Cybersecurity and Privacy Impact on Older Persons Amid COVID-19: A Socio-Legal Study in Malaysia

Olivia Tan Swee Leng^1*, Rossanne Gale Vergara¹, Nasreen Khan¹, Shereen Khan¹

1 Faculty of Management Multimedia University, Cyberjaya, Malaysia

*Corresponding Author: oliviatan@mmu.edu.my

Accepted: 1 June 2020 | Published: 15 June 2020

_________________________________________________________________________________________

Abstract: The Coronavirus disease 2019 (COVID-19) pandemic continues to cause prevalent issues and risks relating to cybersecurity and data privacy in Malaysia, which should be viewed meticulously and tackled appropriately. Moreover, Malaysia’s ageing population is limited on cybersecurity awareness. The aim of this research is to explore the cybersecurity mindset of Malaysia’s older population and its impact on their well-being. For this purpose, this study used a qualitative methodology aimed at understanding the ageing population’s cybersecurity mindset and developing a supporting policy framework. The issues of concern range from cybercriminals targeting a novice work from home (WFH) workforce with clever phishing scams that prey on victims in an environment of uncertainty.

Vulnerable societies such as persons in the above age 60 population are amongst those targeted for cyber fraud. During the COVID-19 pandemic, older persons in Malaysia are unsure of whether or not they are able to share their personal, financial or medical information under applicable privacy laws. Additionally, older persons are still perplexed on tackling cybersecurity issues such as phishing and malware. The researchers conducted online face-to-face interviews and google form surveys with respondents age 60 and above based on qualitative research methodology. The results indicate that many of the respondents from civil service are aware of cybersecurity, however they are still unsure and lack the actual modus operandi of the cyber criminals.

Keywords: COVID-19, Cybersecurity, Older Persons, Personal Data Protection

_________________________________________________________________________

1. Introduction

According to the 2019 Official Annual Cybercrime Report, global costs in damages due to cybercrimes are predicted to reach USD 6 trillion by 2021 (Crane, 2019). Globalization, rising internet population and borderless trading across the world has open the door for cyber criminals to activate their vices more sophisticatedly. Additionally, Crane (2019) states, “over 90% of successful hacks and data breaches stem from phishing”. This shows that no matter how sophisticated your perceived computer security is, the weakest link to preventing cybercrime are people. Without the awareness of the threats and knowledge on how to avoid or report, these unknowing people are easy targets.

2. Literature Review

The Rise of Cybersecurity Incidents

Cybersecurity incidents in Malaysia have increased since the Movement Control Order (MCO) was implemented on 18 March 2020 by the Malaysian government to stop the spread of COVID-19. The Malaysia Computer Emergency Response Team (MyCERT) incident

report for March 2020 shows an increase of 43% cybercrime related incidents compared to the previous month. The top three incidents reported in March 2020 have all increased compared to the previous month with fraud (798 incidents) or 10% increase, intrusion (125 incidents) or 34% increase, and cyber harassment (58 incidents) or 115% increase (MyCERT, 2020). The increase in cybercrimes is expected to continue during the coming months, as more people are working from home. Due to this situation, fraudulent people will leverage the uncertainty created by the crisis for phishing attempts and other forms of scams.

In order to better prepare for this new cyber environment, the following measures that older persons can take to effectively mitigate these threats are:

a. Awareness that phishing attacks are on the rise during this pandemic and attend training.

b. Awareness of the current cybersecurity policy in terms of handling personal data or information of companies in remote areas i.e. WFH. Sensitive information such as personnel records and financial information stored on or sent to or from remote devices should be subject to heightened safeguards.

c. Ensure that laptops, computers, or smart devices have installed all relevant security patches.

The Use of Data Collection During COVID-19 by Private-Public Corporations

The use of personal data seemingly pushes the bounds of Malaysia privacy laws. Personal data likely is not used in a manner that has been clearly communicated to users and questions have yet to be answered, such as users consent /data user as stipulated under the Personal Data Protection Act 2010.

