Category: Security Tech

Categories
Security Tech

Protecting your personal data in times of uncertainty

data protection

Written by – Kiran Kari on Digilah (Tech Thought Leadership)

It has been couple of years since COVID-19 brought the world to a standstill. While countries are opening their borders for business and tourism, it wasn’t long ago that the world shut itself up in a cocoon. The pandemic brought a lot of good when the going was bad. The good was brewing in the human mind – innovation! Businesses and large enterprises have found new ways to engage, employees have found ways to be efficient and productive, and consumers have found creative ways to purchase and consume. 

In the pandemic, the consumer was wary about touching soiled currency notes, the interactive screen at the ATM, or share their credit/debit cards to make that necessary purchase. These are all high touch points in a daily life. The only way to overcome these challenges was through usage of mobile apps. Mobile apps provided us with the convenience of booking a taxi, ordering food or make payments without making physical contact with a third person. 

Like it is in any business, with every advantage comes the corresponding disadvantage. The use of banking and financial mobile apps was always certain to grow but, in the pandemic, it grew much faster than anticipated. No one expected the number of users accessing digital services would grow so fast, so soon and so exponentially high. With such high usage in digital payments also came the threat in the form of malicious actors or more commonly known as, hackers

Banks, wallet payments firms or any enterprise with a consumer facing mobile app need to protect their apps from the threat vectors emanating from their consumers devices. Similarly, the consumer must be equally responsible for their own data and privacy. The hackers are looking for ways and means to steal credentials, data, create fraud, take over accounts, change the behaviors of the apps, etc., all of which amount to huge losses to the business and the consumer alike. Hackers have access to very sophisticated tools to ‘mix and match’ their attacks. A lot of compromises to the consumer devices happen through sophisticated malware, screen overlay attacks, advanced jail break or rooting techniques, root enablers and reverse engineering.

There have been many instances of hacks and compromises across the world in the recent past and it will continue to make headlines. Most recently, the OCBC bank SMS scam in Singapore lead to huge losses to account holders and the bank was penalized heavily by the regulators. So, what can we do as consumers to keep ourselves safe?

It is a healthy practice to not only keep your mobile devices clean and safe but also be cautious about your surroundings. Some of the basic hygiene that you can follow is as below:   

Some of the basic hygiene that you can follow is as below:

  • To begin, don’t click on the links that come as text messages (or email) on any of your messaging platforms, especially when it is from an unknown source. This is the biggest reason for phishing attacks. Phishing scams look so real that you end up thinking its genuine.
  • Similarly, be wary of vishing attacks, wherein someone calls you, pretends to be from your bank or a government agency and have you share your critical data, OTP, et al. 
  • When in doubt, call your bank or the agency to verify the information. When you know it’s not true, register your complaint on the fake call you received. Be a good Samaritan. 
  • Never share your personal information with any unauthorized person. No legal entity will ask you to part with your personal data. 
  • There are many frauds happening on social media platforms including your messaging apps. Don’t fall prey for anything that looks too good to be true.
  • Always download apps from the authorized app or play store.
  • Do not jail break or root your mobile devices. 
  • Ensure that you have a well-known anti-virus installed on your phone that also checks for phishing attacks.
  • Never store critical info like passwords, bank account information, etc. on your mobile devices.
  • Spend some time educating yourself on cybercrimes.

In the current climate of uncertainty, it is impossible to predict what is going to happen next. But we know that the malicious actors are going to be a lot more active than ever before.

It is time for consumers to be data proactive and strengthen the security on their mobile devices. 

Most searched queries

Data protection methods

Data protection examples

Data security

Most searched question

What is data protection and why is it important?

What are 5 ways to secure data?

What measures should you take to keep data secure?

How are privacy and data protection related to each other?

 

For more such amazing content follow Digilah

Categories
Security Tech Med/Health Tech

Security & Privacy by Design – Health Data Management Policy

Security & Privacy by Design

Written by : Sujeet Katiyar on Digilah (Tech Thought Leadership)

Every byte of data has a story to share. Important question is whether the story is being narrated accurately and securely. Usually, our focus is sharply on the trends around data with a goal of revenue acceleration, but we commonly forget about the vulnerabilities caused due to bad data management. Data possesses immense power, but immense power comes with increased responsibility. Just collecting, analysing and building prediction models is simply not enough in today’s world. Always keep in mind that we are in a generation where the requirements for data security have perhaps surpassed the need for data correctness. Hence today the need for Privacy by Design is greater than ever.

“Privacy by Design” and “Privacy by Default” have been frequently discussed topics related to data protection. The first thoughts of “Privacy by Design” were expressed in the 1970s and were incorporated in the 1990s into the RL 95/46/EC data protection directive. Privacy by design is an approach to systems engineering that seeks to ensure protection for the privacy of individuals by integrating considerations of privacy issues from the very beginning of the development of products, services, business practices, and physical infrastructures. The adoption of security and privacy principles is a crucial step in building a secure, audit-ready program.
Privacy by Design is based on 7 principles:

Privacy by Design is based on following 7 principles:

  1. Proactive not Reactive; Preventative not Remedial – Privacy by Design comes before-the-fact, not after.
  2. Privacy as the Default Setting – it is built into the system, by default.
  3. Privacy by Design is embedded into the design and architecture of IT systems and business practices
  4. Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner not Zero-Sum
  5. End-to-End Security — Full Life-cycle Protection
  6. Visibility and Transparency — Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives
  7. Respect for User Privacy — Keep it User-Centric.

Privacy by Design in Health Data Management Policy by ABDM

Consider data protection requirements as part of the design and implementation of systems, services, products, and business practices. The federated design of the National Digital Health Ecosystem ensures that no personal data other than what is required at a minimum to create and maintain Health IDs, Facility IDs or Health Professional IDs shall be stored centrally. Electronic medical records shall be stored at the health facility where such records are created, or at such other entities as may be specified by Policy. Electronic health records shall be maintained by entities specified by Policy, as a collection of links to the related medical records. ABDM shall issue appropriate technological and operational guidelines providing for the establishment and maintenance of the federated architecture, for ensuring the security and privacy of the personal data of data principals, and for maintenance of electronic medical records and electronic health records.

Health Data Management Policy by ABDM

Prepare a privacy policy containing the following information:

  1. Clear and easily accessible statements of its practices and policies.
  2. Type of personal or sensitive personal data collected.
  3. The purpose of collection and usage of such personal or sensitive personal data.
  4. Whether personal or sensitive personal data is being shared with other data fiduciaries or data processors.
  5. Reasonable security practices and procedures used by the data fiduciary to safeguard the personal or sensitive personal data that is being processed.

The privacy policy referred shall be published on the website of the data fiduciary. In addition, the data fiduciary shall also make available a privacy by design policy on its website containing the following information:

  1. The managerial, organisational, business practices and technical systems designed to anticipate, identify and avoid harm to the data principal.
  2. The obligations of data fiduciaries.
  3. The technology used in the processing of personal data, in accordance with commercially accepted or certified standards.
  4. The protection of privacy throughout processing from the point of collection to deletion of personal data.
  5. The processing of personal data in a transparent manner and
  6. The fact that the interest of the data principal is accounted for at every stage of processing of personal data.

The privacy policy issued and the principles of privacy by design followed by the data fiduciaries should be in consonance with this Policy and applicable law.

Article by Sujeet Katiyar

Digital Health । Rural Healthcare । Regulatory Compliance । ABDM, HIPAA, GDPR, Data Security & Privacy Professional as Consultant, Start-up Founder, Director with 23 years in Web & Mobile Technology with AI, ML, Blockchain

 

Most searched questions

What Is Data Privacy and why Is it Important?

What are the types of data privacy?

What are the advantages of data privacy?

Most searched queries

Data security and privacy policy

Data privacy security and in cloud computing

Privacy and security in technology

 
For more such amazing content follow: Digilah

Categories
Security Tech

Access control in the new normal

Written by Manish Dalal on Digilah (Tech Thought Leadership)

Security risks have become a de facto part of everyday business life, but in the race to plug in gaps created by technology itself, physical security threats should not be ignored. Two years of working/studying/shopping from home have inured many of us to the risks stemming from the conventional physical security measures. But the threat still exists and now includes health risks too.

In the aftermath of pandemic, as organizations reopen their doors to staff and visitors, it’s important to remember that a significant number of people caught the virus from outside or from family members who went out—to work, play, shop, etc. This danger continues to lurk; and will even after the virus becomes endemic (hopefully soon). This means that measures that require contact—fingerprint readers, card readers, keypad readers for instance—are vulnerable, at best.

But beyond worries about contracting the virus through surface contact, there is a pressing need for a more seamless process to vet and permit entry into the workplace. Ideally such solutions should be:

  • Contactless
  • Optimized
  • Seamless
  • Allow screening of visitors for identification as well as concealed contraband items

Solutions that integrate all of the above will offer benefits through higher levels of security, manpower cost savings, time savings and analytics that can provide actionable business intelligence.

It goes without saying that the data obtained in the course of tech-driven access management should be thoroughly protected by multi-layered security. This is not just to placate the woke crowd but to instill confidence in the business itself.

