Monday 9 October 2017

October Is Cybersecurity Awareness Month: 20 Cybersafety Tips, Advice For Nigerians

The United States of America designates every October as ‘’National Cyber Security Awareness Month’’ (NCAM). Initiated in 2004, the National Cybersecurity Awareness Month is a collaboration between government —the U.S. Department of Homeland Security — and private industry — the National Cyber Security Alliance, and other partners. The National Cyber Security Awareness Month campaign is aimed at raising awareness about the importance of cybersecurity (safeguarding digital information) and to increase resiliency in the event of an incident. The United States President, Mr. Donald J. Trump proclaimed the October 2017 National Cybersecurity Awareness Month a while ago at the White House. The National Cybersecurity Awareness Month campaign is now a global call to action. Canada, Europe and other countries have joined the fray. Africa, nay, Nigeria must take a cue.

The advent of the internet and social media has revolutionized virtually every facet of our daily life. Incidents of cyberattack, hacking, ramsomware are commonplace. The inherent danger in cyberattacks is that distance is not a barrier. A hacker in North Korea can wreak havoc in Nigeria from the comfort of his bedroom. In September 2017, Equifax Inc., a United States consumer credit reporting agency says a huge cybersecurity breach compromised the personal information of as many as 143 million Americans — almost half the country. Cybercriminals accessed sensitive information -- including names, social security numbers, birth dates, addresses, and the numbers of some driver's licenses. Washington Post reported in May 2017, how more than 150 countries were affected by massive ramsomware cyberattack. Schools, hospitals, vehicle manufacturing, telecommunications, banks, businesses and other establishments were affected. 
FBI Internet Crime Statistics
The malware, deployed in this ransomware cyberattack is known as WanaCrypt0r 2.0, or WannaCry. Also recall that in 2015, a multinational gang of cybercriminals dubbed “Carbanak’’, infiltrated more than 100 banks across 30 countries and stole upwards of one billion dollars over a period of roughly two years. Cybercriminals steal more than £47 million annually through ATM card cloning (skimming) in the United Kingdom. Nigeria's Minister of Communications, Adebayo Shittu says cybercrime costs Nigeria N127 billion annually. A recent Kaspersky Cybersecurity Index estimates that up to 40 percent of people still leave their devices unprotected from online threats. A cybersecurity special report suggests that ransomware will worsen due to the increasing penetration and inherent vulnerabilities in Internet of Things (IoT), medical devices, web cameras, IP Phones, Internet Protocol (IP) CCTV Cameras, DVRs, SmartHouses or SmartCities, wearables such as SmartWatches, public Wi-Fi, and proliferation of mobile Apps with malicious codes, amongst others.
Governments alone cannot curb cyberthreats. All hands must be on deck! Be #CyberAware! This explains why the overall theme of the October 2017 cybersecurity awareness month is, ‘’Cybersecurity is a shared responsibility’’. The United States Department of Homeland Security, DHS, encapsulates online safety best practices in a catchphrase: STOP. THINK. CONNECT. The first step is to STOP: ensure security measures are in place. THINK: about the far-reaching consequences of your actions/online activities. CONNECT: and enjoy your devices with more peace of mind. Take heed of the following cybersafety tips, habits:

1.     Be vigilant against ransomware: Ransomware cyberattacks has become one of the biggest cybersecurity threats. Ransomware is coined from - ‘’ransom’’ - money demanded in return of a captured person or something valuable. Ransomware is malicious software remotely deployed by cybercriminals (cyber-extortionists) to encrypt, hold valuable digital information ‘hostage’ until a ransom is paid. A combination of the following tips will help prevent not just ransomware but other forms of cyberattacks, data breaches.
2.     Use strong, unique passwords, passcodes or touch ID features to lock your devices (or use a password manager): Research says more than half of Internet users choose the same password for everything they do online. Common passwords such as — ‘’123456’’, ‘’QWERTY’’, ‘’password’’, amongst others are easy to guess and compromise. Instead of the aforementioned common passwords, try using multiword phrase or easy to remember sentence (e.g. I am Passionate About Cybersecurity); incorporate numbers and special characters such as #@&^. Better still, use two-factor authentication or a password manager.

