Mobile devices and internet have emerged from being a ‘want’ to a ‘necessity’. In recent months, telecom price wars in India have brought down the cost of high-speed mobile data. At the same time, demonetization has made many consumers become more dependant on their mobile phones to make payments. These two instances alone led to a surge in mobile phone purchases, along with users downloading new apps and signing up for mobile-based payment platforms.
A juxtaposition of these developments has resulted in an explosion in the amount of data or information being posted online.
Reports estimated the approximate number of webpages (around the globe) was a little more than 45 billion in 2016. Millions of social media updates, photos and videos are posted every minute, which reach out to billions of people worldwide. These numbers are bound to increase manifold in 2017. But in many cases, users do not understand the information uploaded online and the legalities involved around their rights related to this information.
Most websites and apps, which seemingly provide ‘free’ sign-up services, are not really free. They typically generate revenue by using personal, behavioural or location-based data of the users to display advertisements directly, or even by selling the data to other companies. These are governed by two factors:
1. The information agreed and submitted through user profiles or posted online; and
2. The terms and conditions governing the collection, storage and usage of data by the company.
Unfortunately, not many users read these often-complicated or even time-consuming terms and conditions (T&C). In reality, all your information that is shared or posted online on ‘free’ websites and apps may not be yours anymore, and could be sold or distributed anywhere. This means, if any of these websites get hacked, all information could possibly be used to hack your own data. If compromised, mobile devices could become a single point of failure—as we use these for almost everything from booking cabs, making payments, taking photos, browsing internet, checking our social media accounts, emails and even online banking. Also, most of the banking and payment apps use the ‘one-time password’ feature, which again comes to the same mobile device.
Cyber-criminals have shifted focus and have now started targeting consumer mobile devices, together with data obtained from breaches at various free or paid websites. Mobile-based malware or spyware have also been on rise. These have the capability to automatically switch on the phone’s microphone, at hackers’ discretion, read your messages and even track your location. Recent reports of security leaks at global organizations have exposed the extent to which online activities of users could possibly be tracked. Here are certain steps that could be taken to safeguard consumers’ digital existence:
* Use passwords, pattern or numeric PINs to lock your phone.
* Do not install applications directly by downloading installation files. Install applications only from trusted stores.
* Keep your operating system up-to-date. Update apps regularly, as and when updates are released.
* Do not remain logged in on your mobile devices. Log out of the accounts after payments are completed.
*Do not keep you Bluetooth and WiFi on when not in use. Do not use unknown or public WiFi hotspots.
* Encrypt your device to protect from external theft of data.
* Use paid options for critical online services and make an effort to read the T&Cs to understand your data privacy.
* Think twice before posting any data online.
* Use unique and complex passwords on different websites and digital apps.
It is prudent to revamp your digital existence at least twice a year, as it will help keep your information safe, without it being a stressful exercise.
Amit Jaju is executive director, fraud investigation and dispute services, EY India.