What is cyber security? Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, the term security implies cybersecurity.
Various ways to protect your online identity
• Passwords The most common way to protect your online identity is to focus on creating strong passwords. When creating a password, choose something that will not be easily cracked or decoded. Never use a word or number that someone can associate with you such as a first, middle or last name, a spouse or child's name, address, phone numbers, employers, or other identifying letters or numbers. Mix up the letters and numbers used in your password and use symbols and a combination of upper and lower case numbers when possible in order to protect yourself from online security breaches. Additionally, it is important to never share your password with anyone. It might be necessary to change your passwords a few times each year.
• Look for Encryption Before making any sort of financial transaction online, look for signs that show whether the website is encrypted or not. To do this, look for two things: the trusted security lock symbols and the extra "s" at the end of http in the URL or web address bar. When you are on the page that's asking for your credit card information, the "http" changes to "https" when it is a secure site. At the same time, a lock symbol will also appear on the right side of the address bar or at the bottom left of your browser window. These two signals show that the site is encrypted, which means nobody will be able to see information as it's sent to the website owner. This keeps your name, phone number, address, credit card number and other sensitive information from being seen by anyone else.
• Security Suites Security suites are security programs that keep dishonest people and programs from infecting your computer and stealing information and data from you. This includes blocking harmful software such as spyware, viruses, and phishing scams that can be installed secretly when you are online. Some of the popular security suites include Norton Antivirus, McAfee Virus Protection, Ad-Aware Pro Security, and AVG Internet Security. Be sure to purchase and install one of these suites to protect your personal information online.
• Web Browser Blacklisting The lack of Internet security is partially due to the Internet browser being used. Many web browsers have additional security options such as blacklisting. This allows you to set the criteria for sites you will be navigating; only secure, trusted sites will be available to visit.
• Learning about Phishing Scam
Phishing scams use a variety of methods to obtain your personal information and steal your identity. There are many different phishing scams out there, but they can be avoided by educating yourself on how to recognize them. To avoid being the victim of a phishing scam never open emails or attachments when the sender is unknown and don't click on unsecure links from strange emails. Additionally, avoid anyone offering money, unfamiliar job opportunities or requests for donations to charities as this might be a plot to obtain your personal information and online identity.
• Private Data Protection Another way to protect your online identity and sensitive information when sharing it online is to get private data protection. This type of security suite will protect any private data that is included in emails, private messenger programs, social media sites or in various blogs. By employing a private data protection suite, you can further prevent hackers from gathering your personal information.
• Password-Protect Your Wireless Router A wireless router that accesses the Internet at your home or business should always be password protected. When you do not have a password on your wireless network, anyone in your range can use and access your Internet, even a hacker. A hacker with experience committing cyber crimes will use this to their advantage and steal information from your computer while accessing your router. You should also enable the encryption feature on the wireless router which scrambles any data you send online to further protect your sensitive data.
• Hide your Personal Information It is possible to accidentally share your personal information with others if you don't set up your web browser properly. Any time you get a new computer or download and install a new browser, you can first configure it. To do this, you will access the "set-up" option on the browser and choose to configure the browser so that it doesn't reveal your name, email address or other information. Be sure to take this extra step when downloading or installing a browser to ensure your privacy and safety.
• Enable Cookies on Your Web Browser When Required Another option for setting up your browser to protect your online data is by enabling cookies only when required by a website. These cookies are details websites store on your computer, including information about what sites you visit and what you do there. Most of them keep the details to themselves, but this is also a way dishonest people get your information. You want cookies to be enabled, but to limit them only to websites that require it.
• Protect your Credit Card Info Lastly, you should consider taking extra steps to protect your credit card information. Of course, you should be sure the transaction page is encrypted from the steps listed above, but you should also be wary of where you make credit card payments. If it's an option, use one credit card for online purchases only and make it a credit card (not a debit) card that connects to your bank account. If a debit card is used and a hacker gets your information, they could gain access to your bank account as well.
Types of online fraud and phishing variations
• Phishing Email and Fraudulent websites Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information. It’s also known as brand spoofing. If you should ever receive an email that appears to be suspicious, do not reply to it or click on the link it provides. Simply delete it.
