HOME
NEWS

Cybersecurity Policy Guidelines Need of the Hour


By VARINDIA - 2014-03-21
Cybersecurity Policy Guidelines Need of the Hour

Dr. Harold D’costa
Advisor Law enforcement agencies,
Cyber Crime

21st-century organizations are set up with the latest infrastructure and techniques to make the life of their organization as well as their vendors and customers easy and safe. Sophisticated SCM and ERP systems are now coupled to Cloud giving the best response and efficiency. Organizations today are spending a fortune on the infrastructure to ensure that they can attract customers and make them aware that they are in safe hands. 

For over a decade, I have been watching organizations scaling on their infrastructure and making necessary upgradation in their software to be called as an ideal company.  With the advancement of technology, organizations have scaled up but failed to realize if their guidelines set according to the laws of the land or simply made it easier by saying that the guidelines are, indeed, according to the government standards.

I remember in late 2009, a 12-billion dollar company in Pune became a scapegoat of not following the compliancy and had to face the wrath of law. The organization, one of the premiers in its sector, was having the best of the infrastructure but lacking compliance. Although they had compliancy in place, but it was according to the US norms, which is not permissible or applicable in the Indian scenario. The organization had a security policy in place, but it was never followed. They had their network and systems audited from time to time, but never followed the procedures. They had a proper code of ethics and best business practices in place, but never implemented. They had a robust system and Internet usage policy, but never knew what it meant when it came to follow it. The net result was that the organization, after spending more than Rs.2 crore, never realized that one day the law will catch them on the wrong foot. 

In all this mess, an employee took the benefit of the situation and used the organization’s system to create a fake and obscene profile of a girl and posted it on the Facebook, not realizing that he could be caught. On a complaint by the girl’s father, the system from where the obscene profile was created was tracked. The cops, after doing an indepth investigation, knocked at the organization’s door and made the organization, its Vice-President and the Managing Director as accused. The charges framed against them were that they never had security and cyber policy according to the Indian guidelines. The systems were checked for vulnerability, but never tested on some mock cases. As a net result, the organization was chargesheeted. Eventually, the employee who had posted the fake profile was caught, but that doesn’t mean the liability of the organization was relaxed or taken off. For keeping the system open for doing the crime, an offence was registered against the organization.

From October 27, 2009, a special provision has been introduced in the IT Act, which says failure to protect the data, failure to implement proper security practices, failure to prevent the data from unauthorized access are offences and the organization will be considered a co-accused and a compensation of up to Rs.5 crore has to be paid to the victim affected. 

Cybercrimes have now taken a different dimension and most of the modern crimes are now handled through mobile and computer network. In order that the organization does not become a scapegoat, the following guidelines have to be followed on a war-footing basis:

 

Get network, servers and systems scanned and check for vulnerability 

Fix the vulnerability and ensure that before the network is made alive, have a mock test done

Audit the network on a periodical basis, ideally every 3 months

Get a non-disclosure agreement signed with the employees

Create an awareness among the employees and explain the importance of security to them

Have a robust information and cybersecurity policy guidelines in place

Get the network and the system audited only through CERT-empanelled organizations

Maintain a log sheet of each and every transaction done through the network

Have a Disaster Recovery policy in place. Maintain a hot site to ensure that the data is not lost

Have a contingency plan and risk assessment to be done, in case there is any fatal attack on the network

Follow the laws of the land

Ask vendors whether the hardware and the software they supply are compliant according to the law of  the land prevailing in the country. 

Monitor the network traffic and have a proper IDS in place

Before investing in the firewalls and UTM, ensure that the threats are monitored and filtered by them

 

All said and done, there is a golden chance for every vendor today to provide an array of services. One of them is providing consultancy and guidelines on effective monitoring and prevention of malwares entering in the network. Also, there is a need for every vendor to realize that the legal implications and if they can provide these additional services, then there is no doubt that customers shall rely on such type of vendors who give them additional support to be protected from the clutches of law. 

Finally, organizations may have the best hardware, software and technology in place, but without security to the systems may attract criminal liability, loss of image, loss of customers, and getting the business back is a herculean task in today’s modern world. 

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA