Recently, the news of data breach has made the highlight for dozens of digital service users in Indonesia. It is due to the platform where the data breach happens, is e-commerce with massive users, Tokopedia. Also, the latest news comes from Bhinneka.
In early May 2020, 91 million user data – several parties had proven the validity of the data and accordingly – were monitored for sale via the Dark Web for 73.5 million Rupiah. Only passwords are encrypted, while other information such as names, addresses, and contacts can be read with the naked eye. Then a few days ago, a hacker reportedly managed to infiltrate several sites, one of which was Bhinneka with 1.2 million data stolen.
This is not the first time, in previous years the cybersecurity issue has been reported several times to the public.
Incomprehensive Regulation
Regulations regarding the protection of privacy and personal data are mentioned in various laws, precisely in 32 regulations from the ITE Law, the Telecommunications Law, the Public Information Openness Act, the State Intelligence Act, to the Criminal Procedure Code. The fragmented regulation encourages the government to draft a Personal Data Protection Act – until now the status has reached the President and the Parliament, waiting to be reviewed and ratified.
“However, these laws and regulations [32 regulations] are yet to comprehensively regulate the protection of personal data. A comprehensive law is needed as a legal basis in providing protection, regulation and imposition of sanctions for personal data misuse as regulated,” said the Minister of Communication and Information Johnny G. Plate.
Regarding the recent issue of a data breach, the Minister of Communication and Information also gave his formal response after discussion with several parties, including Tokopedia and the national cyber and security agency (BSSN). “Every data hacking effort will be followed up, therefore, not to disrupt the e-commerce operational,” he further explained the details regarding the follow-up plan by the government.
Self-taught preventive steps
In fact, digital platforms such as e-commerce have certification related to information security, for example by getting ISO / IEC 27001: 2013. However, on the user’s side, they can also take several preventive steps to reduce the potential loss if the current system has been hacked.
Here are some simple preventive steps that can be done:
Perform regular application updates
Various digital applications with massive users are almost certain to experience a continuous development process. Not only a matter of adding features but also updates often rolled out to improve system performance and security to close the gaps. For this reason, it is important for users to keep the application up-to-date.
Nevertheless, for the operating system, it is strongly recommended to use the latest version supported by the device. The intensity is indeed not as often as the applications, but an update usually provides significant improvisation.
For smartphone users, application updates or operating system updates are usually done automatically when connected to a WiFi network. The user will get an update notification and approve the update process. However, for those who use mobile connectivity, updates are usually not automatic, users need to look periodically at Google Play / App Store or the update page in the system update section.
Use different passwords on each application
This tip is quite tedious for some people, but actually good anticipation if a data breach occurs in one of the applications. At least, distinguish personal account passwords such as an e-mail with passwords used for other applications. Email is crucial for recovery if an account is successfully taken over by a hacker.
The password manager application can actually help if users want to use a different password for each service. The application saves and records the password it has – some applications also make it easier when you want to login to certain services – without having to retype the password. Some examples of password management applications are LastPass or 1Password.
Then, as suggested in every digital security tips, it is highly targeted to use passwords with varying characters. For example, by including uppercase letters, lowercase letters, numbers, and symbols. Some applications have a password level indicator during the registration process.
Apply multiple authentications
For the sake of increasing security, some applications provide Multi-Factor or Two-Step Authentication features. In addition, users can choose the type of extended security, for example using a PIN, SMS token, or biometrics. The latter is very recommended, especially smartphones today are mostly equipped with fingerprint and facial recognition systems. On average, this feature is not automatically activated, the user must set it up for each application.
Be more aware of application in use
Always use an application from a credible developer, especially if the application requires personal data. Because credible developers will have discipline related to privacy and information protection policies. In addition, it’s good as the user also knows what applications are accessed from our device – for example the applications in the Play Store always informing the “Permission” section about the components of the device accessed by the application.
–
Original article is in Indonesian, translated by Kristin Siagian