10:00 - 19:00

Our Opening Hours Mon. - Fri.

9069.666.999

Call Us For Free Consultation

Facebook

Twitter

Linkedin

GPlus

Insider Threats: A Catastrophic Legal Challenge to IT Security Companies | Best Corporate Lawyer Advice for IT Security Companies in India | Technology Lawyer in Delhi NCR | Corporate Lawyer in Delhi NCR |

Best and Experienced Lawyers online in India > Corporate Lawyer  > Insider Threats: A Catastrophic Legal Challenge to IT Security Companies | Best Corporate Lawyer Advice for IT Security Companies in India | Technology Lawyer in Delhi NCR | Corporate Lawyer in Delhi NCR |

Insider Threats: A Catastrophic Legal Challenge to IT Security Companies | Best Corporate Lawyer Advice for IT Security Companies in India | Technology Lawyer in Delhi NCR | Corporate Lawyer in Delhi NCR |

Technology Lawyer in New Delhi | Technology Lawyer in Delhi NCR | Technology Lawyer in Delhi | Technology Lawyer in Noida | Technology Lawyer in Gurugram | Technology Attorney in New Delhi | Technology Attorney in Delhi NCR | Technology Attorney in Delhi | Technology Attorney in Noida | Technology Attorney in Gurugram | Corporate Lawyer in New Delhi | Corporate Lawyer in Delhi NCR | Corporate Lawyer in Delhi | Corporate Lawyer in Noida | Corporate Lawyer in Gurugram | Corporate Attorney in New Delhi | Corporate Attorney in Delhi NCR | Corporate Attorney in Delhi | Corporate Attorney in Noida | Corporate Attorney in Gurugram | IT Lawyer in New Delhi | IT Lawyer in Delhi NCR | IT Lawyer in Delhi | IT Lawyer in Noida | IT Lawyer in Gurugram | IT Attorney in New Delhi | IT Attorney in Delhi NCR | IT Attorney in Delhi | IT Attorney in Noida | IT Attorney in Gurugram |

“The relevance and significance of IT Security Companies in India have risen manifold. The Government of India has also amended and enacted different legislations for corporate laws and IT laws and the IT Security Companies in India have to duly adhere by them. Further, the legal compliances for IT Security Companies in India have also been increased. The biggest challenge which the IT Security Companies in India face is the insider threats and to overcome the same they have to bring stringent checks and balances. Over here we have discussed in detail the applicable laws on IT Security Companies in India and the legal compliances for IT Security Companies in India in detail.

Role of IT Security Companies: Best Corporate Lawyer Advice for IT Security Companies in India
IT security companies granularly exist for the maintenance of the integrity and confidentiality of the users’ classified information. They are responsible for protecting the data on computers and networks from unauthorized access, data breaches and any damages that can happen in order to avoid misuse of information. IT security is often referred to as Cyber security these days and plays a significant role within the government, military, finance companies, IT infrastructure, hospitals and many private businesses as these sectors have a large amount of data stored on their computer systems that demands security. In India, Information Technology Act 2000 defines cybersecurity under Section 2(nb). According to this section cybersecurity refers to the protection of data, devices, computer systems etc. and the data stored in these devices from unauthorized, illegal access to avoid damage and destruction. Sometimes people use the terms “IT security” and “Information Security” interchangeably, however there is a slight difference between these terms in the way that the former deals with securing digital data through computer network security whereas the latter refers to the methods and tools designed to protect the confidential business information from breaches. Some of the specific tasks that the IT security teams perform are:
• They continuously monitor the network and application performance, in order to recognize any irregular activity.
• They perform regular audits to ensure security practices are compliant.
• They deploy endpoint detection and prevention tools to thwart malicious hacks.
• They set up patch management systems to update applications automatically.
• They work with IT operations to set up a shared disaster recovery/business continuity plan.
• They work with HR and other teams with an aim to educate the employees working in the company regarding importance of cybersecurity and methods as how to detect suspicious activity.

As India is gaining reputation in the Information Technology and international arenas, it is progressively becoming a lucrative aim for threat actors as well. These Security threats can bring any big IT security Company to its knees, except the fact that its in-house security team is responsive of them and equipped enough to respond.

The Legal Challenge of Insider Threats to IT Security Companies: Best Corporate Legal Solutions for IT Security Companies in India
Insider threats are those threats which are posed to companies by their employees, either current or former, or by contractors, associates, partners etc. These people have a lot of information about the company’s operations and management and they often misuse this authorized access to networks, applications and databases to intentionally or unintentionally cause damage and disturbance or erase, alter or steal sensitive data. Data at risk of being compromised by insider threats could include personal information relating to employees and customers, intellectual property, commercial records, and particulars about company security controls. The insider threats can be bifurcated into four common types:

