Mitigating Misinformation: Safeguarding MSMEs in the Digital Era
Introduction
Misinformation and disinformation are significant issues in today's digital age. The challenge is not limited to any one sector or industry, and has been seen to affect everyone that deals with data of any sort. In recent times, we have seen a rise in misinformation about all manner of subjects, from product and corporate misinformation to manipulated content about regulatory or policy developments.
Micro, Small, and Medium Enterprises (MSMEs) play an important role in economies, particularly in developing nations, by promoting employment, innovation, and growth. However, in the evolving digital landscape, they also confront tremendous hurdles, such as the dissemination of mis/disinformation which may harm reputations, disrupt businesses, and reduce consumer trust. MSMEs are particularly susceptible since they have minimal resources at their disposal and cannot afford to invest in the kind of talent, technology and training that is needed for a business to be able to protect itself in today’s digital-first ecosystem. Mis/disinformation for MSMEs can arise from internal communications, supply chain partners, social media, competitors, etc. To address these dangers, MSMEs must take proactive steps such as adopting frameworks to counter misinformation and prioritising best practices like digital literacy and training, monitoring and social listening, transparency protocols and robust communication practices.
Assessing the Impact of Misinformation on MSMEs
To assess the impact of misinformation on MSMEs, it is essential to get a full sense of the challenges. To begin with, one must consider the categories of damage which can include financial loss, reputational damage, operational damages, and regulatory noncompliance. Various assessment methodologies can be used to analyze the impact of misinformation, including surveys, interviews, case studies, social media and news data analysis, and risk analysis practices.
Policy Framework and Gaps in Addressing Misinformation
The Digital India Initiative, a flagship program of the Government of India, aims to transform India into a digitally empowered society and knowledge economy. The Information Technology Act, 2000 and the rules made therein govern the technology space and serve as the legal framework for cyber security and data protection. The Bhartiya Nyay Sanhita, 2023 also contains provisions regarding ‘fake news’. The Digital Personal Data Protection Act, 2023 is a brand new law aimed at protecting personal data. Fact-check units (FCUs) are government and private independent bodies that verify claims about government policies, regulations, announcements, and measures. However, these policy measures are not sector-specific and lack specific guidelines, which have limited impact on their awareness initiatives on misinformation and insufficient support structure for MSMEs to verify information and protect themselves.
Recommendations for Countering Misinformation in the MSME Sector
To counter misinformation for MSMEs, recommendations include creating a dedicated Misinformation Helpline, promoting awareness campaigns, creating regulatory support and guidelines, and collaborating with tech platforms and expert organisations for the identification and curbing of misinformation.
Organisational recommendations include the Information Verification Protocols for the consumers of Information for the verification of critical information before acting upon it, engaging in employee training for regular training on the identification and management of misinformation, creating a crisis management plan to deal with misinformation crisis, form collaboration networks with other MSMEs to share verified information and best practices.
Engage with technological solutions like AI and ML tools for the detection and flagging of potential misinformation along with fact-checking tools and engaging with cyber security measures to prevent misinformation via digital channels.
Conclusion: Developing a Vulnerability Assessment Framework for MSMEs
Creating a vulnerability assessment framework for misinformation in Micro, Small, and Medium Enterprises (MSMEs) in India involves several key components which include the understanding of the sources and types of misinformation, assessing the impact on MSMEs, identifying the current policies and gaps, and providing actionable recommendations. The implementation strategy for policies to counter misinformation in the MSME sector can be by starting with pilot programs in key MSME clusters, and stakeholder engagement by involving industry associations, tech companies and government bodies. Initiating a feedback mechanism for constant improvement of the framework and finally, developing a plan to scale successful initiatives across the country.
