ISACA is a worldwide association that is focused on IT governance. Known as Information Systems Audit and Control Association, it is more popular as ISACA. GCS Sarma, president of ISACA’s Hyderabad chapter, tells Telangana Today that a little care taken while using a computer or a mobile device can help in thwarting cyber attacks. Excerpts:

Key risks

Many attackers target data and hold it to ransom. This can result in heavy financial losses. Apps, song downloads and click baits are among the common channels for launching attacks. It is prudent to use two-factor authentication wherever possible. This will ensure that you at least have some control over the devices.

Purchases

People tend to overlook the safety aspects. It is always safe to buy licensed software with proper malware protection. While the initial costs are slightly higher compared to a pirated edition, in the long run it is prudent to have a licensed version. While doing financial transactions, it is safe to close all other windows.

Attacks

There can be phishing attacks. In this, the targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information (PIN), banking and credit card details, and passwords. These will be used for unauthorised transactions. Then there could be skimming where the contents of a mail or a credit card are captured and used fraudulently. There could also be SIM swapping, where the caller offers to upgrade the services offered by telecom operators. Once the details are presented, the same are used to authenticate unauthorised transactions.

Biometrics

There have been cases of fingerprints being cloned on to an external object and used to swipe in and out at offices. There have been such instances in a civic authority and a college as well in Hyderabad.

OTP

India uses OTP while US does not. It implies that there is not enough awareness on the safety practices. We tend to share our OTPs, passwords, CVV number with our dear ones over phone. This is not safe.

