Beware, it's not just criminals who want your data!
Illustration: Uttam Ghosh/Rediff.com
With the existing laws tilted in favour of companies, it's tough for individuals to get any compensation
Incidents of data breach are occurring with increasing frequency. There's little that you can do if your service provider does not take adequate security measures.
But, if you take a few steps, you can ensure that hackers don't get access to sensitive information that can cause you financial loss.
Recently, details of Reliance Jio customers were posted on a Web site.
Earlier, a hacker stole email addresses and hashed passwords from Zomato's database.
In April, the secretary at the ministry of electronics and information technology had sent a letter to chief secretaries of all states and Union Territories stating that sensitive information, including bank details and Aadhaar numbers of individuals, had been published online, and that adequate measures should be taken to prevent a repeat of such incidents.
The law says government departments, service providers and intermediaries need to take sufficient measures to protect customers' privacy and data.
If they fail to do so, they can be sued for unlimited damage.
"The regulations are not comprehensive enough. The law, for instance, is silent on the minimum security measures a company needs to take. Companies or the government, therefore, get away easily. Also, if a customer wants to sue a company, the onus lies on him to prove that the company is at fault," says Pavan Duggal, a Supreme Court lawyer and cyber law expert.
Since the law is tilted in favour of companies, compensation has never been awarded to an individual through the Information Technology Act, though it has been around for over 17 years and has seen many amendments, say experts.
As the laws don't favour individuals, they need to protect their privacy by sharing data on a need-to-know basis, change passwords and PINs regularly, and not save card details on any Web site or device.
Your valuable data is sold cheap
Financial information is sold to scammers who use card details for fraudulent transactions. Data on individuals containing their profiles and behavioural traits are also much sought after.
Scammers use personal information to earn your trust and then swindle you. Say, you get a call from a newly launched Website.
The caller gives you a special discount on his Web site because you had spent Rs 5,000 the previous week at another retailer's Web site.
What you don't realise is that if you shop on the caller's Web site, the product will never be delivered to you and you will lose all your money.
It's not just criminals who want your data.
Social media platforms, chat apps and other service providers are also able to offer free services and products because they monetise your personal data with advertisers.
"Besides scammers and telemarketers, big corporates also source data unofficially. They then use it to understand individuals' behaviour, profiles and habits, and then sell products and services accordingly," says Duggal.
As we move towards a situation where everything is connected to the Internet -- smart devices, smart televisions, smart lighting, smart refrigerators, etc. -- everything can be hacked.
A hacker can access any of these devices and steal data. One must, therefore, adopt basic security protocols.
"Across the globe, countries have woken up to the threat of massive cyber attacks that cybercriminals propose to unleash in the near future. India has emerged as one of the top targeted nations by cyber criminals," says Sharda Tickoo, technical head, Trend Micro, India.
Share information on a need-to-know basis
When creating a profile on social media Web sites, don't go overboard sharing all your information, such as phone number, date of birth, email, etc.
Even if sharing some information is essential, use privacy settings according to your needs.
When shopping with e-commerce retailers, provide minimum information that gets the work done.
"Avoid saving cards and bank account details on the platform. It will protect your sensitive data if the website gets hacked," says Tickoo.
Create strong passwords
Avoid obvious ones such as your birth date or spouse's name.
Create strong passwords by using a random combination of letters, numbers and symbols.
"Keep multiple passwords for different Web sites. It will ensure that if a hacker gets the password to one site, your other accounts will stay protected," says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru.
When visiting a Web site, ensure that it is secure
Check for the symbol of a closed lock at the bottom right corner of the screen.
Web addresses that begin with "https" are generally secure, and if you click on the lock symbol on the bottom right, it should also display the same "https" address.
Avoid saving sensitive information on computers, mobile phones and other devices.
Many save their bank account details, card information and passwords on devices and when any of it is hacked, the hacker gets all your sensitive data.
Also, use a popular security software on all your devices.
Don't replicate your data across many devices.
Sign up for real-time alerts with your financial service provider, even if they levy a charge.
Also explore whether your bank or credit card company offers the option to restrict the amount of transaction.
"Create a Google alert of your name. If data about you gets leaked in a prominent attack, you will get to know about it immediately," says Prashant Mali, an advocate and international cyber law and cyber security expert.
Also, avoid mobile apps that ask for access to your cell phone without requirement.
A flashlight app, for example, shouldn't get permission to access your contacts or location.
Tiwari says you can also use Web sites like haveibeenpwned.com to check if your details are present online on Web sites and make sure you secure the affected accounts.