Cyber security advisory

Quick Legal Service . Employment & Labour . Civil & Property . Personal & Family . Cheque Bounce | Banking & Finance . Intellectual property . Business & Corporate . Criminal

CYBER CELL CYBER SECURITY ADVISORY INDIA

  • Personally Identifiable Information (PII).

    • PII is any data that could potentially be used to identify a particular person. Example include full name, Mobile Number, Office/ Residence Address, Aadhaar Number, PAN Number, Driver’s license Number, Bank Account Number, Passport Number of self and family member, etc.

  • Misuse of PII by Malicious Actors.

    • Malicious actors can misuse PII by stitching together, various disparate information, to their own advantage for carrying out targeted spear-phishing attack. For example, if an e-mailof Service Personnel is compromised, the same can be used for malicious activities like breach of privacy, phishing, illegal activities, blackmailing the victim for money or leakage of official secrets. Identity theft of one’s Credit/ Debit card info can result in loss of money by fraudulent transactions on behalf of the victim. In case of loss of Aadhaar, PAN, Driving License etc, the same can be used to avail fake loans orcan be used as an ID proof while committing a crime. These ID proof can be used to purchase SIM cards for criminal purpose. Using Departmental ID cards, one can enter in restricted or prohibited area for any anti-national activities. Death benefits of an individual like insurance can be claimed by frauds by using fake ID cards of the heirs. Medical and children identity can be used to avail benefits of medical insurance claim and education grants/loans.

  • PII is stored in digital format at various locations/ devices in the organisations.

    • such as web application servers, email servers, end point devices and can be compromised by carrying out targeted attack on them. The same can be carried out through the usage of external media such as Wireless/ USB devices used for storage & transfer of data.

    CYBER SECURITY BEST PRACTICES

    The best practices in the succeeding paragraphs will aid an organisation/ individual user in maintaining good Cyber Security Hygiene and thus protect the PII.

    Web Applications Security Best Practices.

    Internet facing websites of organisations are always subjected to regular online attacks by adversaries/ hackers. These websites may contain sensitive PII of service personnel. Therefore, these websites are to be protected with adequate security controls. Some of the best practices in this regard are enumerated below:-

  • Use https protocol instead of http protocols it has inherent security and prevents Man-In-The-Middle (MITM) attack.
  • Carry out Vulnerability Assessment/ Security Audit of Internet facing websites regularly from CERT-In empaneled vendors.
  • For security of data at rest (database) and data in use, an appropriate encryption algorithm must be used along with layers of security.
  • Security of PII data on Internet facing website should be taken care using necessary security controls/ techniques like encryption, anonymization and tokenization etc.
  • Incase site usesSSL, the SSL certificate should be signed by an authorisedCA/ RA approving authority. The same needs to be kept current.
  • Download any software from original websites, rather than third party.
  • Install & configure software firewall to protect against malicious traffic.
  • Use Certified / PCI Compliant payment gateway for online transactions.

    • Email Security Best Practices

    Email needs to be kept secure and free from the malicious content to keep the potentially sensitive information from being read by an unintended user. Following actions are recommended:-

  • Use strong passwords for email account.
  • Scan the emails with latest update Spyware and antivirus priortoopeningit.
  • Do not open email attachments from unknown sources.
  • Do not click on the embedded links in emails.
  • Empty the spam & trash folder regularly.
  • Encrypt/ Password protect the documents used in emails for exchange of important information.

    • Desktop Security Best Practices

    The following are the best practices to be followed for protection of desktop clients:-

  • Always use licensed software so that you have regular updates of your OS and applications.
  • Read terms & Conditions/ Licensed agreement provided by vendor/software before installation.
  • Properly shutdown the PC. Never switch off directly from main supply.
  • Enable auto updates of OS/ AV so as to update regularly.
  • Install antivirus/ anti spyware & update it regularly.
  • Secure data at rest with encryption. Dispose sensitive data securely using digital file shredder software.
  • Use strong & long password for login in to client and applications too.
  • Periodically backup the data for computer on other media.
  • Enable BIOS password to prevent unauthorized access to PC.
  • Enable screen lockout option.
  • Beware of personnel around the office, against shoulder surfing.
  • Do not store unauthorized/ service related data on PCs.

    • Wireless Security Best Practices

    Technology has made life convenient for everyone to connect to the Internet without having to connect physically to the networking devices through technologies such as Wi-Fi and Bluetooth. Both Wi-Fi and Bluetooth rely

    on radio signals for transmission of data. Radio signals are relatively easy to intrude upon when compared to tapping information on a cable making them more susceptible to an attack. The following are the few of the best practices to be followed for a safe wireless networking experience:-

  • Change default admin password.
  • Use WPA3 security, along with strong encryption algorithm (AES-256)
  • Change default SSID and do not enable SSID broadcast.
  • Enable MAC filtering.
  • Turn off the Wi-Fi when not in use.
  • Assign static IP address to devices and turn OFF DHCP.
  • Do not enable auto connect to open Wi-Fi network.

    • USB Security Best Practices

    Use of portable devices can increase the risk of data loss, data exposure and increased exposure to network based attacks to and from any system the device is connected to. The following are some of the best practices to be followed for USB security:

  • Scan the portable device with latest updated antivirus before its usage.
  • Protect USB with password, in case the facility is provided on it.
  • Encrypt files & folders on USB.
  • Protect the stored documents with strong password.
  • Do not accept any promotional USB device from unknown persons.
  • Never keep sensitive information on USB without encryption.
  • Safely and securely destroy/dispose the old media with stored data.
  • Strictly control the use of USB/removable media for storing/processing/transfer of official/sensitive data.

    • Request Free Consultation

    Avoid litigation? Ask us!

  • CYBER SECURITY ADVISORY
  • CYBER SECURITY BEST PRACTICES

    • Related Articles

    Legal notice for refund of money

    Legal Paperwork

    Cheque bounce legal notice

    Call Now

    Arrange a Call Back

    Whatsapp