Cybersecurity | Best practices for data loss prevention & latest threats to be wary of

However, Cybersecurity is so dynamic that it needs continuous upskilling, or those who plan a career in this field will be caught off-guard.. The world is preparing for the next level of the digital revolution. What we don't see around us as, common public, are self-driving cars, cryptocurrencies, robotics, IoT, and blockchain, but they will be part of our lives sooner than we anticipate. It will give rise to more challenging, complex, and damaging cybercrimes.

Cybersecurity and preparedness for data privacy protection are the most talked about topics in CXO circles. Digitisation in the last five years has left every individual and organisation dependent on the internet, apps, digital assets, and data. We observe them as designs, drawings, documents, spreadsheets, emails, and applications from an enterprise viewpoint. They contain intellectual property, technology, competitive bids, customer data, HR data, NDA-bound information, accounts data, R&D data, and specific business information.

Loss of data impacts the business continuity of any enterprise. Leakage of data leads to competitive exploitation or compliance default. Improvement of cybersecurity is an ever-evolving phenomenon. Deployment of firewalls, antivirus, VPN networks, multi-factor authentication, OTP-driven transaction processes helps organisations deal with cybersecurity challenges. They help organisations protect themselves from external threats.

Recently, solution providers have been working on the concept of detecting, sharing, and responding to emerging threats through collaboration. Data privacy protection is a more complex problem. Besides external threats, it requires dealing with internal threats too. It is a relatively new domain. Deployment of DLP (Data Leakage Prevention) solutions to mitigate internal threats to data privacy is the most common strategy. Other emerging technologies to deal with internal threats to data privacy are data encryption and AI-driven monitoring of sage of IT systems by the users.

Of late, India has witnessed a tremendous increase in cybercrime. Individuals, corporates or MSMEs, almost every sector of IT consumers, are equally impacted. The primary reason is the rapid adoption of technology in our personal and professional lives. The pace of going digital is far more intensive than spreading awareness about the precautions.

Let us first understand the consequences of cybercrime. At the individual level, consumers can be duped of money and have their privacy breached. At the enterprise level, businesses can be exploited competitively and held to ransom for their data by cybercriminals.

We can understand the trends in cybercrime and what kind of precautions and practices should be followed. They are specific and different for individuals and enterprises. Let us first understand this as regards the cyber challenges of enterprises.

Enterprises are vulnerable to cyberattacks while they extend access to their data to remote users or work-from-home users. They use free tools for remote access. Enterprises should invest in a low-cost VPN router to allow work-from-home users to access data from the Central Storage Device. This move will make things extremely difficult for cybercriminals.

It is tempting for enterprises to use low-cost substandard email systems. It leads to identity theft which is the most common cyberfraud method. The use of such an email system exposes them to ransomware-infected attachments. Enterprises must use standard email systems like G-Suite, Office 365, or similar suites that are less vulnerable to identity theft and backdoor ransomware-infected attachments.

Companies must use licensed antivirus software to protect computers from viruses and ransomware. The expense of antivirus is petty, but the protection is immense.

Firms fall for pirated software to save money. Pirated software is full of malware. It exposes them to tremendous risk of data loss and theft. They must evaluate IT in Box Solutions that deliver the essential enterprise IT environment with minimum software license cost.

Enterprises, specifically MSMEs, are more vulnerable to insider threats than external. They need to execute strong employment agreements with employees, legally binding them from intentionally deleting data and to maintain data confidentiality. Enterprises should educate employees on identity theft, phishing websites, employment agreement terms, piracy, and the consequences of the data breach.

Central storage devices which can recover data after accidental or intentional deletion by employees must be a key investment. Such devices can identify who deleted the data if an employee has intentionally deleted the data.

Organisations should deploy endpoint controls to prevent employees from leaking data over USB ports, emails, or the internet. Such a leakage by an insider can hold enterprises liable for breaching the confidentiality agreement they may have signed with their clients.

Companies must provide off-premise backup on the cloud. They must ensure they have the necessary provisions to back up their cloud ERP, Files, and Email data on the cloud. It will ensure business continuity against data loss due to ransomware, deletion, infection, and disaster.

At an individual level, there is a need to create massive awareness and educate consumers about precautions they must take while going digital. India's OTP-based transaction systems and UPI are robust and secure. The advent of the Personal Data Protection Law will hold custodians of individuals' private data accountable and make them more responsible. This development will enhance the protection of an individual against potential cybercrime.

At the enterprise and MSME levels, things are more serious. It requires a cautious and conservative approach to going digital. Following are the points to be conscious about.