• Popup windows/advertisements Pop-ups are the advertisements that "pop up" in a separate browser window. When you click on some of these pop-ups, it's possible that you're also downloading "spyware" or "adware."
• Vishing Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private, personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Scammers randomly dial phone numbers using an automated system or a real human being pretending they are calling on behalf of Bank/financial company asking you to update information regarding your, bank accounts, Card details etc. because there is a problem on your account or they may also say that they have made some upgrades into their system.
• Smishing Smishing is a form of criminal activity using social engineering techniques similar to phishing. Smishing victims receive SMS messages. Known as "smishing," these text messages might ask a recipient to register for an online service — then try to sneak a virus onto the users' device. Some messages warn that the consumer will be charged unless he/she updates his/her personal or financial credentials in a Web site that then extracts such information and other private data.
• Key logging Unwanted Key-Logging software can record everything that is typed on a computer and send the information to an outside party. Key-Logging "Spyware" or "Adware" often infects a computer via a virus attached to an e-mail or other type of download.
Preventive measures for cyber crimes Prevention is always better than cure. A netizen should take certain precautions while operating the internet and should follow certain preventive measures for cyber-crimes which can be defined as:
• Identification of exposures through education will assist responsible companies and firms to meet these challenges.
• One should avoid disclosing any personal information to strangers via e-mail or while chatting.
• One must avoid sending any photograph to strangers by online as misusing of photograph incidents increasing day by day.
• An update Anti-virus software to guard against virus attacks should be used by all the netizens and should also keep back up volumes so that one may not suffer data loss in case of virus contamination.
• A person should never send his credit card number to any site that is not secured, to guard against frauds.
• It is always the parents who have to keep a watch on the sites that your children are accessing, to prevent any kind of harassment or depravation in children.
• Web site owners should watch traffic and check any irregularity on the site. It is the responsibility of the web site owners to adopt some policy for preventing cyber-crimes as number of internet users are growing day by day.
• Web servers running public sites must be physically separately protected from internal corporate network.
• It is better to use a security programmed by the body corporate to control information on sites.
• Strict statutory laws need to be passed by the Legislatures keeping in mind the interest of netizens.
• IT department should pass certain guidelines and notifications for the protection of computer system and should also bring out with some more strict laws to breakdown the criminal activities relating to cyberspace.
• As Cyber Crime is the major threat to all the countries worldwide, certain steps should be taken at the international level for preventing the cybercrime.
• A complete justice must be provided to the victims of cyber-crimes by way of compensatory remedy and offenders to be punished with highest type of punishment so that it will anticipate the criminals of cyber-crime. Remedies available in case of identity theft The terms data theft, data breach, identity theft and phishing, are commonly and loosely used in common parlance and cannot be strictly used as legal expressions, although identity theft is now defined in Section 66C of the IT Act. These crimes have elements of theft and cheating, from the legal perspective. The following legal provisions in the I.T. Act, 2000 as amended by the IT (Amendment) Act, 2008 can be said to apply to “data crimes” or “data related crimes”:
• Section 66B: Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
• Section 66C: Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh
• Section 66D: Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees
• Section 66 read with Section 43(b): Whoever downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium, without the permission of the owner/person in charge, is liable for imprisonment up to three years or with fine up to rupees five lakhs or with both.
• Section 66 read with Section 43(h): Whoever Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network without the permission of the owner/person in charge, is liable for imprisonment up to three years or with fine up to rupees five lakhs or with both. Besides the abovementioned provisions, there are provisions which cover the act of „hacking‟ though not called so in the provisions. These provisions are:
• Access to a computer [Section 43(a) read with Section 66]
• Downloading, copying or extraction of data from a computer [Section 43(b) read with Section 66]
• Introduction computer virus and contaminants [Section 43(c) read with Section 66]
• Causing damage to a computer [Section 43(d) read with 66] • Causing disruption of a computer [Section 43(e) read with Section 66]
• Causing denial of access to a computer [Section 43(f) read with Section 66]
• Affecting critical information infrastructure [Section 70]
• Cyber terrorism [Section 66F]
Hence, all the above provisions are capable of being invoked in a case of data theft being identity theft, depending on the method by which such identity theft is committed.