References
- https://publications.ut-capitole.fr/id/eprint/48849/1/wp_tse_1516.pdf
- https://techinformed.com/how-misinformation-can-impact-businesses/
- https://pib.gov.in/aboutfactchecke.aspx
Related Blogs
Introduction
DDoS – Distributed Denial of Service Attack is one of the cyber-attacks which has been evolving at the fastest pace, the new technologies have created a blanket of vulnerability for the victim which allows the cyber criminals to stay under the radar and keep launching small scale high intensity cyber attacks. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
Op Power Off
In a recent Operation by Law enforcement agencies known as Op Power Off, LEAs from United Kingdom, United States of America, Netherlands, Poland, and Germany joined hands to target the cybergroups committing such large-scale attacks which can paralyse the Internet become inaccessible for a large faction of netizens. The services collectively seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken down had been used to carry out over 30 million attacks. As part of this action, seven administrators have been arrested so far in the United States and the United Kingdom, with further actions planned against the users of these illegal services. International police cooperation was central to the success of this operation as the administrators, users, critical infrastructure, and victims were scattered across the world. Europol’s European Cybercrime Centre coordinated the activities in Europe through its Joint Cybercrime Action Taskforce (J-CAT).
Participating Authorities
- United States: US Department of Justice (US DOJ), Federal Bureau of Investigation (FBI)
- United Kingdom: National Crime Agency (NCA)
- The Netherlands: National High Tech Crime Unit Landelijke Eenheid, Cybercrime team Midden-Nederland, Cybercrime team Noord-Holland and Cybercrime team Den Haag
- Germany: Federal Criminal Police Office (Bundeskriminalamt), Hanover Police Department (Polizeidirektion Hannover), Public Prosecutor’s Office Verden (Staatsanwaltschaft Verden)
- Poland: National Police Cybercrime Bureau (Biuro do Walki z Cyber-przestępczością)
Issue related to DDoS Attacks
DDoS booter services have effectively lowered the entry barrier into cybercrime: for a fee as low as EUR 10, any low-skilled individual can launch DDoS attacks with the click of a button, knocking offline whole websites and networks by barraging them with traffic. The damage they can do to victims can be considerable, crippling businesses financially and depriving people of essential services offered by banks, government institutions, and police forces. Emboldened by perceived anonymity, many young IT enthusiasts get involved in this seemingly low-level crime, unaware of the consequences that such online activities can carry. The influence of toolkits available on the dark net has made it easier for criminals to commit such crimes and at times even get away with it as well.
Recent examples of DDoS Attacks
- In February 2020, Amazon Web Services (AWS) suffered a DDoS attack sophisticated enough to keep its incident response teams occupied for several days also affecting customers worldwide.
- In February 2021, the EXMO Cryptocurrency exchange fell victim to a DDoS attack that rendered the organization inoperable for almost five hours.
- Recently, Australia experienced a significant, sustained, state-sponsored DDoS attack.
- Belgium also became a victim of a DDoS attack that targeted the country’s parliament, police services, and universities.
DDoS vs. DoS Attacks: What’s the Difference?
It’s important to avoid confusing a DDoS (distributed denial of service) attack with a DoS (denial of service) attack. Although only one word separates the two, these attacks vary significantly in nature.
- Strictly defined, a typical DDoS attack manipulates many distributed network devices between the attacker and the victim into waging an unwitting attack, exploiting legitimate behavior.
- A traditional DoS attack doesn’t use multiple, distributed devices, nor does it focus on devices between the attacker and the organization. These attacks also tend not to use multiple internet devices.
Conclusion
In this era of cyberspace, it is of paramount importance to maintain digital safety and security equivalent to physical safety, the cybercriminals will not stop at anything and can stoop to any level to target netizens and critical infrastructures in order to commit ransomware and malware attacks. As we can see DDoS-ing is taken seriously by law enforcement, at all levels of users, and are on the radar of law enforcement, be it a gamer booting out the competition out of a video game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain.
Introduction
Social media has become integral to our lives and livelihood in today’s digital world. Influencers are now strong people who shape trends, views, and consumer behaviour. Influencers have become targets for bad actors aiming to abuse their fame due to their significant internet presence. Unfortunately, account hacking has grown frequently, with significant ramifications for influencers and their followers. Furthermore, the emergence of social media platforms in recent years has opened the way for influencer culture. Influencers exert power over their followers’ ideas, lifestyle choices, and purchase decisions. Influencers and brands frequently collaborate to exploit their reach, resulting in a mutually beneficial environment. As a result, the value of influencer accounts has risen dramatically, attracting the attention of hackers trying to abuse their potential for financial gain or personal advantage.
