Research Article

A Study of the Legal Redressal Options for Businesses against Online Crimes


Author: Kanishka Choudhary, 3rd year LL.B. student

Abstract

The cyber-world is a virtual world that has expanded at an enormous scale in the past decade. It has provided a platform for trade and commerce for selling and buying goods and services, and through it, the whole world has benefitted and running its businesses across the globe. This trade and commerce over the internet is often referred to as e-commerce, giving consumers a wider choice at competitive rates with easy payment options with more security and prompt delivery options. Also, there has been tremendous improvement in the networking area over the past few years worldwide, as a consumer can enter a virtual marketplace at the convenience of their fingertips. Hence, this platform has offered numerous opportunities to everyone, even living in the remotest places.
However, this platform is not immune to risks involved in trade and commerce under a very complex atmosphere. These online transactions are susceptible to phishing, fraud, invasion of data privacy, stealing personal data, etc. Many other issues and problems are generally faced when the product is not delivered or the product delivered is defective. In other scenarios, consumers don’t fully understand their rights and obligations in the transaction and contract they entered into while making a purchase through the unconventional way of making payment like online banking.
This research paper is a comprehensive study of the nature, types, and categories of cybercrimes and the kind of legal redress available to big corporations and businesses to mitigate the risks of cyber threats and attacks. It also analyses the environment and tries to suggest how to accustom to the current situation and enforce fair practices, information disclosures, privacy and payment protection, consumer education, and dispute resolution by the companies and businesses running online.

Introduction

Cybercrime is a criminal activity that either targets or uses a computer, a computer network, or a networked device. Most, but not all, cybercrimes are committed by those who want to make money. Individuals or organisations carry out cybercrime. There have been rigorous studies and research to understand the true nature, aspects, effects, and prospects of the cyber world and technology, especially regarding the threat it poses to everyone in India. Many efforts have been made to analyse the current legal framework to counter and its control in India.

What is cyber-crime?

Cybercrime means a criminal activity that targets a computer or network of a computer for illegal use. It can be an attack on an individual or an organisation, or even on the government. Cybercriminals or professional hackers usually commit these offences as they want to earn money by illegal means or for other reasons. Many of these criminals are well-organised, use highly advanced techniques, and are technically skilled. Most of these crimes are committed to gain profit in some way, while some do it for personal enmity or political reasons.

Cybercrimes can be broadly put into two heads:
1. Crimes which target the networks or devices through sending viruses, malware, or DoS attacks.
2. Crimes done for participating in illicit activities like phishing emails, sextortion, cyberstalking, and Identity Theft etc.
Categories of Cybercrime
Cybercrime can be further categorised by committing it against an individual, property or the government. The methods and technologies used may vary under different categories.
● Property: It’s a criminal activity that might involve the illegal possession of a person’s personal data like his bank or credit card details and misappropriation of his money by making online purchases or transferring funds elsewhere, or even blackmailing the person. Hackers can do this by using malicious and threatening software to gain access to a page or website with confidential information.

● Individual: It involves the online distribution of malicious, confidential, or private information by hackers. Some typical example of such activities is cyberstalking, cyberbullying, pornography and human trafficking.

