Posted inContemporary Law Cyber Law

From Panic To Protection: How Technology Laws And Cybersecurity Practices Could Have Shielded My Account 

From Panic To Protection: How Technology Laws And Cybersecurity Practices Could Have Shielded My Account 

Abstract

Cybersecurity regulations and best practices are essential for safeguarding people and organizations against online attacks because cyberthreats are becoming more complex. In this article, the dangers of phishing, domain spoofing, and data breaches are examined through a personal experience with a dubious email. Key cybersecurity risks are examined, along with how laws like India’s Information Technology Act of 2000 and the General Data Protection Regulation (GDPR) protect digital assets.

The essay also highlights best practices like two-factor authentication, password security, and data breach accountability. Stronger rules and user awareness are crucial in combating cybercrime, as this study highlights by bridging the gap between cybersecurity laws and actual threats.

The Story: A Missed Step And A Close Call.

It was an ordinary day when I received an email from an unfamiliar sender. There was something wrong with the subject line, and it seemed very confusing to me. So, I made a decision to look into it more. I used a popular MX Tool to run the domain after looking carefully through the sender’s email address.

I examined the health of the MX records, which control how email communications are routed for the domain. The finding by me were concerning and alarming to me and I did additional investigation which revealed links to the dark web.

I also read email’s body and I thought it might be a no-reply subscription email or a business promotion. However, given the danger signs I was unable to determine  whether this was a genuine  mail or it was a phishing attempt which meant to steal my private data. Adding to this just after a few minutes my entire phone screen got blank  for few seconds which was even more alarming to me. I got panicked where I  realized this could be a case of domain spoofing, where the attackers impersonate trusted domains to deceive recipients. Then after after a while I became aware of our vulnerability in the digital age, where these cyber threats can be found anywhere on the internet, as a result of this seemingly little incident.

Unmasking Cybersecurity Crimes In The Modern Era.

My encounter with a questionable email is only one example of the various ways cybercrime manifest itself in the current digital environment.These risks take the advantage of the systems we use on a daily basis increase along with our dependence on technology.

Here are some of the most prevalent cyber security crimes:

  • Phishing: One of the most common and dangerous threats, phishing involves cyber criminals posing as trustworthy organizations to deceive people into disclosing private information, such credit card numbers . Commonly utilized tactics include phony emails and websites and even a dishonest phone calls.
  • Domain Spoofing:Using the domain spoofing technique, attackers alter emails or website domain to give the impression that they are from the reputable companies The main objective of the domain spoofing is to obtain the victim’s trust in order to acquire the credentials or further carry out  any attacks
  • Data Breaches:This includes identity theft, financial losses, and damage to one’s or a company’s reputation can result from unauthorized access to sensitive information. Even people are at risk, although high-profile date  breaches frequently draw media attention
  • Dark Web Activity: The dark web functions as a hidden marketplace for the sale and exchange of unlawful goods, services and stolen data. Here, a large number of cybercriminals operate, deceiving authorities by maintaining anonymous

These Cyber threats highlights the requirement of robust cyber security laws and practices to protect individuals and organizations from constant risks

Spotting The Red Flags: Tips To Identify A Phishing Email.

In the modern digital world, phishing emails are most prevalent and hazardous cyber threats. They look to be very legitimate, the remember that certain indicators might help you to recognize and steer clear o them. Some o the essential tips to detect the phishing emails are: 

  • Request For Sensitive Information: Always establish if the request for the sensitive information is reasonable.
  • Attachment Formats: Cyber criminals try to get you to unknowingly install malware, it would most likely be a .zip, .exe or .scr file.
  • Emotional Appeals: They will try to elicit fear or urgency to convince you to act carelessly.
  • Unsolicited Emails: They will ask something or offer you a reward that you didn’t request or initiate.
  • Email sender Domain: Even after evaluating the domain, you can never be 100% sure that the email is authentic.
  • Grammar or odd Phrasing: watch out for grammatical, spelling errors and things that are technically correct, but nobody says.

