“India has become a mobile-first economy. However, the increased use of smartphones provides opportunities for cybercriminals to hack into mobile phones more easily than before,” says NortonLifeLock’s Ritesh Chopra.
Certainly, India has become a mobile-first economy, where e-commerce segment has adopted a mobile-first strategy for consumers, the traditional business sector has added mobile apps as a key component to its business and growth planning. And even the government sector has emphasized on cashless transactions in a big way via digital and mobile payments.
All these initiatives have played a concrete rôle in making India a digital economy to an extent, however, there’s more to be done in the core area of digital security. There’s an urgent need to spread awareness and educate consumers on digital and mobile security, safeguarding them against cybercrimes and overall strengthening the cybersecurity across the Indian economy.
The lack of digital and mobile security means huge losses to the overall economy in India and hence Indians need to be proactive towards digital security including securing their mobile phones and digital devices with cybersecurity solutions.
In this interview, NortonLifeLock‘s Director Sales and Field Marketing for India & SAARC, Ritesh Chopra talks to TechHerald.in about the increased smartphone usage in India and how cybercriminals are exploiting it, shares some interesting data and tends on security risks linked to Indian consumer behaviours.
Besides, Chopra also discusses security risks and cyber safety aspects linked with the new norm of WFH and shares NortonLifeLock’s key cybersecurity recommendations for the users, which are considered very crucial today amid the on-going pandemic and much more.
Q1. India is among the top markets with a huge number of mobile phones with fast-growing smartphones users base globally. Given this scenario, what is your observation on mobile security aspect among the Indian users?
Ritesh Chopra: India has become a mobile-first economy. Smartphones have become the ‘the window to the world’ and the primary source of entertainment, owing to affordable access to data. People use their smartphones to navigate even daily tasks such as shopping online, tracking their daily food intake, mapping their social calendar, and so on. However, the increased use of smartphones provides opportunities for cybercriminals to hack into mobile phones more easily than before.
While most people have antivirus software for their laptops or PCs, they need to secure all their other devices too, including smartphones, tablets and smartwatches, which are always connected to the internet and which constantly track user activity and data. Cashless transactions, or online payments that have auto-saved transaction details on the smartphone including details such as UPI identity, passwords and PINs, make consumers vulnerable to scams and phishing attacks.
Q2. While Indian consumers are buying expensive smartphones and also spending money on various VAS via mobile apps. But are they willing to buy mobile security solutions to protect their data, information and secure digital transactions along with their devices?
Ritesh Chopra: While consumers today are familiar with smartphone features and value-added mobile services, they don’t quite understand the need for cyber safety solutions on their smartphones.
According to the NortonLifeLock Cyber Security Insights Report (NLCSIR) 2019, while Indian respondents are indeed concerned about the misuse of personal information, they are happy to share such details if they get something in return.
The report also reveals that nearly 39% of the Indian respondents that were surveyed have been victims of identity theft that year. However, the risks in 2020 can be far greater, given the heightened dependence on digital tools and platforms.
Q3. With this on-going global pandemic, more people are using smartphones and computer devices today and WFH (work from home) has become the new norm. So what can you say about the threats and security risks that most consumers or users are facing today?
Ritesh Chopra: In the past few months, the world has witnessed a growing number of vulnerabilities through targeted data breaches. Cybercrime in various forms – identity theft, data breaches, online frauds, and others – is on the rise. The Covid-19 pandemic has changed the way we work, and the concept of “remote working” is gaining popularity. While individuals seek opportunities that allow remote work, they must also equip themselves with cyber safety and data protection tools.
Phones and tablets need as much security protection as PCs and laptops do. We often have a lot of sensitive information on our mobile devices. Ensuring the security of that data is very important. Additionally, it is imperative to know the applications that are downloaded on our mobile devices. Mobile applications have access to not only personal pictures, contacts, and files, but also highly sensitive information such as passwords, and authentication tokens.
Certain apps can enable attackers to mine information from the device in the background, even without the user’s knowledge. Unlike desktop users, smartphone users cannot see the entire URL of the site they are visiting. This unwittingly makes them vulnerable to phishing attacks.
The first step to ensure the security of mobile devices is to know exactly the kind of data that’s being collected by apps – contacts, photos, internet data, call logs, or any other – and how this data is being used. The next important step is to use different, complicated passwords for each app and site.
Users can also have a second layer of protection by choosing a two-factor identification system. Password managers are an effective tool that allows users to store, generate, and manage their passwords for online services. One should update the operating system and the apps, whenever a new version is available. And, lastly, one should never use an unsecured Wi-Fi or Bluetooth connection.
Q4. In India, there’s a lot of emphasizes on digital transactions across the board – from private to government sectors. But there’s not much focus on educating consumers on safety and security aspects linked to digital transactions while using smartphones. Do you agree with this situation? If yes then, how is NortonLifeLock addressing this situation?