● Government: This is not commonly done but is a severe kind of crime. An offence committed against the government is known as cyber terrorism. It includes hacking highly sensitive government data, damaging military websites, or plotting a conspiracy of sedition against the government.
Types of cybercrimes
There are several types of cybercrimes. Some examples are identity theft, email fraud, stealing personal details of the bank or card payment, theft of confidential business or corporate data, extortion mainly by blackmailing, hacking in crypto currency and attack on the government.
Other Related Crimes
● Aiding and Abetting Crimes
There are three essential elements when the crime is aided and abetted against an individual. Firstly, the person who committed the crime, and secondly, the person charged for having knowledge of the crime committed. The last essential element is the person who provides any kind of help or assistance to the actual offender. Persons who come under the ambit of these three criteria would be held accountable. A person who is an accessory to the crime, i.e., has aided or abetted the crime in any way, either before or after its occurrence, would be charged accordingly.
How Can One Protect Himself Against Cybercrime
There are several easy ways in which a person can protect his or her computer from unwanted or unprecedented cyber-attack. The following steps should be taken care of:-
1. Keeping the software and OS updated. It ensures safety, as the latest update secures the computer better than the out-dated one.
2. Installation of antivirus software and keeping it up to date. Kaspersky is one of the best examples, as it is the most used and easy way to protect the system from virus attacks online. The software works as a scanner and detects undesirable elements that can be present in our system.
3. Another easy way is to use stronger passwords so that hackers would not guess the passwords. There are several reputable passwords managing software available online that help to generate a stronger password.
4. One of the easiest ways to protect the system from online attacks is never to open any email with an attachment, especially in the spam. These attachments could be malicious viruses or malware.
5. Never share personal information over the phone or on the internet with anyone as it can be used to misappropriate or steal confidential data.
6. Keeping an eye on the online banking transaction details and statement. Immediately reporting the foul transaction can help identify the thief or secure the account from further fraud.
Cyber Attacks and the Indian economy
Cyber-attacks hinder economic growth and ruin relations with neighbouring countries, leading to a state of lawlessness. The reports predicted India’s economy to grow to $1 trillion within this decade, but unfortunately, this growth could be affected by the adversaries. The Indian Computer Emergency Response reported incidents of cyber-attacks of more than 27,000 till 2017. These cyber-threats are becoming more aggressive and dangerous as India stands as the third-worst affected country among other 100 countries, which clearly reflects how vulnerable the economy becomes because of these crimes. The report suggested that the government should focus on making a better cyber resilient programme. This programme should be adopted within the country’s infrastructure, and equal efforts must be put within the business organisations. The report also recommended that the government should promote and enforce internet service providers to give the internet service free of any computer virus, botnet, or malware.
In a survey conducted in 2018 by researchers of Cisco cyber security, it was revealed that 30% of security professionals stated that they used products from 25 to 50 vendors, and 54% of breaches gravely impacted more than half of their systems. The experts affirm that these kinds of attacks leave a long-term impact on computers considerably and extend and persist for years. It is an intrinsic part of the security to adopt new tools like Artificial Intelligence, highly advanced machine learning, and best strategies to alleviate the risks involved. Another consequence of cyber-attacks is the loss of many jobs across different functions in more than 64 per cent of organisations. The report also included the measures to deal with the cyber threat by the uniform implementation of security techniques and investment in defensive technologies.

Cybercrimes and their impact on business

In the new age doing business comes with the high cost of protecting it from cybercrimes, including protecting IT systems, confidential data, and its investment. Keeping the IP safe is of the utmost importance, including financial information for a successful venture in the long run. With upcoming cutting-edge technologies, cybercriminals have also found new ways to exploit internet users. These crimes directly affect the economic growth of a country, jobs, innovation and investment, etc.
Companies must see and understand that in the present day, business is not immune to cyber risk. According to a study, IP theft makes up at least 25% of the cost of cybercrimes and endangers national security when the information involves military technology. Cybercrimes broadly include IP theft and loss of opportunity, and they both are equally threatening to both the big companies and the small businesses.
● Protection and its costs
Protecting a company from an online data breach or other cyber-crimes costs a lot. Risks have to be identified, and a safer operating procedure has to be followed and requires the installation of software and hardware. In the case of business involved in critical and complex functions, it needs higher security. Hence, they hire a cyber-security consultant for a customised solution to tackle the specific kind of problems. This system is expensive and requires high-end maintenance to ensure that no cyber-attack can stop the business operation or meddle with its functioning.
● Reduction in Sales
The domain is not just limited to cyber thieves now. Cyber activists have emerged in the past years as their main objective is to shut down its online operation and work altogether. Blooming corporates like PayPal and MasterCard have been the victim of such attacks. If a company is more susceptible to online attacks, it puts its customer’s confidence at stake. It loses revenue in the long run as customers decide not to deal with them and find a reliable alternative.
● Damage to intellectual property resulting in the loss of a competitive edge
Cybercrimes and stealing data have a terrible impact on a company’s competitive edge as customer-sensitive information is within its hands. The intellectual property of the business also affects the business ideas, marketing strategies, or expansion plan. The attack on the organisation makes these ideas useless, which directly impacts business growth and revenue profits. If these ideas go into its competitor’s hands, it can severely blow the business.
● Legal Effects
The whole legal battle against cyber attackers and hackers can be a costly pursuit and sometimes a futile one. Companies often end up worrying about their own reputation and fear of becoming a party to the crime as detecting the offence is a difficult task. The companies which provide online financial services can unknowingly become a party to money-related fraud. In case the sensitive and private information of a client is stolen, the company is blamed for such an illicit attack, as a company is considered responsible for enforcing the security procedures and regulations.
● Impact on Operations
Traditional cybercrimes involve spreading viruses and Trojan worm, which can cause a company’s official website to malfunction or its computers to function improperly. Cyber attackers use denial of service attacks which damages and bring the operations to a halt. Installation of antiviruses and regular maintenance can be a costly affair and time-consuming. Still, if not taken seriously, the company can encounter cyber-attacks that can shut down its essential operations. This cyber-attack would imply that the clients, employees, and customers cannot access the company’s website or their private accounts on their official site.
● Other issues
Cybercrime and cyberspace have entirely changed the way business is done in the modern world. Digital security needs proper attention and needs to be worked on to curb cyber offences or attacks. Training of employees is the utmost priority and teaching them all the relevant technical skills and procedures. One must incorporate these skills and cyber intelligence in the smooth running of the business. Hence, preventing and combating cyber threats is a long-term investment for a successful business.