Cybersecurity Laws: The Hidden Guardian Of Digital Accounts.

My experience is not at all considered to be an usual one. Every day, many people fall victim for all these hacking, unauthorized access and for the data breaches and the most surprising thing is that these data breached could be much easier to prevent. But think what if stronger Cybersecurity laws were in place and better practices were encouraged? My total experience on the issue might have been different. The answer is likely Yes.

To tackle these growing threats of the cybercrime, government around the world have created laws to protect these digital systems and secure data. These laws play a key role in protecting the individuals from the online attacks by setting rules to prevent breaches and enforcing penalties to those who break them.

One of the most well-known examples is the General Data Protection Regulation (GDPR) in the European Union. This was implemented I 2018, the GDPR sets strict rules on the personal data is collected , reserved  and later used, ensuring that the companies take the necessary steps to protect the individual user information. Any Violations of these  regulations can lead to the heavy fine . this encourages the business to prioritize the cyber security.

The cybersecurity laws plays a key role in safeguarding the country’s digital infrastructure in India and protecting citizens from the online threats.. The Information technology Act, 2000 (IT Act) serves as the foundation of Cybersecurity regulations in India.The main objective of this act is to acknowledge the legality of the e-commerce and digital transactions and also evolved to tackle the vulnerable cyber crimes

In India, cyber security laws form a critical part of the legal framework that protects the nation’s digital infrastructure and its citizens from cyber threats. The [i]Information Technology Act, 2000 (IT Act) is the cornerstone of cyber security regulation in India. Enacted to formally acknowledge the legality of digital transactions and online commerce, it has evolved to tackle a range of cybercrime, such as hacking, data theft, and unauthorized access to computer systems.

Key Provisions Of IT Act, 2000

  • Section-66:  This section Addresses cybercrime related to computer hacking. Any person, who destroys or alters the data, or cause damage to computer systems without permission, is punishable with imprisonment up to three years or fine or combination of both penalties
  • Section- 43A:  This clause requires businesses that handle sensitive personal data to put in place suitable security measures. The business can be required t pay the impacted parties if a data breach happens as a result of carelessness. This section complies with international data protection regulations such as GDPR
  • Section 69: For the  sake of National Security, Section 69 gives the government the power to monitor, intercept,or decrypt data on any computer system. But it also brings up issues with privacy rights and the fine line that separates personal freedoms from security
  • Section 72A: Penalties are outlines in this section, for those who illegally reveal information acquired through valid contracts without permission. By guaranteeing that personal information gathered by business is not exploited this  clause preserves privacy

These laws support cybersecurity best practices like encryption, multi-factor authentication, and regular security checks to help create a safer digital space. However, laws alone can’t prevent cybercrime-people must also stay aware and cautious

Along with the IT Act, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information -)Rules, 2011 were introduced. These rules require organizations to protect sensitive personal data

Your Cybersecurity Toolkit: Essential Tips For Every Day Protection.

  • Mandatory two-factor Authentication (2FA).

If there were rigid laws that required platforms like Google to prompt users more frequently to turn on their 2FA then the online security would improve.  Laws like India’s Information Technology Act, 2000 (amended in 2008) focuses on  the protection of personal data, but they need to go further by enforcing more security measures. 

  • Data Breach Accountability. 

The General Data Protection Regulation (GDPR) in the EU makes companies liable for data breaches and requires them to report the any incidents quickly. If my account had been hacked, G mail would have to inform me right away about this thing so that I could secure it before even more harm is done to my account. Stricter enforcement of the rigid laws worldwide would help to prevent  these malpractices and protect millions of users from hacking and data theft 

  • Cybercrime Response .

Had an attack on my account progressed, I would have been forced to depend on legal frameworks such as India’s IT Act, which enables victims of cybercrime to report incidents and obtain support from law enforcement. However, consumers may become susceptible as a result of delayed responses from digital service providers and delays in reporting cybercrime. 

