Notwithstanding the recent headwinds from Covid-19, India’s largely consistent economic growth for more than a decade has precipitated an unprecedented expansion of financial services in the country. With rising disposable incomes, more and more Indians are accessing banking, insurance and mutual funds, among others.

The advent and penetration of the internet has further simplified these daily financial tasks. However, in an era of inter-connected world of devices with cyber technology at its core, lack of awareness as well as the prevalence of ill-designed or inadequate security systems is always a challenge.

With 160 crore bank account holders, 32.8 crore life insurance and 47.2 crore health insurance policyholders, 2.78 crore registered investors with stock exchanges and 9.26 crore mutual fund accounts, India has a mammoth financial sector.

The sheer scale generating gigantic volumes of data on a continuous basis renders the sector vulnerable to frauds. As such, a large scale cyber security enlightenment drive is the need of the hour.

ALSO READ

Recent data breaches illustrate the risks

Although banks are considered as one of the world's most secure and sophisticated enterprises, banks are becoming a popular target for new-age hackers. Only last year, the RBI had to direct the banks to secure their customer data after reports of 1.3 million credit and debit card data of Indians found to be on sale on the dark net came out.

In another instance back in 2016, 32 lakh debit cards had to be recalled by several banks including State-run SBI on account of data breach. According to the latest RBI report, card and internet frauds, more than doubled to Rs 195 crore in 2019-20 from the previous year. Then last year, Aegon had to investigate a data breach involving 10,000 customers. Then this year, Religare is reported to have faced data leakage of 5 million customers and employees.

The modus operandi of a hacker

In recent times, unscrupulous hackers have evolved ingenious ways using unique and complex arrays of cyber-attacks to get past the ordinary security systems. The hackers are attempting to get hold of sensitive financial information of individuals, either from banking servers or an individual’s personal devices.

Infiltration of smartphonesOne of the ways of extracting a person’s financial information is by infiltrating his smartphone with malicious applications. When a user wishes to use an app requiring access credentials, a data-theft overlay mimicking the desired app user interface gets displayed tricking the user to think that he is clicking on the genuine app.

The unsuspecting user goes on to record the details of his access credentials which now get transferred to the hacker who now also has the app under his control.

Deploying banking Trojans

Going a step further, hackers also embed these fake applications with banking Trojans, such as bank bots’ cabarets pink slips intending to attack banks and stock brokerage firms with an eye on making hacking operations easier. These malware lock users using an Active Directory attack further bolting it up with many login attempts. These bots and Trojans are focused on stealing money from the bank accounts.

PhishingPhishing is another type of attack which involves the hacker sending an email to the victim claiming to be a trusted sender (like a bank or online shop), or by way of setting up fake websites claiming to be genuine.

A banking Trojan is attached to this email. Once the victim downloads it and opens it, the Trojan activates and steals information.

Retargeting real information from dark web using fake pages

Another method entails hackers first buying real account information in bulk quantities from the dark web and then retargeting those accounts using phishing emails. In such a phishing email, disguised hackers request victim to follow some simple procedures on a web page, which has been deliberately set up by hackers for stealing login information and other important credentials.

Macro malware

Hackers also employ what is known as macro malware which is developed using programs like VB Script programming language used for MS-Word and MS-Excel. Legitimate-looking files are usually sent via phishing email which comprises of malware-infected attachments such as CV by job seekers and cover letter reports in the form of MS Word files.

Even as several advanced antivirus programs claim to detect macro viruses, hackers are trying to stay ahead of the game. Now, malware can comfortably hide within a system for a long time that gives hackers ample time to infect the system of users.

ALSO READ

What is the way out?

First, financial institutions must identify micro malware during the initial phase itself with a view to pre-emptively block it. And for individuals, to protect your information and make India’s financial sector secure, some tips are as follows: never open or download any attachments on your device without knowing the context, Invest in a genuine and licensed antivirus software on all your devices, never click suspicious links within an email that claims to contain genuine intimation and abstain from sharing your personal details on social media.

Therefore, in order to mitigate financial risks and to rule out any breach, concerted steps are needed at both macro and micro levels. Banks and financial institutions must invest strategically towards improving cyber security with a view to protect customers as well secure the larger financial architecture of the country. More importantly, ordinary users need to be made aware of these risks.

(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)

India’s most prolific entrepreneurship conference TechSparks is back! With it comes an opportunity for early-stage startups to scale and succeed. Apply for Tech30 and get a chance to get funding of up to Rs 50 lakh and pitch to top investors live online.

Original Source: yourstory.com

It’s five answers to five questions. Here we go…

1. My boss accused me of game-playing and hung up on me

My boss, who is normally pretty chill, yelled at me on a phone call earlier this week and hung up on me (it was just the two of us). It was a tense conversation, but necessarily so because we were trying to figure out how to solve a very difficult, very high-stakes problem. There had been no anger prior to his outburst, which was, “We’re going to have a serious problem, (my name), if you keep playing this game.” I have no clue what that means. I managed to say, “I’m really sorry, I don’t understand what’s happening” before he hung up.

I was shocked and upset and expected him to apologize, but it’s been three days and he hasn’t. I need to understand what happened — I don’t know what he meant by “game” but it’s clearly something that bothers him about me that he hasn’t stated — and frankly I just need acknowledgment from him that it was hurtful and inappropriate, but that doesn’t seem to be forthcoming. Overall there’s a lot about this job that I don’t love and I’m trying to leave in the long-term, but in the meantime, how do I proceed? How do I decide whether to bring it up the next time we talk or do I pretend it never happened? If I do bring it up, how should I go about it?

I think more than an acknowledgement from him that it was hurtful and inappropriate, you need to get to the bottom of what the hell he meant. It sounds like he thinks something is happening that isn’t actually happening, and unraveling that needs to be the bigger priority. I think you have to bring it up — it’s such a bizarre and serious thing to say that you can’t proceed as if it wasn’t said.

