Lessons From Airtel’s App Breach – 5 Basic Practices Enterprises Should Follow
With increasing records of data being stored on the cloud also invites an increase in attempts to hack the same. Being vigilant and following a few routine tips can get you through this struggle.
After being held on the same pedestal as oil for the world market, data brings with it a huge set of advantages and also, risks. Earlier this week, leading telecom company Bharti Airtel was flagged off for a major security flaw.
The Airtel App has allegedly exposed sensitive user information by revealing information such as – first and last name, gender, email, date of birth, address, subscription information, device capability information for 4G, 3G & GPRS, network information, activation date, user type (prepaid or postpaid) And current IMEI number. Assuming this breach, the significance of the cabinet’s approval of the data protection bill gets stronger.
Just last week, the news of the cabinet’s approval of the data protection bill came as a welcome surprise for most industries. The bill is expected to gain momentum once it’s brought up in the ongoing winter-session at the Parliament. The pressing need to have this bill in motion gets more pronounced by the day. Why should you, as an enterprise, be concerned with this bill?
For starters, it will lay down a legal framework for access to a citizen’s personal data and action against privacy breaches. This will also define how your organisation will receive and manage data from citizens. So, when Airtel recognized the security flaw and immediately fixed it, with the bill in motion, it will be twice more careful with its software testing.
This is the kind of faith every citizen and every enterprise dealing with a huge amount of data should have. Something that governs the dissemination of data and protects private or valuable data.
Microblogging platform Twitter has also announced the launch of its Privacy Centre for all communication related to their privacy policies and security incidents.
To better equip your organisations for data security, you can follow these few non-technical steps and tips to ensure the security of your data.
5 Ways To Ensure Data Security For Your Organisation & Users :
1. Recognize the value of data
Before you frantically rush to protect your data with various protocols and security measures, understand the value of data. Your organisation would be in possession of a lot of data and at times, some of it would be overlooked. This is a chance you can’t take when dealing with users’ data.
Any and all users’ data is important and needs to be protected from breaches. Whether it contains sensitive and personal information of the user or even a small preference, you must secure that data.
Privacy of personal information is an individual’s entitlement and every organisation must respect that. Data that might seem insignificant or harmless should also be protected.
For the same reasons that PDPB (Personal Data Protection Bill) has come into the picture, you need a policy for your organisation as well. When your company defines exactly what comes under a privacy breach and provides guidelines on how to handle data, half your headache is over. Your employees will be aware of the data they are allowed access to and will also know the consequences of accessing confidential data.
Not just employees, even at the misfortune of having an external data breach, your policies will help you get immediately into action.
This will also help your users feel safer when trusting you with information and knowing that they are protected by the policy.
These plans and policies should be refined as and when the technology around the world grows. You don’t want to stick to a data protection policy that doesn’t serve any purpose in situations.
3. Keep your employees and users aware
When you are introducing changes in an organisation, whether small or big, you must ensure your communication is perfect. Every employee of your organisation should be trained in using and managing data. They should be made aware of what is ethical and what they must avoid at all costs. Malicious links, USB usage, Bluetooth transfers etc, your employees should know what malware they might attract when using the internet.
Your chances of losing data or exposing personal data will reduce if everyone is educated about privacy laws. There will be less scope of ‘by mistake’ privacy breaches or data loss.
On the users’ front, you must maintain transparency when you acquire their data and the security measures you are taking to protect it.
4. Stronger passwords and backups
Setting a strong password is the most basic but the most ignored method of ensuring data security. Out of the fear of forgetting your password or just because they’re lazy, not many people put an effort into setting a strong password. However, you must encourage your employees to set strong passwords with capitalisation, special characters, and numbers.
The second most basic and effective thing is to regularly back up your data on a hard drive on in the cloud. So, even if one of your files is corrupted on the system, you can retrieve it back from these sources.
This is also applicable to the users of your website/app. They create an account with you and hence, should secure their data with strong passwords.
5. Devise a contingency plan
You can overcome a situation better when you are prepared for it. While making your data protection policy plan, also create a contingency plan. What kind of breaches can occur? How much value will you lose by this breach? How sensitive is your data? Who would want access to it and why?
When you lay down all these possibilities, you won’t stay stuck in shock when your organisation is targeted. You will be prepared to take action as the element of shock won’t rid you of your time. Quick action will save you from the expansion of the problem as you nip it in the bud. With guidelines in place, you have already set procedures to follow in case of a breach.
At this time, you should also communicate to your users if there is a breach and what the repercussions would be.
The growing importance of data…
From training machines with data to recording customer shopping preferences, data’s importance can’t be emphasized enough. Most enterprises would be soulless if they didn’t use data to analyse trends and make brand decisions. The possibility of tracking real-time updates from the physical world is because of Data.
Where there is growth, there is also dissent. Rising cybersecurity breaches and planned malware attacks are an outcome of data becoming vital for enterprises. Ensuring the security of your organisation’s data and users’ data is a given and enlightening your employees regarding the same is essential.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]