Every now and then, companies announce that their systems were breached, followed by the extent of the damage, and what they’re doing about it. Compromised data is a subject that needs the public’s full attention. Data breaches can result in millions of private records and sensitive data stolen, affecting not just the breached organization, but also everyone whose personal information may have been stolen. The worst disadvantage of the internet is that you are always at risk. To fight data breaches, internet security is a vey important aspect.
Data Breach is basically a leak or release of confidential, private and sensitive information in an unsecured environment
Data Breach is basically a leak or release of confidential, private and sensitive information in an unsecured environment. The continuous transfer of information makes it possible for attackers in any location to attempt data breaches on almost any person or business they choose. Data Breach can happen accidentally or intentionally through cyber-attack. It is getting common with the ever-growing technology and millions of people are affected by data breaches every year so Internet security is must.
Internet Security: How to fight with Data Breeches
Just recently we heard about the Facebook’s Cambridge Analytica scandal. Facebook revealed that up to 87 million users’ data was shared with the political consultancy Cambridge Analytica. Another scandal revealed that Facebook Data of 3 mn users was leaked who took a personality quiz and the data was published on a poorly protected website. More recently Ride-hailing service, Careem also suffered from a massive data breach in which Cyber-attack on Careem affected 14 million customers.
Typical data breach operation and Internet security include the following steps:
- Research: The cyber hackers find the hidden weaknesses in the security of a company
- Attack: After first step hackers make initial network attack or social attack.
Network/Social attack: on a network attack, a hacker uses system and application weaknesses to enter any organization’s server. However, social attacks involve tricking and baiting employees for getting access to company’s network. Even employees can be tricked in giving his/ her login credentials.
Exfiltration: When hacker gets access to one computer, he can easily attack the network and can even reach confidential company data.
Facebook revealed that up to 87 million users’ data was shared with the political consultancy Cambridge Analytica. Later on another scandal revealed that Facebook Data of 3 mn users was leaked by taking a personality quiz
How can data breaches be prevented?
As data breach comes in different forms, one cannot provide a single solution to stop data breaches. To cater to this, a full fledge approach is required. Most of the data breaches can be avoided with common sense approach to data security. Most common ways to avoid data breach is not using credit cards with suspicious vendors and choosing long, unique passwords for online services. Also, keep software up to date with security patches and use security software such as antivirus and malware will also help alleviate data breaches.
Employers can fight data breaches by ensuring that their employees have a minimum amount of access to the company’s credentials and should have only that much access that is necessary to do their job. A company should also prepare a response plan that can be easily executed in case of a data breach. Social media sites should encrypt their websites using SSL/TLS encryption to protect their customers’ data.
Data breaches and Internet security: Everything You Must Know
End users are almost never the target of cybercriminals or hackers as they want to steal sensitive information in bulk. However, end users can be affected when their records are part of the information stolen from big companies such as in the Careem incident. In such cases, it is best to take following precautionary measures.
Notify your bank. Verify your account details and change PIN codes. Double check email addresses from incoming emails. Cybercriminals can pose as bank representatives and ask for credentials. Do not click suspicious looking links or download files from unknown sources.
If credentials or financials have been tinkered, contact the breached company and ask if they can assist in enrolling in a fraud victim assistance program.
Never share your personal information on unverified websites and social media as social media companies collect data from users and later on purposely sell it to other companies.
keep software up to date with security patches and using security software such as antivirus and malwares will also help alleviate data breaches
European Union has taken a very positive initiative to tackle such issues, from which other countries can also learn. It launched new regulation called General Data Protection Regulation- GDPR that follows the current data protection Act and ensures that user’s data is not misused and allows people to give their feedback of how companies are using their data. In this way, data protection rules became the same throughout EU.
There is a need for legislators and courts to consider the right to privacy in the realm of the internet where vast amount of data on each citizen stored
The data protection rules are applicable to all businesses based in EU or doing business in EU. All these companies will have to follow the new regulations if they collect any personal data from EU citizens. The new regulation is no doubt more difficult and it will also impose fines on companies who mislead it. This system is very important for building trust in the emerging digital economy. GDPR was drafted to regulate how big companies’ especially social media giants are using the personal data of users. GDPR will ensure that the data of the user is safe as after the Cambridge Analytica scandal we have realized that user’s data was not safe even with big organizations such as Facebook, Amazon, Google and Twitter too.
The previous IT ministry has talked about a prospective data protection bill, but none has been introduced in parliament, and Pakistan does not have a privacy commission so far
Need of Laws in Pakistan:
There are currently no laws in Pakistan that protect individuals’ data, despite Article 14 of the Constitution guaranteeing that “dignity of man, and subject to law, the privacy of home, shall be inviolable”. There is a need for legislators and courts to consider the right to privacy in the realm of the internet where vast amounts of data on each citizen are stored.
The government of Pakistan launched Cybercrime Bill back in 2017; the bill covers different aspects related to cybercrime. After the implementation of this bill, the government took staunch actions in cyber security incidents and make sure proper internet security is provided to every citizen.
This bill also acted as a ray of hope for women who were previously harassed via social media. However, the Cybercrime bill only tackles incidents. The government should also devise a law similar to GDPR to prevent such incidents.
the government should set standards and protocols of cybersecurity for all corporations and organizations without which they should not be allowed to deal with personal information of citizens
A recommendation for the federal government to make regulations to provide for “privacy and protection of data of subscribers” exists in Article 43 of the Electronic Transactions Ordinance 2002, but little has been done in this regard. The previous IT ministry has talked about a prospective data protection bill, but none has been introduced in parliament, and Pakistan does not have a privacy commission so far.
On an official level, the government must ensure that data protection and privacy laws are put in place to provide legal relief to citizens whose personal information is misused or breached not only by technology companies but also mobile phone service providers, hospitals, schools, banks, public relations companies and so on. Only in this way proper Internet security can be provided. Further, the government should set standards and protocols of cybersecurity for all corporations and organizations without which they should not be allowed to deal with personal information of citizens.