With more people working from home—IBM, for instance, has announced that it will be cancelling its leases so that it can make WFH a regular phenomenon—the need for ensuring digital security has increased by leaps.
The pandemic has forced a new normal upon the world, one in which there is large-scale adoption of technology that facilitates work-from-home (WFH). While video-conferencing app Zoom saw a millions of downloads across the world, it was plagued by security breaches that compromised user privacy. It was reported that Zoom’s servers were not safe, and consumer data got leaked on the dark web. But Zoom is hardly alone. Every year, there are reports of social media, mailing services, even dating services, suffering security breaches. With more people working from home—IBM, for instance, has announced that it will be cancelling its leases so that it can make WFH a regular phenomenon—the need for ensuring digital security has increased by leaps.
Banks, in India, are already mandated to carry out security audits. But companies are not mandated to undertake any such exercise. Besides, sections under the IT Act place only a limited liability on companies for data thefts or leaks. Also, the country hardly has tort laws. While mandating periodic security audits, like it is done for banks, may be a good idea, it may not be practicable. But, given the stakes involved, companies should have this. Indeed, one way to ensure companies do this is to have independent security ratings based on security audit data companies make public. Indeed, if digital security is made an element of competition, firms will likely be more enthused about security audits. With so many start-ups in India in the cybersecurity space, these audits may not be too expensive. The government should do this for its digital presence too.