Ritesh Chopra: As consumers increasingly access the internet for activities such as paying bills, transferring money, and booking tickets, they need to be aware of potential risks and stay vigilant. Cybercriminals often take advantage of consumers who are lax about cyber safety or those who are easily lured by online sales. NortonLifeLock is trying to help consumers understand how they can take crucial steps to improve their cyber safety.
According to NortonLifeLock Digital Wellness Report 2019, almost 7 in 10 (68%) Indian respondents who make online financial transactions are willing to save their bank details on the websites they trust. Furthermore, while more than 8 in 10 (83%) think that financial fraud and data theft are the biggest risks of online banking, an alarming 80% of respondents think that online payments made on apps and websites are safe.
Now, with the festive season around the corner, it is likely that most people will look to shop online while staying indoors. It is important, therefore, that they pay due attention to cyber safety.
NortonLifeLock recommends the following best practices to make to ensure your cyber safety:
- Use strong passwords: Don’t reuse your passwords across websites and apps. Make them complex; pick a random word that includes a combination of at least 10 letters, numbers, and symbols. Using a password manager to generate complex, unguessable passwords can also help.
- Keep your software updated: Cybercriminals frequently use known exploits or flaws in your software to gain access to your system. Patching those exploits and flaws can make it less likely that you’ll become a cybercrime target.
- Ensure your session is secure: Make sure the shopping site URL begins with “https” or that the browser bar contains the locked padlock symbol or is green. These signs mean that your information is encrypted and therefore harder for a hacker to access. If you’re using a mobile app for banking, be careful to only use legitimate official apps from the financial institution.
- Think before you click: Be on the lookout for phishing efforts and questionable offers. Don’t click on a dubious email or text message links. Don’t open attachments from an unknown source; they might take you to a site that asks you to reveal personal information or puts malware on your device. If you see an attractive offer on an item, ensure that it is from a legitimate retailer.
- Beware of fake websites: Only use sites that you know and trust or have been recommended by people you know. Phoney shopping sites can be hard to distinguish from genuine ones, and even legitimate sites can be hijacked. Check the site address carefully for subtle differences, like minor errors in spelling or grammar.
- Use a full-service internet security suite: Invest in a security suite that offers real-time protection against existing and emerging malware, ransomware and viruses, to protect your private and financial information when you go online.
- Take measures to help protect yourself against identity theft: The best ways to help prevent identity theft include using legitimate sites when shopping online; using a secure network; remaining on the lookout for devices attached to card readers or ATMs, and keeping an eye on your credit card statements and credit reports. You should also take advantage of protection tools such as ID theft alerts and EMV chip debit/credit cards as an extra layer of protection.
Q5. Also, there’s a rise in the usage and adoption of VPN to access the internet, corporate networks, data and applications. So, what has been NortonLifeLock doing on the VPN front to enhance the security for the consumers?
Ritesh Chopra: VPN (Virtual Private Network) was initially meant only for enterprise use but is now also available in security solutions for consumers. A VPN creates an encrypted connection between your device and a server controlled by the VPN company. Online traffic travels through the tunnel, hiding it from your ISP and snoopers on a local network. When your traffic reaches the VPN server, it exits to the internet before making the return trip. However, this effectively puts the VPN in the role of your ISP, in that they can potentially see everything you do online. It’s one of the big concerns about VPNs as an industry.
For example, when you are shopping online, you often see related advertisements pop up on other online platforms even after you have finished browsing through the current website. These ads are monitored at the backend by advertisers and various other groups who have access to data from individual servers.
A VPN can mask the IP address, so your online activities won’t be tracked, and encrypted data gets sent and received online. A VPN can help protect internet connections not only on desktop and laptops but also on mobile devices. Handheld devices can be more vulnerable to open networks, as they tend to connect to a wide variety of networks. A VPN can help protect your connected device against rouge Wi-Fi attacks, evil twin attacks, DNS spoofing, ARP spoofing, HTTPS vulnerabilities, and other such online threats.
Having said that, an unscrupulous VPN provider could eavesdrop on your online activity and sensitive information and sell your information on the dark web to ad agencies or intelligence agencies. So, by using a wrong/poorly secured VPN service, you could still be exposing your data. One should avoid using a free VPN, as it might not guarantee data privacy.
We recently launched Norton 360 in India, with VPN. Some of the plans also offer options for features such as PC SafeCam and Parental Control, which enable parents to monitor their children’s online activities on some devices. This is an important feature because children spend a considerable amount of time online for either learning or playing.
As a result, there is a possibility that they may unknowingly become victims of cybercrime. Tools like Norton 360 with Parental Control help parents let their children use the internet more safely and also teach them good internet habits and precautions.