• Second Streamers: This term refers to those currently working employees who intentionally misuse confidential information in order to gain additional profits by indulging into fraudulent activities, external collusion or by selling the trade secrets. The cybercriminals often take advantage of these greedy employees and target them by offering huge amounts in return of either confidential credentials of the company or any databases and other information of the big IT security Companies.
• Dissatisfied Employees: This can be any current or former employee who either steal the company’s Intellectual Property or do anything potential that can vandalize the company or disrupt its operations. This can prove to be the high-cost catastrophic threat to any IT security company.
• Inadvertent Employees: These are the people who demonstrate safe and ethical behavior but sometimes they make errors, and every so often they don’t realize their mistakes until it’s too late.
• Constant Unresponsive Employees: These are the persistently non responsive employees, frequently the senior executives who unfortunately keep on being unresponsive to IT security awareness training programs and practices. This sort of conduct makes them susceptible to compromise and are most of the times targeted by social engineering scams like Business Email Compromise (BEC) damages.

In the historic scam of “Pune Citibank MphasiS Call Center Fraud 2005″, a huge amount of US $ 3,50,000 was fraudulently transferred from Citibank accounts of four US customers to certain fake accounts in Pune, via internet. Four employees of a call center who used to work at an outsourcing facility managed and controlled by MphasiS in India, acquired PIN codes from four customers of MphasiS’ client, Citi Group under the pretext of assisting the customers out of problematic situations and later on, used these numbers to commit fraud. By April 2005, the Indian police was notified about the scam by one U.S. bank, and then the police recognized the individuals involved in this scam, without any delays. The Court held that Section 43(a) of the IT act, 2000 which broadly deals with penalty and compensation for damage to computer, computer system, etc. was relevant here due to the nature of unlawful access involved in this matter, to commit transactions.

One more case that is relevant to the challenge of Insider Threats is of Syed Asifuddin and Ors. Vs. State of Andhra Pradesh Crl. Petition Nos. 2601 & 2602 of 2003, wherein the employees of Tata Indicom were detained for alteration of certain ESN number encoded into mobile phones, which was exclusively and entirely franchised to Reliance Infocomm. Ltd. The Andhra Pradesh High Court held that tampering with source code invokes Section 65 of the Information Technology Act.

In SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra CS (OS) 1279 of 2001 is one of the cases of Dissatisfied employees wherein the defendant Jogesh Kwatra was an employee of the Plaintiff’s company. He started sending disparaging, defamatory, loutish and abusive e-mails to his senior employers as well as to different subsidiaries of the said company all around the world in order to defame the company and its Managing Director. This order of Delhi HC assumes great significance because for the first time an Indian Court had jurisdiction in a matter concerning cyber defamation and granted an ex-parte injunction that restricted the Defendant from defaming the Plaintiffs by sending defamatory, offensive and obscene emails either to the Plaintiffs or their Subsidiary Companies.

How can IT Security Companies prevent its Employees or former Employees from committing Cybercrimes and Data Breaches: : Best Corporate Legal Advice for IT Security Companies in India
• If any present or ex-employee of the company carry out any sort of data breach, the company can legally punish them under Section 66A of the Information Technology (IT) Act, 2000 which castigates or imprisons on those who commit computer related offences like damage to computer system or network or steals, hides, devastates or modifies or causes any person to do the same to any computer source code with an intention to cause damage.
• Along with that, for offences like cyberdefamation, forgery etc. by employees, there are provisions in the Indian Penal Code (IPC) of 1860as well under which the accused employees can be charged and punished.
• Moreover, the best alternative is to warn the employees stringently beforehand rather than waiting for the offence to be committed. This can be done with the help of Non-Disclosure-Agreement. When the employees sign a Non-Disclosure Agreement (NDA), they are then legally and absolutely bound with an obligation of not to disclose any data and other relevant information of the companies to third parties beyond the business boundaries. In this way the risks associated with the insider threats can be minimized.
• The IT security Companies can try to limit employees’ access to only those specific resources that they need to do their respective jobs.
• Furthermore, the Companies can make a clause in the employment agreement itself thus making the employees bound to take the training on security awareness provided in the company by professionals before allowing them to access the network.
• The Training professionals must incorporate information regarding unintentional and malevolent insider threat awareness into regular security trainings.
• The companies also have an option to hire contractors or freelancers with temporary short term accounts that terminate on specific dates, like the dates their contracts end.
• IT companies can furthermore ensure installing employee monitoring software that can reduce the risk of data breaches and the theft of intellectual property by identifying careless, disgruntled or malicious insiders.

Conclusion
At present, due to the increasing worldwide usage of internet in each and every aspect of life, cybersecurity alarmingly has become one of the biggest prerequisites for the world as cybersecurity threats are incredibly dangerous to the country’s security as a whole. This is high time that there should be utter awareness among the big businesses as well as the common audience to always update the respective systems and web security settings, use appropriate anti-virus software, monitoring performances of employees regularly to prevent insider threats and also to keep the computer systems and other devices safe from any sort of vulnerabilities.
Authored By: Adv. Anant Sharma & Neha Sharma

No Comments

Leave a Comment

    [recaptcha]