I would say this: “When we last talked, you said you thought I was playing a game. I was taken aback because that’s not something I’d ever do, and I’m incredibly concerned that I’ve somehow given you that sense. Can we figure out where we’re seeing this differently?”

Of course, this assumes your boss is at least semi-reasonable. But if this is in character for him and he makes weird accusation toward people on the reg, there might not be a lot to gain by pursuing it. (Even then, though, I still might because sometimes even unreasonable people back down if you calmly express concern about something like this. Not always, but sometimes. So you have to know who you’re dealing with.)

2. Job candidate didn’t turn his camera on

Interested in your take on an interview situation I ran into. I was conducting a video interview the other week, and to my surprise when the candidate logged in they didn’t have a camera. I wasn’t the hiring manager so I don’t know how the set-up for the interview was conveyed. I did ask the candidate if he had a camera and he said he didn’t want to do the interview on his work laptop and he had no other computer. I just rolled with it and conducted the interview as normal, but afterwards I was wondering if I should’ve required a camera? What do you think? Obviously not everyone has the same access to technology. I also hadn’t thought about potential conflicts with using a work laptop. But it ended up feeling more like a phone screen instead of a second round interview as this was.

If he didn’t have a camera, he didn’t have a camera. What could he have done? You shouldn’t penalize people for not having the same access to technology as other candidates. Throw in that you don’t even know if he was asked to use a camera ahead of time, and rolling with it was 100% the right move.

If a video interview is really important to your ability to assess him correctly and he’s still in the running, you can ask him if he has a way to set up a video conversation (giving him advance notice, of course). And there are jobs where it would matter (for example, if he’s applying to be a trainer and you need to physically see him function as a trainer), but there are a lot of jobs where it really wouldn’t. So I’d ask whether you wanted him on video just because that’s what you were expecting and are used to, or whether you actually need it to proceed.

3. Eccentric references

My references have eccentric personalities. I come from the field of education and I’m looking to switch to banking, in a role that focuses much less on things like attendance and grading, obviously, and more on compliance and policy.

I have an interview with a bank. Yay! Will it matter that my references, who are lovely, lovely people, by the way, have more kooky personalities instead of serious/tempered ones, and what if they speak about me more like I’m in an educator role?

You should be fine, at least as long as we’re talking about more run-of-the-mill eccentricities and not something like “he will use four different accents during a 10-minute phone call” or “she will demand to be addressed only in the third person.”

Centering their conversation about you as if you’re still in an educator role will be understandable — the reference-checker will know your job history and the nature of the role where this person worked with you. But it’ll help to remind your references ahead of time about the work you’re applying for now and the specific skills or attributes that you especially want them to focus on. It’s even okay to say, “Something like Skill X or Y won’t be as relevant for this job, but if you could focus on Z, that would really help.”

4. Is it normal to have lots of turnover in your managers?

It seems like a lot of other readers mention years-long job searches to get away from bad managers or having long-standing relationships with good ones. In my experience (large global companies, financial services), managers change pretty regularly due to reorganizations and people joining/leaving the firm. I’ve been at my current company less than two years and am on my third manager. (And I don’t think it’s personal, as at my prior company one objectively excellent colleague had six successive managers in one particularly eventful year.) I read a lot about the importance of “managing up” and adapting to your manager’s communication style, and it seems like a substantial investment of time and emotional energy to create a solid relationship when odds are that it will be relatively short-lived. Is my industry an outlier, or is it normal to get new managers and have to re-build the relationship relatively frequently?

There’s a lot of variation, but in general it’s more common to have managers stick around long-term than to have three managers in two years. It’s very common to have the same manager for three, four, five, or more years. That doesn’t mean people don’t also have shorter-term bosses — they do — but lengthier relationships are pretty normal.

Also, managing up doesn’t normally take a massive investment of time! It’s just about making the pieces of the relationship that you can control go as smoothly as possible, and often expanding your view of what those pieces are. More here.

5. Am I going to get this offer?

I found an alum at a company I’m interested in. Stayed in touch and months later he asked me to interview for a role on his team. I met the three people on his team. Interviews went okay, I guess. A week later, HR reached out to say the alum wanted them to speak with me and to please formally apply online. HR said I am one of very few final candidates and the decision is still being made— no concerns, just each candidate has different strengths and weaknesses. They asked for my salary/bonus expectations, said they could offer me a substantial increase, asked about restrictions on giving notice, asked me if I would accept the job if offered (I said absolutely), and then gave me access to benefits portal with password to view insurance etc.

I’m still waiting on the call with the decision. Odds I have the job? I literally can’t sit still. Wouldn’t it be kinda messed up to give me access to their benefits portal and then not offer me the job?

Well … not really. It makes sense for them to let you review their benefits now so that if they do make you an offer, you’ve already had a chance to review that info and figure out what questions you might have.

I know this is painful and everyone wants a way to read the tea leaves, but there’s no real way to know what your chances are. They could hire someone else, run into a hiring freeze, end up reorganizing and moving someone internal into the role … Or they could hire you! There’s just no way to predict. The absolute best thing you can do is to tell yourself you didn’t get it, put it out of your mind, and let it be a pleasant surprise if you do. Staying antsy doesn’t make the decision come any faster (in fact, it usually makes it feel like it takes longer) — and there’s absolutely no downside to mentally moving on.

You may also like:can you play games on your phone while waiting in the lobby for an interview?should you return a missed call from an interviewer who didn’t leave a message?my coworker keeps demanding I say “please”

my boss accused me of game-playing, eccentric references, and more was originally published by Alison Green on Ask a Manager.

Original Source: askamanager.org