Digital India : What does it mean for my business

Vaishali Bhagwat
AUTHOR
vabhagwat@hotmail.com

The Digital India Programme is a flagship programme of the Indian government with a vision to transform India into a digitally empowered society and knowledge economy. E-Governance initiatives which were citizen-centric started in mid-90s but did not make much impact. India then launched the National e-Governance Plan ( NeGP) in 2006 but despite of successful implementation of many e-Governance projects it did not have the desired impact. The Government of India has now launched the Digital India Program with three primary objectives :(1) Digital Infrastructure as a utility to every citizen, (2) Governance and Services on demand and (3) Digital empowerment of citizens

Digital Infrastructure as a utility to every citizen means the following as per information available on the DeiTY website

Availability of high speed internet as a core utility for delivery of services to citizens
Cradle to digital identity that is unique, lifelong,online and authentically to every citizen
Mobile phone & bank account enabling citizen participation in digital & financial space
Easy access to a Common Service Centre
Shareable private space on a public cloud
Safe and secure cyber-space

Safe and Secure Cyberspace :

The National Cyber Security Policy of India (NCSP) was rolled out on 2nd July 2013 vide a notification from the Ministry of Communications and Information Technology, Department of Electronics and Information Technology (DEITY) which states the long term goal of building a secure and resilient cyberspace for its three main stakeholdersi.e citizens, businesses and government .
While the government works towards building a secure and resilient cyberspace through infrastructure , policy and legislation, it is also the businesses and people who are responsible to build a secure cyber ecosystem so that they can derive benefit from it. So does a business contribute towards building a safe and secure cyberspace? How does a business ensure that it is safe in cyberspace?

The answer today for small business is self-regulation . Businesses that handle sensitive personal data have a mandatory obligation to be complaint with the ISO :27001 Information Security standard .However no such standard has been prescribed for small businesses. Voluntary participation and self regulation amongst businesses to secure its IT infrastructure id dismally low and most businesses resort to some knee-jerk safety practices after they have suffered some loss or damage or damage to reputation due to data theft, data loss, financial fraud or software license infringement actions

Digital India should also mean a safer India to conduct business online. How can you as business ensure and ascertain than. Some countries follow a cyber essentials programs that makes it mandatory for businesses to get
themselves certified as safe businesses. For example if your company is bidding for government contracts which involve handling of sensitive and personal information and providing certain technical products and services, the company has to be certified as cyber safe.

Till we do not have the mandatory regime of cyber certification , you can follow the following 10 steps to cyber security to ascertain that your business is safe and your computer infrastructure is secure . 10 Steps to Cyber Safety in business

1. Information Risk Management : Identify information assets that need protection such as data, intellectual property , designs drawings , source code etc. Identify risks and design and implement a policy to manage it.
2. Secure Configuration : Install firewalls, manage ports , have a clear access policy , remove or disable unnecessary functionality, protect the system from malware
3. Network Security : Connecting to untrusted networks ( such as internet) can expose your organization to cyber attacks. Follow recognised network design principles when configuring perimeter and internal network segments, and ensure all network devices are configured to the secure baseline build. Filter all traffic at the network perimeter so that only traffic required to support your business is allowed, and monitor traffic for unusual or malicious incoming and outgoing activity that could indicate an attack (or attempted attack).
4. User Priviledges : All users of your ICT systems should only be provided with the user privileges that they need to do their job. Control the number of privileged accounts for roles such as system or database administrators, and ensure this type of account is not used for high risk or day-to-day user activities. Monitor user activity.
5. User Education : Produce user security policies that describe acceptable and secure use of your organisation’s ICT systems. These should be formally acknowledged in employment terms and conditions. All users should receive regular training on the cyber risks they face as employees and individuals.
6. Incident Management : Establish an incident response and disaster recovery capability that addresses the full range of incidents that can occur. All incident management plans (including disaster recovery and business continuity) should be regularly tested. Your incident response team may need specialist training across a range of technical and non-technical areas.
7. Malware Prevention : Produce policies that directly address the business processes (such as email, web browsing, removable media and personally owned devices) that are vulnerable to malware. Scan for malware across your organisation and protect all host and client machines with antivirus solutions that will actively scan for malware.
8. Monitoring : Establish a monitoring strategy and develop supporting policies, taking into account previous security incidents and attacks, and your organizations incident management policies.
9. Removable Media : Produce removable media policies that control the use of removable media for the import and export of information. Where the use of removable media is unavoidable, limit the types of media that can be used together with the users, systems, and types of information that can be transferred. Scan all media for malware using a standalone media scanner before any data is imported into your organisation’s system.
10. Home and Mobile : Assess the risks to all types of mobile working (including remote working where the device connects to the corporate network infrastructure) and develop appropriate security policies. Train mobile users on the secure use of their mobile devices for locations they will be working from. Apply the secure baseline build to all types of mobile device used. Protect data-at-rest using encryption.

Software Piracy a major hindrance in security Last but not the least India is plagued with Software Piracy issues. Tough almost everybody thinks that is ok to copy , laws in India against Copyright violation are very stringent and attract penal liability. A Study carried out by Reinig and Plice, 2010 indicates that software piracy is reduced by increase in per capita Gross National Income (GNI) and it further states that one percent increase in the relative size of the country’s IT industry would imply 10% unauthorized software licenses getting converted to authorized licenses.

If as a business you want to enjoy the fruits of Digital India, then you also have a duty to perform, to keep our business IT infrastructure safe and more secure. These 10 simple steps to cyber safety will protect your business from insider threats as well as external attacks and will form a part of the safe and securer cyber eco-system envisaged by the government for the people. Wishing you a safe journey in cyberspace.