Instances of recent attacks
Places of worship
The hackers have targeted renowned temples for fulfilling their malicious activities the recent attack happened on The Khautji Shyam Temple, a famous religious institution with enormous cultural and spiritual value for its adherents. It serves as a place of worship, community events, and numerous religious activities. However, since technology has invaded all sectors of life, the temple’s online presence has developed, giving worshippers access to information, virtual darshans (holy viewings), and interactive forums. Unfortunately, this digital growth has also rendered the shrine vulnerable to cyber threats. The hackers hacked the Facebook page twice in the month, demanded donations and hacked the cheques the devotes gave to the trust. The second event happened by posting objectional images on the page and hurting the sentiments of the devotees. The Committee of the temple has filed an FIR under various charges and is also seeking help from the cyber cell.
Social media Influencers
Influencers enjoy a vast online following worldwide, but their presence is limited to the digital space. Hence every video, photo is of importance to them. An incident took place with leading news anchor and reporter Barkha Dutt, where in her youtube channel was hacked into, and all the posts made from the channel were deleted. The hackers also replaced the channel’s logo with Tesla and were streaming a live video on the channel featuring Elon Musk. A similar incident was reported by influencer Tanmay Bhatt, who also lost all the content e had posted on his channel. The hackers use the following methods to con social media influencers:
- Social engineering
- Phishing
- Brute Force Attacks
Such attacks on influencers can cause harm to their reputation, can also cause financial loss, and even lose the trust of the viewers or the followers who follow them, thus further impacting the collaborations.
Safeguards
Social media influencers need to be very careful about their cyber security as their prominent presence is in the online world. The influencers from different platforms should practice the following safeguards to protect themselves and their content better online
Secure your accounts
Protecting your accounts with passphrases or strong passwords is the first step. The best strategy for doing this is to create a passphrase, a phrase only you know. We advise choosing a passphrase with at least four words and 15 characters.
To further secure your accounts, you must enable multi-factor authentication in the second step.
To access your account, a hacker must guess your password and provide a second authentication factor (such as a face scan or fingerprint) that matches yours.
Be careful about who has access
Many social media influencers collaborate with a team to help generate and post content while building their personal brands.
This entails using team members who can write and produce material that influencers can share themselves, according to some of them. In these situations, the influencer is the only person who still has access to the account.
There are more potential weak spots when more people have access. Additionally, it increases the number of ways a password or account access could fall into the hands of a cybercriminal. Only some staff members will be as cautious about password security as you may be.
Stay up-to-date on the threats
What’s the most significant way to combat threats to computer security? Information.
Cybercriminals constantly adapt their methods. It’s crucial to stay informed about these threats and how they can be utilised against you.
But it’s not just threats. Social media platforms and other service providers are likewise changing their offerings to avoid these challenges.
Educate yourself to protect yourself. You can keep one step ahead of the hazards that cybercriminals offer by continuously educating yourself.
Preach cybersecurity
As influencers, cyber security should be preached, no matter your agenda.
This will also enable users to inculcate best practices for digital hygiene.
This will also boost the reporting numbers and increase population awareness, thus eradicating such bad actors from our cyberspace.
Acknowledge the risks
Keeping a blind eye will always hurt the safety aspects, as ignorance always causes issues.
Risks should be kept in mind while creating the digital routine and netiquette
Always inform your users of risk existing and potential risks
Monitor threats
After the acknowledgement, it is essential to monitor threats.
Active lookout for threats will allow you to understand the modus Operandi and the vulnerabilities to avoid criminals
Threats monitoring is also a basic netizens’ responsibility to ensure that the threats are reported as they emerge.
Interpret the data
All cyber nodal agencies release data and trends of cybercrimes, understand the trends and protect your vulnerabilities.
Data interpretation can lead to an early flagging of threats and issues, thus protecting the cyber ecosystem by and large.
Create risk profiles
All influencers should create risk profiles and backup profiles.
This will also help protect one’s data as it can be stored on different profiles.
Risk profiles and having a private profile are essential to safeguard the basic cyber interests of an influencer.