Biggest Data Breach in History

Few incidents of the most significant data breach in history are as follows:-
1. In 2013 October, Adobe reported that an encrypted record of around 3 million customer credit cards was stolen, with login data of an undetermined number of users and customer’s account. It was estimated that about 153 million users were impacted because of this theft. After a thorough investigation of weeks, it was found that the hackers exposed the names, identity, passwords, and also debit/credit card information. The settlement was made, and Adobe made a payment of $1.1 million as legal fees and amount to users, as the breach violated the Customer Records Act.

2. In May 2014, around 145 million users’ encrypted data, passwords, and other personal information saved within the eBay database were exposed. It was reported that the hackers used the credentials of 3 employees for more than 229 days to misuse the database. The customers were asked to change their passwords by the company, but fortunately, credit card information was separately stored, and hackers did not have access to financial data. Everyone highly criticised the company for poor communication with its users and poor handling of the password-changing procedure .

3. In 2018 December, around 162 million user accounts were compromised in one of the most significant data breaches. Dubsmash is a video messaging service involved in breaching the address, names, passwords, and other personal information were at risk, and that data was put up on sale on the dark web market. Even after the investigation, authorities could not determine how the data was breached and the number of affected users.

Prevention of Cyber Attacks on Business

1. Using Multi-Factor Authentication

It is one of the productive methods to stop cyber threats to guarantee that multi-factor authentication has been authorised for all applications that access the internet in the organisation. Password login is not sufficient or safe for employees because when the employee’s password or account is hacked, the hacker can access the organisation’s confidential information. Having a mandatory multi-factor authentication process for logins by every employee will heighten the security level. In this case, the employee will need to provide several kinds of information instead of one. This enhanced security level will make it difficult for any unauthorised person to gain access to organisation systems.

2. Creating vigorous Internal Controls

In an organisation, to refrain from any kind of cyber-attacks, it is essential to have robust and strong internal controls in place. Having access to controls would ensure that all the systems access would also be updated instantly when any employee, contractor, or person within the organisation leaves the office. Hence, it is an essential step to prevent cyber-attacks. An employee who leaves the organisation must be revoked of access to the system. If that access is not withdrawn, a third party could infiltrate the system database. Therefore, controlling and keeping an eye on access to the organisation’s systems ensures more security and can prevent future attacks.

3. Involvement of Third-Party Security

To prevent cyber-attacks and keep the system secure, it is vital to manage a third party who might put the cyber system at risk. Suppose the organisation has a vendor or third parties who might need to access the organization’s system. In that case, it becomes essential to be cognizant of the risks involved and ensure maximum security. To ensure that business is secure, protection should be provided to third-party vulnerabilities.

4. Educating Employees
To improve business security, educating employees is the principal method of keeping cyber security tight. Awareness drive and programmes should be developed according to the organization’s needs and conducted to inform the employees. Regularly, special training should be done within the organisation. Teaching employees about several kinds of cyber-attacks like phishing, malicious malware, etc., would be beneficial.

5. Create Data Backups

Keeping the data backed up is essential for a successful business. A situation may arise where all the data is lost or stolen. Hence, keeping the data backed up would help retrieve all the customers’ and organisation’s data. If data is breached and damaged even after taking all the precautions, this option always proves extremely useful.

6. Keeping systems updated

It is crucial to keep all the organization’s systems updated, as it provides optimum protection. All the latest software should be updated to secure networks from data breaches. Not keeping the systems up to date will make the system more susceptible to cyber vulnerabilities.

7. Installing Antivirus Software
Installing an antivirus is another and final step that can help prevent cyber-attacks and online data breaches. Installing a good and reliable antivirus and firewall can tremendously help to make business affairs more secure. Every computer that is used in the organisation must be installed with the updated antivirus software. Other strategies should also be used simultaneously, along with antivirus security.