3.     Protect your online identity and security on social media platforms: Social media and messaging platforms - Twitter, Facebook, LinkedIn, Instagram, WhatsApp, amongst others, have become intrinsic part of our daily lives. They help us communicate, network, stay abreast of news and events. Your personal information (date of birth etc.), games you like to play; your contacts list, your itinerary and location are assets to cybercriminals. Be wary who gets such data and which Apps harvest such info.

4.     Keep software, Anti-virus, Applications updated: A cybersecurity rule-of-thumb in securing your personal computer, smart device is keeping your operating system and all software, Applications up-to-date. Software updates help patch vulnerabilities.

5.     Secure your Wi-Fi (or use a VPN): When a Wi-Fi or hotspot connection is not secured properly (weak password), it can be an Achilles’ heel for hackers to penetrate. If for some reason you have no choice but to use a public Wi-Fi network (hotspot), ensure you secure your connection by using a VPN (virtual private network). This will ensure your data is encrypted.

6.     Should a suspicious process be detected on your computer or device, promptly turn off the Internet connection. This is particularly efficient during the early stage of a cyberattack because the ransomware won’t get the chance to launch a connection with its remote Command and Control server and thus cannot complete the encryption process.

7.     Switch off unused wireless connections, such as Bluetooth or infrared ports. Cybercriminals can surreptitiously exploit a Bluetooth to launch a cyberattack or compromise a computer, a mobile device.
8.     Tor (The Onion Router) Internet Protocol (IP) addresses or gateways are usually the preferred route for ransomware to communicate with their Command and Control servers. Hence, blockading such IP addresses may impede a malicious malware from infiltrating.

9.     When in doubt, throw it out: If an email, link, attachment, social media post, advertisement, picture or video look suspicious, even if you know the source, it’s best to delete or mark it as spam. Don’t click or open it! Cybercriminals often conceal ransomware, malwares on such gimmicks.
10.                        Protect your financial transactions: When banking and shopping, check to be sure the site is security enabled. A website with “Http://” is not secure. Look for web addresses with “https://” or “shttp://,” which means the site takes extra measures to help secure your information. 

11.                        Avoid logging in to your bank account with public Wi-Fi, public computers, cyber cafes or public libraries. Hackers can intercept your information. If you must, ensure there is no key-logger, clear the internet history or cache after use. Check your bank account balance after making any transaction online.
Bank Verification Number BVN Scam

12.                        Type your internet banking URL: It is a safer to type your bank URL in the web browser’s address bar than clicking on links. Links can be cloned, masked.
13.                        Never give out your banking details: bank verification number (BVN), Pin number, internet banking details to someone purporting to call from your financial institution. Your bank will NEVER ask for your confidential information via phone or email.
14.                        Back Up You Information/files: Regularly protect your files, valuable work, music, photos and other digital information by making an electronic copy and store it safely in an external hard/flash drive. Backups are useful only if they're created prior to a cyberattack.
15.                        Be internet, Social media savvy and stay current. Keep pace with innovations, new ways to stay safe online: Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
16.                        Think before you act: Be wary of deals that sound too good to be true or messages that entreat you to act immediately.
17.                        It's a good security practice to delete software, Apps you no longer use.
18.                        Increase the privacy and security settings on your online and social media platforms.
19.                        Share with care: The Golden Rule applies online, on social media. Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it could be perceived now and it’s implication in the future.
20.                        Help fight cybercrime: Report cybercrimes to law enforcement agencies, establishments such as the National Information Technology Development Agency (NITDA) Computer Emergency Readiness and Response Team (CERRT) for assistance regarding ransomware, cyberattack via telephone (+2348023275039) or e-mail (

Recommendation: If you are passionate about security and cybersecurity like I am and you want to make a difference in the world of cybersafety, join the STOP.THINK.CONNECT campaign. Visit the Department of Homeland Security, DHS Website or and sign up as an individual or a partner organization. It’s free! Friends and partners of the campaign receive monthly newsletter with cyber news, tips, and trends. You can also follow @STOPTHNKCONNECT and @StaySafeOnline on Twitter for #CyberAware tips. 

The Nigerian government, relevant agencies will do well to formulate and implement up-to-date national cybersecurity policy, data protection law. Ongoing public cybersecurity awareness is exigent. Cybersecurity should be part of the primary and secondary school curricula in Nigeria.

Written by:
© Don Okereke, a security analyst/consultant, writer, public speaker, is CEO Holistic Security Background Checks Limited (RC 1407617)
Twitter: @DonOkereke

October 6, 2017

No comments: