Theft of five notebook PCs on a
single day from the parking lot of Delhi based Nehru Place, India's one of the
biggest IT products and components sales hub did not make news in the mainstream
newspapers. There are much bigger crimes happening in the city. However, the
news item reminded me of a similar experience my friend had, and the pain that
followed. The news clearly indicated that police were dilly-dallying in
registering an FIR about the crime.
In fact, I am aware of another case that happened a few weeks back, where the
head of sales of a leading oil company lost his notebook from the hotel. He was
unable to file an FIR, and back in his office, his CIO could not do much but
give him a new notebook. The entire database of his retailers, company's
quarter-wise retail sales plans, incentive schemes and policies for fields sales
personnel as well as retailers, confidential letters with his suppliers on
pricing were lost. He was sure that it was a hotel employee who had stolen the
notebook, and with quick action the notebook would have surely been recovered.
He had back-ups, but he kept praying to God that the data doesnot land up in the
wrong hands.
Industry associations should work with the home ministry, the CIOs and insurance companies to find solutions for safety of portable devices |
About two years ago, my friend was driving home after work, and took a brief
stop at a market to pick up some stuff. He was back to his car within a few
minutes, and found that his car had been broken into and the notebook was
missing. He straightaway went to the nearest police station to register an FIR.
The policeman on duty refused. My friend tried in vain to tell him that more
than the machine, the information on it was much more valuable. Therefore it was
important that some action must be taken to try and recover the laptop. There
was no way he could convince the policeman. It was only the next day evening
that very grudgingly the police registered a complaint, and not an FIR.
To his dismay my dear friend also discovered that back in office neither the
admin manager nor the CIO knew much about insurance of laptops. They both were
under this vague impression that insurance for laptops is a very cumbersome
process and most insurance companies do not insure notebooks. And whoever does,
the premium is very high. Not worth the hassle, was their response.
Nothing much has changed, really, in the last three years. Despite so much
that is said to be happening about IT security and eGovernance, the ground
reality is a little different. I think, whether it is the policeman or the CIO,
the value of data and information is still not very high. All the articles in
the newspapers and magazines, and the conferences and workshops on the
criticality of information security are yet to make an impact.
Industry associations are taking up causes of duty rates, manufacturing
policies, and piracy. It is high time they also tried to exert influence on some
of these problems. NASSCOM and MAIT should make representations to the home
ministry that a notebook theft case must be registered within a fixed maximum
time. These industry associations must come out with awareness programs for the
CIOs encouraging them to have strong security and insurance policies, especially
as usage of mobile and portable gadgets goes up. It is important that CIOs run a
crash course for their internal users on the “Do's and Don't's” for
portable gadget users. Industry associations can also attempt to involve
insurance companies-themselves, one of the biggest users of IT-and make them
see value in insuring laptops.
It is understandable if in remote towns policemen do not understand and
respond to such theft cases. But what is appalling is that all the instances
mentioned above took place in Delhi, Bangalore and Gurgaon-the shining
examples of Indian IT. The industry, the users as well as the Government need to
address this on a priority basis.