Is Cybersecurity Enough To Combat Cyber Threats?

All the businesses to secure them from cyber-attack might need to establish cyber security within their organisation, but its installation is not sufficient to combat such risks. Risk management primarily focuses on safeguarding the organisation through its management and controlling of possible risks involved. But the evolution of cyber security has affected the management approach as it fails to provide the necessary protection. The organisation must consider the potential risk involved and include risk resilience to handle and prevent hacker’s invasion. The cyber resilience programme anticipates uncertainty and cyber threats, which should be an additional measure after the management keeps the security check. An organisation must be well prepared with a comprehensive combating programme and alarmed along with the risk managerial approach.
Even though it is challenging to neutralise the risk involved in cyberspace completely, cyber resilience still helps to recognise the challenges in keeping pace with or predicting the possible critical threats on the internet. After all, this programme or mechanism ensures the company’s safety, sustainability, and success rate.

Organization-understand the Existing Cyber Resilience Assumptions

Businesses’ first and foremost work should be to re-examine the assumptions or predictions the organisation has made regarding the risk factor involved in the internet and adapt their cyber resilience to this new standard. Another point to keep in view is reassessing and rechecking the on-going threats of operating in cyberspace. In the present time, hackers and cybercriminals are technically advanced and use the latest technology, which often has proved difficult for expert professional hackers to crack the code.
It becomes a severe blow on the organisation as they also have to comply with the government’s rules and regulations and conform to the laws. Hence, it all becomes an extra burden on the organisation to keep themselves safe from illicit cyber activities. The cost of all the procedures, like running the investigation, managing and restraining these incidents from happening in the future, is expensive, and eventually, regulators’ demands increase.
The organisation will always face the challenge of information being at risk by the organisation’s people as they are the weakest link in confidential information security. It could be deliberative or unintentional; the organisation will have to face this threat from within.
The law and enforcement are quite behind the speed of technology and are not advanced enough. The responsibility is on the organisation to take additional care of the effect of the cyber threats. Therefore, an organisation can protect itself better than any other organisational help.

Preparing a Team of Cyber Resilience

Cyber resilience needs recognition, and organisations must primarily assess the adverse effects of cyber threats that could possibly happen in the future, as the conventional way of risk management has been proved ineffective at times. Therefore, an organisation must adopt cyber resilience to curb the threat to confidential data.
Also, to be prepared to deal with any future crises, the organisation should develop a crisis management plan that includes applying the method drawn out by the Cyber Resilience Team. This team must be headed by the best professionals with expertise in their particular field, including employees, investors, etc. This team would become the driving force behind cybersecurity initiatives.

Conclusion

No doubt, the internet has broadened the concept of online commerce and businesses, but the fear of cybercrimes will always hover around it. The internet will continue to provide a platform where every person can connect. In the coming years, more and more people will become active participants and will continue to grow. So, the crimes in this sphere will also be persistent and continue to grow, thus being seen as a severe threat.
Cybercriminals will evolve new technologies and find loopholes in cybersecurity to gain unauthorised access and personal data of the users and steal it. This issue can only be solved when the government will come forward with innovative ideas, educate consumers and the general public, and make stringent laws to fight against online crimes. The entities producing software should be regulated and given financial assistance so that more business entities and corporates can install these cyber resilience programs with more robust defence mechanisms in their organisation.
Consumers should also be given proper education about their place and their rights when entering an online platform or online transaction. It will play a significant role in mitigating online fraud and scams.


References

[1] Legal Info (2009), Crime Overview Aiding And Abetting Or Accessory, Available at:

http://www.legalinfo.com/content/criminal‐law/crime‐overview‐aiding‐and‐abetting‐or‐accessory. html

[2] https://news.statetimes.in/impact-of-cyber-crimes-on-indian-economy/

[3] https://news.statetimes.in/impact-of-cyber-crimes-on-indian-economy/

[4] https://www.dailyexcelsior.com/impact-of-cyber-crimes-on-indian-economy/

[5] https://www.csoonline.com/artic le/2130877/the-biggest-data-breaches-of-the-21st-century.html

[6] https://www.businessinsider.in/tech/cyber-thieves-took-data-on-145-million-ebay-customers-by-hacking-3-corporate-employees/articleshow/35630666.cms

[7] https://www.theregister.com/2019/02/11/620_million_hacked_accounts_dark_web/

[8] https://www.wired.com/insights/2014/10/cybercrime-growth-business/

What's your reaction?

Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0

You may also like

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments