Cyber Risk And Compliance – Relocation Industry in India – An Ikan Advisory
Rohit Kumar
Apr 23, 2020
In 2019, Indians lost 1.2 Trillion rupees to cybercrime and according to a survey about 70 % of Indians are worried that their identity may be stolen. India has recorded 131 million cybercrime victims in 2019 compared to 350 million worldwide and four in ten consumers in India have experienced identity theft and 63 % of such cybercrime victims were impacted financially.
Cyber Risk in India
Cyber Risk is real and it is here to stay. Indian companies need to invest more to ensure protection for their customers. Traditionally Indians have not considered Cyber Risk a major threat and even if they did, it has taken a lower priority due to the absence of proper laws and an effective legal system.
Within our Relocation Industry, we see a considerable transfer of information and data and it is recommended that all relocation service providers should invest in and ensure the bare minimum compliance when it comes to data security and protection of confidential information, especially because our legal system is not geared up and hence Data recipients should and must :
Adhere to a comprehensive security policy and procedures for handling confidential information that addresses secure methods for processing, transmitting and storing confidential information.
Should not disclose confidential information to third parties
Should ensure all systems that contain confidential information are identified.
Ensure information classification and handling procedures are implemented. These procedures must include labelling and handling technique for electronic and paper documents that contain confidential information.
Ensure that all employees who handle confidential information are properly trained to secure information while it is being processed, transmitted or stored.
Conduct background checks on all employees and contractors that will be handling confidential information
Ensure all employees and contractors sign non-disclosures and confidentiality agreements.
Ensure all employees and contractors receive at least annual security awareness training.
Ensure that actions of employees and contractors that have access to confidential information are monitored and logged.
Ensure access is removed immediately when employees and contractors that have access to confidential information are terminated
Compliance tips – raising the bar
In 2014, an IKAN employee actually downloaded the entire database of our clients and handed it over to a new entrant relocation company. Our clients were exposed and their personal data was now in the hands of another. Information like passport numbers, visa numbers, date of birth, family member details and visa expiry information had been handed over. In today’s tough climate of data protection, such an incident could be a death knell for any company.
IKAN learnt its lesson and invested heavily into data protection and cyber security. In fact, in 2018, IKAN ploughed back its entire profits into putting up technology that would ensure protection of our client’s data.
IKAN invested in the DLP ( Data Loss Prevention ) tools to ensure that sensitive data is not lost, misused or accessed by unauthorized users. DLP also provides reporting to meet compliance and auditing requirements and identify areas of weakness and anomalies for forensics and incident reports.
IKAN also put into place a VPN (Virtual Private Network) which is an encrypted connection over the internet from an independent device to a server. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eves dropping on the traffic and allows the user to conduct work remotely, a perfect solution for a work from home environment.
Hence, I am pleased to offer some tips to my fellow members of the Industry which if they were to conform to, they would be able to stand head and shoulders above their competitors.
Take note of GDPR requirements and create processes in accordance.
Appoint Data Protection Officers
Purge Data periodically.
Use shredders in office.
Keep the desk clean and never leave confidential and proprietary information lying around
Protect Whistleblowers
Secure a Global Quality Seal
Create and implement a Data Integrity Policy
Create and implement an Anti-Fraud Policy
Create processes for Protection of Personal Identifiable information or your clients.
Secure an ISO 27001.
Invest in a secure database management system and protect the servers storing the data.
The client data protection controls are very important and, in this process, your personal data will also be protected and be least vulnerable to external attacks.
Butter Chicken: A 40s Baby
Feb 19, 2024
The birthplace of butter chicken can be traced back to Delhi, India, in the late 1940s. Legend has it that the inception of this culinary masterpiece occurred...
Porbandar: The City That Gave Us the Mahatma
Feb 8, 2024
Nestled along the picturesque coastline of Gujarat, India, lies the captivating city of Porbandar. Known for its rich historical heritage, serene beaches, an...
Exploring the Delightful Burmese Dish: Atho
Jan 29, 2024
Burmese cuisine is a tapestry of flavors, blending influences from neighboring countries and creating unique and delightful dishes. One such delicacy that st...