Cybersecurity risks amidst the COVID-19 crisis

Abstract

Work from home a common parlance nowadays with every institution shifting to digital space to carry out its work while maintaining social distancing. It has posed a new challenge with emerging cases of cyber-attacks, frauds and crime that can seriously and negatively affect the already ailing business enterprise and could open the doors to more invasive forms of government prying in future.

With the steam out of globalization, the world economies are headed towards an overall slowbalisation in the wake of the COVID-19 pandemic. In response to the pandemic, employers have altered traditional working methods to limit contact between employees. This is especially widely adopted by the IT sectors, education institutions, consulting companies, and the judiciary, to name a few.

Embracing remote working methods, pay cuts and mass layoffs on one hand, yet oblivious to the depth of its impact on the other, one thing is abundantly clear — the workplace will never be the same again!

Large scale adoption of work-from-home technologies including videoconferencing services, collaboration platforms, and other digital tools for seamless functioning of businesses and its employees — have increased our exposure to cyber threats. Now we have learnt ways to reduce the risk of the virus through regular sanitization and social distancing measures, but there is a need to develop good cyber-security habits to reduce associated risks amidst the mass digitization of businesses. After all, we are in the midst of the largest work-from-home experiment in history!

Work-from-home tools do not have high firewall and security as is the case in offices. However, proprietary confidential data and information pertaining to businesses are being accessed from such unsecured laptops and desktops, thereby leading to an increased exposure to phishing, email scams, and ransom ware attacks by cybercriminals. Managers are in dire straits to reassess the legal, technical and personal dimensions of the cyber-security threats to their data, and proactively evaluate loss prevention processes.

This, however, leads us to a larger question of — whether technological advancement and privacy can be allies?

As privacy concerns linger, especially with usage of compromised applications like Zoom, the government’s recent launch of ‘Aarogya Setu’– an App meant for contact tracing and information dissemination — was heavily criticized for its non-compliance with data protection policies, accountability and transparency itself. In fact, such surveillance measures could permanently open the doors to more invasive forms of prying in future. Unfortunately, in the present scenario, Indians have little recourse to challenge digital exercises of sovereign power.

Presently, the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 govern India’s data protection regime. However, these legislations fail to protect individual interest in today’s time. Geo-location tracking, biometric data and facial recognition apps could invariably violate the right to privacy, but there is no legal framework that regulates or enables the use such technologies without violating the Fundamental Right to Privacy granted under Article 21 of the Constitution.

Even the Personal Data Protection Bill, 2019 which is likely to be approved by the Parliament in the Monsoon session of 2020 fails to take into account all stakeholders involved in data breaches. For instance, the Bill imposes heavy fines upto Rs 15 crores or 4% of the annual turnover for violations, but exempts the ‘consent’ requirement in certain circumstances where — data is required by the State, for legal proceedings, or to respond to a medical emergency. These regulatory changes, though onerous to many, are almost a natural and necessary trajectory considering India’s growing digital footprint in the world and the enormous amounts of sensitive information they leave at the State’s disposal, with or without consent!

While the present deluge of surveillance may be a necessary evil to curb COVID-19, unabated tracking of citizens to curb the virus is a disproportionate act of violation of privacy and may usher in an era of unprecedented privacy violations by companies and the government alike. Thus, strengthening India’s data protection regime and making the government accountable for data breaches may give more confidence to users and keep privacy concerns at bay.

With little recourse to challenge government measures to curb the virus, citizens are left scrambling for alternative solutions to secure data and ensure privacy. At the outset, creating awareness among masses to refrain from crucial data sharing online and turning off the webcam or putting across a black tape, may sound rudimentary, but is necessary in these times.

Cyber attacks on an organization operating remotely in conditions such as the COVID-19 outbreak, has tremendous potential to spiral out of control. But in the wake of global health, political and financial disruptions, remote jobs powered by cyber tools are providing a temporary respite to the economy, despite the increased exposure to fraud, data leakage, and privacy breaches. Thus, stakeholders involved must ensure highly-secure working platforms for employees, create awareness of good security habits, conduct due diligence and be vigilant, so as to quick action to salvage any loss.