To illustrate this matter, video recordings from closed-circuit television (CCTV) cameras in public or private areas is subjected to Malaysia’s Personal Data Protection Act 2010 (Act 709). On 14 February 2020, a public consultation paper no. 01/2020- Review of Personal Data Protection Act 2010 was issued by the Personal Data Protection (PDP) Commissioner, which sought to inter alia, “review the transfer of personal data provisions, including whether guidelines on the implementation of cross border data transfer will be issued with regard to the exchange of personal data with an entity located outside Malaysia” (Wong & Liew, 2020).

Other Cybercrime Cases in Malaysia During COVID-19

Malaysians are not safe from cybercrime cases during the COVID-19 pandemic. According to Straits Times (2020), a businessman attempted to purchase facemasks on the internet only to lose RM266,153 (USD61,042). The case is under investigation under Section 420 of the Malaysian Penal Code for cheating. To avoid scammers from profiting unjustly during the pandemic, the Kuala Lumpur City Hall (DBKL) cancelled an order that made it compulsory for facemasks to be used by everyone including customers in supermarkets and restaurants (Lim, 2020). On the global side of incidents, a malware spy system disguised as a version of the legitimate “corona live” application, which provides data from the Johns Hopkins coronavirus tracker of infection rates and deaths was actually facilitating invasions of privacy, such as getting access to the device’s photos, videos, location and camera and recording video and audio without the owner knowing (Ng, 2020).

Having said that, online scammers are known to be quick to exploit the vulnerable, especially during the COVID-19 pandemic, Chen (2020) reported that China’s gamers were the largest group of victims during the country’s coronavirus outbreak, as people turned to mobile games

to alleviate boredom. The victims were scammed to purchase game accounts or game assets at low prices but were actually fake. Although, Malaysia has been actively providing cybersecurity awareness for its citizens from CyberSecurity Malaysia and websites such as Sebenarnya https://sebenarnya.my to check the validity of news to determine whether news passed in social media or the like is fake or not, cyberfraud is still a growing problem.

Cybercriminals have taken this opportunity to engineer their criminal activities for financial gain, which have proliferated during the COVID-19 pandemic.

Cybersecurity and Malaysia’s Older Persons

Malaysia’s status as an ageing nation will soon become a reality when the number of people aged 60 and above is expected to reach more than 7% of the population in 2020 (Department of Statistics Malaysia, 2020). Cyber criminals and fraudsters will always attempt to go after the most vulnerable targets, and not much initiative is being done to protect and educate the elderly who are among those most regularly targeted by online scams. There are more discussions on protecting the online workforce, but as the web-using population ages, an increasing number of older netizens use the internet without much awareness of scam posting. Cyber criminals have always targeted the vulnerable, including the elderly.

However, older generation internet users, especially those deemed wealthy are viewed as easy targets for cyber attackers (Palmer, 2020).

Although the current statics reflect cyber attacks on the general population in Malaysia, there have been reports with older persons targeted in love scams. Since 2015, CyberSecurity Malaysia has reported 61 love scams (Othman, 2020). CyberSecurity Malaysia, says that:

“Scammers initiate a friendship or relationship with the victim online. With so many dating apps today, they have thousands of users at their fingertips and they know some would fall for their scam.” Moreover, “the scammers usually target the older generation, who may be less knowledgeable, and lonely women. They convince these victims to send money or entice them with an expensive parcel delivery” (Othman, 2020).

No one is safe from cybercrime and everyone in the population, especially older persons must be aware of the duality of the cyber environment; with convenience there is the risk of cyber threats. Statistics obtained by CyberSecurity Malaysia on Spam (January to March 2020) show a 93% increase compared to the year before. Furthermore, the total cybercrime incidents reported for January to March 2020 increased by 34% compared to January to March 2019. This increasing trend still show that cyber incidents still pose an issue in Malaysia and the vulnerable population such as the elderly will need to be more aware to prevent themselves from falling victim to cyber attacks.

3. Methodology

Malaysia’s ageing population is limited on cyber security awareness, The aim of this research is to explore the cyber security mindset of Malaysia’s older population and its impact on their well-being. For this purpose, this study used a qualitative methodology aimed at understanding the ageing population’s cybersecurity mindset and developing a supporting policy framework. Data was collected from Malaysian internet users aged 60 and above in the Klang Valley through semi-structured interviews.

