I woke up a week back in Calcutta and the newspaper screamed that a gentleman found his bank account withdrawn some INR 80,000 (USD 1375) – from an ATM in China ! To be shocked is understatement.
The cybercrime cell of the local police got reports from many such incidents. I went to the ATM with little trepidation and found a line longer than usual in the neighbourhood ATM. Most of the customers came to check their account and when my turn came, I found the ATM regretting having no cash. The users have exercised the best option : withdrawing all or most of the money.
I was thinking that a massive, concerted and organized attack on this simple theme “ATM card used in XXXX country when the user is perhaps sleeping in YYYY country” may become a riot in the street when people find their money vanished and ATMs empty of cash. A slight spark in the form of rumour, fear mongering, suspicion will cause serious law and order situation. This is not only possible, but there are people and organizations who have the means to do so.
This clear and present danger is the danger we have now, all of us – citizens of the digital nation – security of our information.
I discussed with my friend Sushobhan, a system vulnerability and security expert and his opinion was that the greatest protection against such a threat is user awareness. In the evening, he attended a panel in ABP Ananda (a leading Bengali TV channel in Calcutta) along with a fraud victim and cyberlaw expert.
While I followed other stories in other media, I found that there is less talk about actionable steps that one common user might take to protect himself. Or in other words, how to lessen vulnerabilities. I found to my delight that the panel has touched this issue and here is a simple, easy to do, non-technical steps an user might take and enforce this discipline so that the vulnerability becomes lesser. Here is the list, excerpted from the blog :
- Change ATM/Debit/Credit card pins in regular intervals.
- Link cards with mobile number, email address if not already done.
- Immediately go for chip based card, grid card and enable with two factor authentication (OTP sms/mail etc.).
- That’s not all. Avoid creating pin/password with names, surnames, date of births, anniversaries (yours/parents/spouse/children) combinations as these can be predicted very easily through your social spread. Try implementing alfa numeric passwords stitched with special character.
- Using benchmarked standard antivirus (better Total Protection) in both desktop/laptop/mobile/tablet are essential. Free or cracked software is to be avoided. Saving INR 2000 yearly may lead to some major problem.
- Any banking/ecommerce site should be used through secure site (ssl) i.e instead of “http://”, it should reflect “https://” .
- Saving online banking, ecommerce site, mail password etc to be avoided for convenience.
- Password is not be kept anywhere is writing in any form (not word, excel, cloud, printed paper, handwritten paper)
- Any non-standard games / application are to be avoided as lot of applications are being framed to sniff data.
- Latest smartphone/tablets are having application control mechanism. Please block unwanted access of all application (like contacts, sms, camera etc whichever is not relevant for that application).
- Any information related to password, pin are not to be floated through mail, WhatsApp etc. so that there are chances to have repository.
- International transactions which does to imply two factor authentication (i.e only CVV applies), we should avoid transacting there except renowned players (here government should also force Master/VISA to relook at policies and enforce two factors as well).
[ Reproduced with permission from Skill vs. Attitude]
The threat of cyber-crime is a clear and present danger. End user awareness is the first and last line of defense as well as offence. It is like a germ – it is always there and it can catch us only when we are vulnerable or unaware or simply ignorant.
We must discuss this clear and present danger. Experts must share their insight and in a way a common person / user can take some concrete steps and these steps must be easy and affordable. There will be many best practices and these must be shared.
Triggered by this, we have decided to start an awareness building initiative and here are two concrete steps we have taken
- Infoconglobal 2016 Kolkata Conference (Enterprise and End user) : A conference on 18th November on Information Security in CII – Suresh Neotia Centre of Excellence.
- Free webinar (End User specific) on 4th November 2016 – All are welcome