext Transfer Protocol Secure. It’s important to have https layer security to access the crm, hence giving browsers extra layered security makes it better: While login one should always see that the page is secure via : https. This actually helps secure your credentials submitted on login page.

Certification & Compliance

Companies should get the whole process audited with the competent authority, this will not only help the company maintain better processes and these certifications gives customers assurance that the companies are taking care of their data in the better way. Some of the other compliance like, Third Party Assessments, data center security certification, ISO 27001 Certifications, GDPR compliance etc. makes more promising business deals.

Data Backups

It’s not only the duty of the serving company but it’s the duty of the buyer to remain proactive, hence the buyer should take regular backups of their data and secure it on their private devices. Moreover many methods are available like saving data in datasheets, saving data in SQL formats, attachments etc. buyers should always research before buying any CRM. Various options are mostly available inside the admin panel ie: Twice monthly,  once monthly, Every Week, Download.

Centralized Vs Decentralized CRM 

Its very important to understand what is centralized and what is decentralized, Today’s cyber security strategy asks for more decentralized systems, and more and more companies are moving towards block-chain but the time we reach optimized block-chain solutions, we must use different ways like primitive methods to keep the system decentralized , so that in case Denial – Of – Services happen, it should not impact the whole system. It Little time consuming & difficult to handle decentralized systems than centralized systems, but in the long run it helps where cyber security fails, decentralization saves, either companies get affected with downtime syndrome. Everybody knows more down time means losing credibility exponentially hence losing customers.

Summary is that companies making crm software should  work towards making crm more secure day by day. They should spend money on cyber security and should assure their clients about their data. They should assure that the future is more secure for the enterprise using CRM or totally dependent upon these tools. 

Tags: #crm #crmsecurity #datasecurity #dataencryption

 

RELEVANT LINKS

Mobile App testing Check for QA

]]>