Biometrics has a major role to play in enabling these solutions. At ZKTeco we recognize this and our Safe2Greet solution is an effort to meet all the expectations of the customers highlighted above.

It incorporates a number of our patent pending technologies to create a complete entrance/access control solution that starts by having visitors pre-register their information via a digital invitation sent to their mobile phones and check them in using various hardware options like a self check-in kiosk or a facial recognition reader. On submitting this information, a QR code is generated and sent to the visitor. On scanning this QR code at the entrance kiosk, factors such as body temperature, mask compliance will be verified.

Once this is done successfully the visitor can proceed to the turnstile, where same the QR code can grant access as well. Cronus, turnstile with built-in metal detector also screens for concealed metal objects—an unobtrusive way to avoid violence, as well as deter pilferage—at exit points. The data collected in the process is secured through high-level security that includes encryption and multi-step access verification.

Safe2Greet avoids physical contact, reduces manpower dependence, and raises the levels of health and safety. Biometric driven solutions like Safe2Greet are not the future, they are available now and they’re here to stay.

Categories
Security Tech

RIP Access Cards

Written by Jagat Parikh on Digilah (Tech Thought Leadership)

Remember when you used to swipe your access card through the electromagnetic reader at the office door?

That norm will soon be done away with.

In the contemporary context, the world of access control and visitor management systems will be run by mobile-based credentials.

Instead of on a card, the visitors who come in will have their identity information on their smartphones, smartwatches, and other devices. This will be authenticated by the workplace’s physical access control system—be it a turnstile or digitally-lockable door—before allowing them access inside the premises.

In 2017, Gartner had reported that 1 in 5 companies would use smartphones as vehicles for identity management and access control by 2020.[1] That number will only be set to increase as social distancing concepts gather momentum, and the need for contactless protocols rises.

[1] Gartner Says That 20 Percent of Organizations Will Use Smartphones in Place of Traditional Physical Access Cards By 2020, Rob van der Meulen.

Access cards, while still handy, have several drawbacks which mobile access credential systems solve.

1. Reduced Costs 

The cost of material, micro-wire, and printing for each card can dent a company’s revenue. Some companies in the U.S. pay as high as $15-25.

In the event that a company adopts mobile-access credentials, this whole cost process is eliminated. Due to the easy availability of smartphones in the world today, your employees will already have the bare bones of the protocol. Should identification be needed, there are several protocols available to a smartphone due to its versatility: QR code, One Time Passwords (OTPs), face recognition, and other biometrics.

2. Time Needed to Implement

When a new employee or maintenance staff is recruited, the process from production to obtaining their card can take 5-7 days! Employee codes have to be known, the data has to be entered into the card, and the material needs to be bought and paid for.


When you use mobile credentials, this process is whittled down to a 3-minute process. The analogy is the process of onboarding an employee into your company: you send them a company laptop with usernames and passwords. Similarly, you only need to send them an email with the directions to download a company app that has their access credentials ready for smartphone usage whenever they make a trip into the office. 

3. Contactless Process

Access cards often required the visitor to swipe through a card reader or place it face down on a different type of card reader. This process involved contact with surfaces. While this is not a major plot point in the prevention of fatal danger, it can be salient to health standards. 

With a smartphone, on the other hand, you do not always need to make contact with a surface. There are a variety of technologies out there that allow remote and contactless entry.

One such example is near field communication (NFC), which has already been used in access control, due to its ability to operate on low frequency, proximity and provide selective access. NFC devices can also record the access information, time of access, how long the access is granted and other security metrics. This information can be helpful to security professionals and HR managers alike. Other technologies like Bluetooth and Bluetooth Low Energy can also be implemented to arrange a secure and safe protocol through personal area networks (PAN).

4. Complete User Experience

Physical access control systems are often closed systems and have an inability to integrate with other IT infrastructure. But with greater availability of mobile and cloud technologies, the user experience is now superior. Employees and visitors can be notified of any workplace emergencies on their smartphones through the integrated visitor management app. Credentials and other identity information that need to be updated (such as promoted designation, higher clearance, etc.) can be easily undertaken on a mobile phone, which avoids the lengthy process of creating a new card with new credentials.

Mobile phones are also just more valuable to people and are less likely to be lost than a card!

In the world of visitor management systems (VMS) and identity and access management (IAM), it is becoming clearer and clearer that mobile-based credentials have too many advantages to not dominate the future. Smartphones, due to their quality, are conducive to several multi-factor authentication parameters which can only people to feel secure, safe, and efficient over time.

The views in this article are Jagat’s personal and not endorsed by any organization.