  • Choose strong passwords, change them regularly.

For better security, use strong passwords that are over 12 characters long including punctuation characters and numbers. Use password manager to secure your passwords.

  • Keep sensitive data to the minimum on your device.

Keep only the data you currently need and regularly backup the data to Onedrive on your device.

  • Risk of using free or Public Wi-Fi.

Always use an authenticated service provider. Don’t transmit sensitive information while using free or Public Wi-Fi.

  • Pay attention warnings about pages and websites.

Don’t ignore alerts about potential security risks. Always take caution and exit, if a web page seems unsafe or untrustworthy.

  • Always verify independently.

Manually type Net banking URLs and other online service URLs (like accounting software or government agencies) directly into your browser. Avoid accessing these services through links in emails.

  • Do not ignore system updates.

Regular updates are crucial for improving security and safeguarding systems and data from malicious threats. Regularly update operating system and other application software as soon as they are available.

  • Be suspicious of emails from people you don’t ‘know.

Be cautious with emails originating from external sources claiming to represent a business or government entity, or those with domain errors. Refrain from clicking on links or opening attachments from unfamiliar senders if you haven’t requested the documents from them.

The Symbiotic Relationship Between Cybersecurity And Technology Law.

Cybersecurity laws primary objective is to safeguard the digital systems from the breaches, while this technology law covers a wider range of issues, including data usage, privacy, and intellectual property in the digital world. These two areas are closely linked-the failure of cybersecurity laws often results in privacy and intellectual property violations.

A well-known example is the Facebook-Cambridge Analytical Scandal, where this Cambridge Analytica collected personal data from millions of Facebook users without their  permission. As a result, Facebook faced  major legal and regulatory consequences, not just for violating user privacy but also for not having strong enough cybersecurity measures to prevent the breach

This case reflects on the note that how Cybersecurity laws intersects the technology law. When company fails to protect the data, then they are accountable for not only under the cybersecurity regulations but also under privacy laws, intellectual property rights and also sometimes in the consumer protection laws.

As the technology keeps growing, laws must also keep up and more regulations has to be made. The growing  up the Artificial Intelligence (AI), blockchian, and smart contracts creates new challenges for lawmakers, who need to find a balance between the innovation as well as the security. This highlights the need for the flexible laws that can address both cybersecurity risks and the growing technology advancements.

Conclusion: A Call For Stronger Laws And Vigilance

As technology advances quickly, the cybersecurity laws are becoming more and more important than ever. With new technologies like Internet of Things (IoT) and quantum computing,Cyber-criminals will have more opportunities to attack. This means that global Regulators must Keep up by creating even more stronger laws that not only punish the hackers but also work on preventing the cuber threats

Thinking about my own experience with a suspicious email, I realize that better cybersecurity rules and More awareness could have helped me avoid the confusion and risk I faces. As the cyberthreats keep changing, our defenses must also improve.Laws alone aren’t enough- education , awareness and safe online habits are key to keeping us protected in the digital world

 References

Statutes and Regulations

  • General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.
  • The Information Technology Act, No. 21, Acts of Parliament, 2000 (India).
  • Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (2018).
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Gazette of India.

Cybersecurity Reports and Guidelines

  • National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (2018), available at https://www.nist.gov/cyberframework.
  • Cybersecurity and Infrastructure Security Agency (CISA), Phishing Awareness and Best Practices (2023), available at https://www.cisa.gov.

CASE LAW

  • Facebook, Inc., In re 182 F.T.C. 3109 (2019).

iii Information Technology Act, 2000 (India) (Act No. 21 of 2000)

iv J Wylie, ‘Understanding the Importance of Cyber security Laws’ (2020) 12(3) Journal of cyber Law 54

 v K Johnson, ‘Phishing: How to Protect Yourself from Cyber Threats’ (2023) 18 cyber security Monthly 30

Author: Mallela Harshitha is a BBA LL.B. student at Presidency University, Bangalore.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *