Editors' Note: The Industry Dialogue is a multi-part series by News18.com in which the industry talks about the impact of the Coronavirus pandemic and the challenges because of the COVID-lockdown, as well as the possible solutions and measures to get the economy back on track at the earliest.
The world is facing a black swan event at a scale never seen before in recent times. During these testing times, companies and brands that have adapted to technological transformative practices can expect minimal disruption while companies that are yet to do so could face hiccups in the near future. Working from home has become the new norm and with more people staying in, internet usage has shot up dramatically thereby creating huge stress on the network providers. While digital inclusion brings with it a host of benefits, it is also the apt time to evaluate the need for better data security and privacy policies in order to safeguard the interests of our societies at large and guard our interests from malicious cyberattacks. There are many ways in which brands and companies could address the challenge of data security and privacy during COVID-19.
Demystifying the data privacy and security policies
The Supreme Court of India in 2017 ruled that the right to privacy is a fundamental right granted to every individual in the country under the constitution. However, consumers at large are yet to exercise their right on the same owing largely to the convoluted and incomprehensible privacy policies in place. Consumers often tend to skip reading such tedious policies and unbeknown to them grant complete access to apps/devices or services to sensitive information about them. Consumer awareness is critical aspect which needs a lot of focus. Most the best designed solutions are breached as the end user uses easy or predictable passwords, leading to hacker’s brute force methods to get into their accounts. The recent incident of a leading camera brand is a point in case. It is important for Companies who value their customers privacy to have two factor authentication scheme.
Is your data safe in a cloud storage?
Instituting internal privacy and data security protocols are critical
For Internet companies, privacy and data security must never be an afterthought. This has to be brought in place at the time of design and architecture of services, with constant upgradation as new threats emerge. In the event of a crisis such as data breach, the lack of internal data security protocols could come to haunt companies in the form of legal penalties and a loss of consumer confidence in the product. Brands must focus on undertaking privacy and data security audits periodically in order to plug in any loopholes in their service or product. Brands could also institute a bug bounty program where they can crowdsource this audit and expedite the process of plugging any security loopholes.
Involving the right stakeholders
The onus of data security and privacy no longer solely rests on cybersecurity professionals. As debates around the same are increasingly becoming a part of the public discourse; lawyers, policy experts, activists, law enforcement officials and technocrats are increasingly emerging to be key stakeholders in the process. In order for tech brands to operate today, it is imperative that key decision-makers are involved or consulted in order to iron out any gaps in the privacy protocols. With privacy becoming a fundamental right, involving key decision-makers would also allow brands to be better informed about the wider civil repercussions that their product or service could create. User data has to be treated as confidential data and should be stored in encrypted databases in the solution platform, so a breach in the platform does not lead to hackers pulling off a bulk of sensitive data easily from these databases.
Building Security in Services and smart devices
We are surrounded by smart devices in our daily lives. While these smart devices improve our life styles, it is important for us to access how secure these devices are, when it comes to privacy. These devices have to designed to be secure and robust. Strong root of trust methods should be implemented in the consumer electronic devices, to protect them from malwares and unauthorized access. Data created and stored by these devices has to transmitted in a secure and encrypted form. Consumer brands in this space, have to ensure that their products and services are delivered in a secure and reliable manner.
When Hero Electronix decided to get into Home automation and security space with our brand Qubo, we diligently ensured the devices and services we built were designed with security and data privacy in mind with a single principal – Security First. Each of our products is secured using the QCrypto framework. All accesses to the device is only from authenticated and authorized users. In our security cameras the data video, audio and images is protected by strong encryption methodologies, and transported over TLS secured channels to the cloud and user for consumption.
Knowledge exchange
Security threats are evolving constantly and exponentially. Keeping a track and combating them would need an industry-wide effort in order to thwart any future threats. Currently, data security and privacy is a black box for the industry at large with access to knowledge and resources being confined to only a few players. In order to take this threat head-on, brands need to exchange knowledge more publicly so that the industry at large can benefit from the same. Security best practices should be followed diligently by organizations so as to leave no cracks open.
About the Author:
Anup Cheruvathoor is the Chief Technology Officer, Consumer IOT at Hero Electronix.
Comments
0 comment