Conclusion
As we go deeper into the digital age, we see more technologies emerging, but along with them, we see a new generation of cyber threats and challenges. The physical, as well as the cyberspace, is now inter twinned and interdependent. Practising basic cyber security practices, hygiene, netiquette, and monitoring best practices will go a long way in protecting the online interests of the Influencers and will impact their followers to engage in best practices thus safeguarding the cyber ecosystem at large.
Introduction
The nation got its first consolidated data protection regulation in the form of the Digital Personal Data Protection Act, 2023, in the month of August, and the Indian netizens got their independence in terms of data protection and privacy. The act lays heavy penalties for non-compliance with the provisions, and the same is under the jurisdiction of a Data Protection Board set up by the Central Government, which enjoys powers equivalent to a civil court. The act upholds the right to data privacy as the fundamental right under Article 19 (1)(A) and 21 of the Constitution of India. The same has been judicially supported in the form of the landmark judgement, Jus. K.S Puttawamy vs. Union of India of 2018. Let us take a look at the impact the act will make on the Indian netizens.
What is Personal Data?
Personal Data refers to any form of digitised data which can be directly replicated by any person. This includes email IDs, mobile numbers, health data, banking data, photos, etc. A person to whom the personal data belongs is called the Data Principle. A Data principle is anyone who is above the age of 18 years and consents to the data of children/minors. In the case of children/minors, it is mandatory for the parents or guardians to provide their express consent for the processing of personal data for all or any purposes. Any individual who is processing personal data is known as the Data Fiduciry, and individuals registered under the act may act as consent managers to make the consent transparent. When it comes to the rights of the netizens, it is seen that the act is created with an aspect of “Safety by Design” to secure the rights and responsibilities of the netizens.
Rights secured under the DPDP Act 2023
- Right to Grievance Redressal: The Data fiduciary and the consent manager are required to respond to the grievances of the Data Principal within a time period, which is soon to be prescribed, thus creating a blanket of responsibility for the data fiduciary and consent manager.
- Right to Nominate: Data Principals have the right to nominate any other individual who shall, in the event of death or incapacity of the data principal, exercise his/her rights.
- Right to access to information: The Data principal has the right to seek confirmation from Data fiduciaries regarding the processing of their personal data and the summary of the processed data as well.
- Right to Erasure and Correction: Data principals can reach out to the data fiduciaries in order to exercise their right to correct, complete, update and erasure of their personal data.
- Territorial Rights: The data is to be processed within India, and processing outside India should be in regard to the services provided in India.
- Material Rights: The rights are applicable to any personal data collected in digitised form and also for the data collected in a non-digital form but subsequently digitised.
Obligations for Data Fiduciaries
The data fiduciaries are mandated to oblige with the following provisions in order to maintain compliance with the laws of the land and by securing the Digital rights of the netizens.
These are the obligations of the data fiduciaries:
- Implement technical and organisational measures to safeguard Personal Data.
- Determine the legal grounds for processing and obtaining consent from Data principals where required.
- Provide a privacy notice while obtaining consent from Data principals.
- Implement a mechanism for data principals to exercise their rights.
- Implement a grievance redressal mechanism for handling the queries from Data principals.
- Irrecoverably delete personal data after the purpose for which it was collected has expired or when the consent has been withdrawn.
- Have a breach management policy to notify the data protection board and the data principals in accordance with prescribed timelines.
- Sign a valid contract with Data processors to ensure key obligations are abided by them, including timely deletion of data.
Conclusion
As the world steps into the digital age, it is pertinent for the governments of the world to come up with efficient and effective legislation to protect cyber rights and responsibilities, but as cyberspace has no boundaries, nations need to work in synergy to protect their cyber interests and netizens. This can only begin once all nations have indigenous Cyber laws and rights to protect netizens, and the same has been addressed by the Indian Government in the form of the Digital Perosnl Data Protection Act, 2023. The future is full of emerging technologies and the evolution of cyber laws; hence, consolidating a basic legal structure now is of utmost importance and the same is expected to be strengthened in India by the soon-to-be-released Draft Digital India Bill.