On 2nd, 15th and 23rd April 2020, the researchers conducted interviews with older persons via google meet. In conjunction, the researchers conducted cybersecurity awareness webinars, Twenty respondents were selected for this qualitative study with the intention to interview older persons with knowledge in information technology (IT) usage. The interviews

were conducted online for ten minutes per participant and a google survey form was used to record and confirm the findings.

5. Conclusion

The data collected indicated that 55% of the respondents who were retired civil servants are aware of cybersecurity, however they are still unsure and lack the actual modus operandi of the cyber criminals. Furthermore, the older persons interviewed were aware of cybersecurity issues and they are also aware of the current lack of cyber laws protection regarding cybercrimes. Although the respondents are aware of these unprecedented cybercrimes they still use online transactions due to lack of options. The data shows that 67% will still use online transactions, communication and social networking although they are aware it is not fully secure, due to no option but to use basis amid COVID-19. Lastly, 2% of the respondents indicated that they or someone they know in their older persons community have been scammed through cybercrimes be it phishing or malware.

The data collected for this research indicated that many of the older persons interviewed are aware of cybersecurity issues and they are also aware of the current lack of cyber laws protection regarding cybercrimes. It is also quite worrisome knowing that they are aware of these unprecedented cybercrimes and yet they are still using online transaction due to lack of options. This study shows that the older persons in Malaysia are keen to learn about cybersecurity and it is timely that the Malaysia government and community step in to promote awareness and culture of cyber security to all older persons amid COVID-19.

Acknowledgement

This article is published as a requirement of FRGS Grant under the Ministry of Higher Education Malaysia.

References

Chen, C. (2020, March 25). Covid-19: Online game players were top target for scammers during China’s coronavirus lockdown. Star Online. Retrieved from https://www.thestar.com.my/tech/tech-news/2020/03/25/covid-19-online-game-players- were-top-target-for-scammers-during-chinas-coronavirus-lockdown

Crane, C. (2019, September 13). 3 Cyber Fraud Tactics Targeting Seniors And Why They’re

So Effective, Casey Crane. Retrieved from

https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2Cyber021/

Department of Statistics Malaysia (2020). https://www.dosm.gov.my

Lim, I (2020, March 24). DBKL cancels order for mandatory face masks in supermarkets, restaurants; now says only ‘encouraged’. Malay Mail. Retrieved from https://www.malaymail.com/news/malaysia/2020/03/24/dbkl-cancels-order-for-

mandatory-face-masks-in-supermarkets-restaurants-now/1849608

MyCERT (2020). MyCERT Incident Report 2020. Retrieved from https://www.mycert.org.my/portal/statistics-content?menu=b75e037d-6ee3-4d11-8169- 66677d694932&id=14791f5d-b2cf-4ec7-a881-d859c621175c

Ng, A. (2020). Fake Coronavirus Apps Are Really Malware that Stalks You. Retrieved from https://www.cnet.com/news/fake-coronavirus-tracking-apps-are-really-malware-that- stalks-its-users/

Othman, N.Z. (2020, February 14). #TECH: Many lonely hearts are still falling for online

fake lovers. New Straits Times. Retrieved from

https://www.nst.com.my/lifestyle/bots/2020/02/565459/tech-many-lonely-hearts-are- still-falling-online-fake-lovers

Palmer, D. (2020). Cybersecurity: Why more needs to be done to help older people stay safe online. ZDNET. November 12, 2019. https://www.zdnet.com/article/cybersecurity- why-more-needs-to-be-done-to-help-older-people-stay-safe-online/

Personal Data Protection Act 2010

Straits Times (2020, February 20). Coronavirus: Businessman in Malaysia loses S$89,000 to scammer in bid to buy face masks. Straits Times. Retrieved from https://www.straitstimes.com/asia/se-asia/coronavirus-businessman-loses-s89000-in- scam-in-bid-to-buy-face-masks

Wong, P. & Liew, L. (2020, February 7). Data privacy, collection and transfer of employee data – What employers must know amidst the coronavirus (COVID-19) outbreak.

Retrieved from https://www.cnplaw.com/data-privacy-collection-and-transfer-of- employee-data-what-employers-must-know-amidst-the-coronavirus-covid-19-outbreak- cnpupdate-mar2020

World Health Organisation (2020). World Health Organization. Retrieved from https://www.who.int