About Privacy and Data Security Don't Just Rely On The Platform, Users Must Be Sensitive

Recently, news about data breach aka data breaches are back on the lips of digital service users in Indonesia. The reason is that the data breach occurred on a platform that is quite massively used, namely on the website E-commerce Tokopedia, and recently it was also reported that Bhinneka had happened.

At the beginning of May 2020, 91 million user data – several parties had proven the validity of the data and were appropriate – were observed being traded on the Dark Web for 73,5 million Rupiah. Only passwords are encrypted, while other information such as names, addresses and contacts can be read with the naked eye. Then a few days ago, a hacker reportedly managed to infiltrate several sites, one of which was Bhinneka with 1,2 million data stolen.

This incident is not the first time, in previous years this cybersecurity issue has also occurred several times revealed to the public.

Regulations are not comprehensive

Beliefs on the protection of privacy and personal data are mentioned in various laws, to be precise at 32 regulations starting from the ITE Law, the Telecommunications Law, the Public Information Disclosure Act, the State Intelligence Law, to the Criminal Procedure Code. The regulations, which are still quite fragmented, have encouraged the government to compile Personal Data Protection Act – Until now its status has reached the President and the DPR, waiting to be reviewed and ratified.

"However, these laws [32 regulations] have not comprehensively regulated the protection of personal data. A comprehensive law is needed as a legal basis in providing protection, regulation and imposition of sanctions for misuse of personal data as regulated," said the Minister of Communication and Informatics. Johnny G Plate.

Regarding the issue of recent data breaches, the Minister of Communication and Information has also provided formal response after meeting with several parties, including Tokopedia and the National Cyber ​​and Crypto Agency (BSSN). "Every attempt to hack data will be followed up so it doesn't interfere with the way" E-commerce," he explained, although no details were disclosed regarding the follow-up plan to be carried out by the government.

Preventive steps from yourself

Actually for digital platforms like E-commerce can seek certification related to information security, for example by obtaining ISO/IEC 27001:2013. However, from the user's point of view, they can also take several preventive steps to reduce potential losses if the system used is successfully compromised.

Here are some simple preventive steps that can be taken:

Perform regular app updates

Various digital applications that are widely used by users are almost certain to experience a continuous development process. Not only about adding features, updates are also often rolled out to improve system performance and security to close the gaps found. For this reason, it is important for users to ensure that the application is always .

Even so for the operating system, it is highly recommended to use the latest version supported by the device. Compared to the intensity application, it is indeed less frequent, but when there is an update it usually provides significant improvisation.

For smartphone users, usually application or operating system updates are carried out automatically if connected to a network Wireless. The user will get an update notification and agree to the update process. But for those who use connectivity mobile devices, generally updates are not done automatically, users need to periodically look at Google Play/App Store or update page in system update section.

Use a different password for each app

This tip is quite tedious for some people, but it's actually a good anticipation in case of a breach in one of the applications used. At a minimum, always distinguish personal account passwords such as email with passwords used for other applications. Email is crucial for recovery needs if an account is successfully taken over by hacker.

Application password manager actually can also help if the user wants to use a different password in each service. Applications store and document their passwords – some applications also make it easier to enter certain services – without having to retype the password. Some examples of password manager apps LastPass or 1Password.

Then, as suggested in every digital security tip, it's highly recommended to use passwords with varying characters. For example by including uppercase letters, lowercase letters, numbers, and symbols. Some applications have a password security level indicator during the registration process.

Enable layered authentication

To increase security, some applications provide Multi-Factor or Two-Step Authentication features. In addition to a password, users can choose the type of security companion, for example using a PIN, SMS token, or biometrics. The latter is also quite recommended for use, especially today's smart phone devices are mostly equipped with fingerprint and facial recognition systems. On average this feature is not activated automatically, users have to set it manually in each application.

More "aware" on the application used

Always use applications from credible developers, especially if the application requires personal data. Because a credible developer will have discipline related to privacy policies and information protection. In addition, it's a good idea as a user to know what the application is accessing from our device – for example, the application in the Play Store always informs in the “Permissions” section about the components of the device accessed by the application.