The United States of America designates every October as ‘’National
Cyber Security Awareness Month’’ (NCAM). Initiated in 2004, the National
Cybersecurity Awareness Month is a
collaboration between government —the U.S. Department of Homeland Security —
and private industry — the National Cyber Security Alliance, and other
partners. The National Cyber Security Awareness Month campaign is aimed at
raising awareness about the importance of cybersecurity (safeguarding digital
information) and to increase resiliency in the event of an incident. The United
States President, Mr. Donald J. Trump proclaimed the October 2017 National
Cybersecurity Awareness Month a while ago at the White
House. The National Cybersecurity Awareness
Month campaign is now a global call to action. Canada, Europe and other
countries have joined the fray. Africa, nay, Nigeria must take a cue.
The advent of the internet and social media has revolutionized
virtually every facet of our daily life. Incidents of cyberattack, hacking, ramsomware
are commonplace. The inherent danger in cyberattacks is that distance is not a
barrier. A hacker in North Korea can wreak havoc in Nigeria from the comfort of
his bedroom. In September 2017, Equifax Inc., a United States consumer credit
reporting agency says a huge cybersecurity
breach compromised the personal information of as
many as 143 million Americans — almost half the country. Cybercriminals accessed sensitive information -- including
names, social security numbers, birth dates, addresses, and the numbers of some
driver's licenses. Washington Post reported in May 2017, how more than 150 countries were affected by massive
ramsomware cyberattack. Schools, hospitals, vehicle manufacturing, telecommunications,
banks, businesses and other establishments were affected.
 |
| FBI Internet Crime Statistics |
The malware, deployed
in this ransomware cyberattack is known as WanaCrypt0r 2.0, or WannaCry. Also recall
that in 2015, a multinational gang of cybercriminals dubbed “Carbanak’’, infiltrated
more than 100
banks across 30 countries and stole upwards of one billion dollars over a period of roughly two years. Cybercriminals steal more
than £47 million annually through ATM
card cloning (skimming) in the United
Kingdom.
Nigeria's Minister of Communications, Adebayo Shittu
says cybercrime
costs Nigeria N127 billion annually. A recent Kaspersky
Cybersecurity Index estimates that up to 40
percent of people still leave their devices unprotected from online threats. A cybersecurity
special report suggests that ransomware will
worsen due to the increasing penetration and inherent vulnerabilities in
Internet of Things (IoT), medical devices, web cameras, IP Phones, Internet
Protocol (IP) CCTV Cameras, DVRs, SmartHouses or SmartCities, wearables such as
SmartWatches, public Wi-Fi, and proliferation of mobile Apps with
malicious codes, amongst others.
Governments alone cannot curb cyberthreats. All hands must be on
deck! Be #CyberAware! This explains why the
overall theme of the October 2017 cybersecurity awareness month is, ‘’Cybersecurity is a shared responsibility’’.
The United States Department of Homeland Security, DHS, encapsulates
online safety best practices in a catchphrase: STOP.
THINK. CONNECT. The first step is to
STOP: ensure security measures are in place. THINK: about the far-reaching consequences of your actions/online
activities. CONNECT: and enjoy your
devices with more peace of mind. Take heed of the following cybersafety tips,
habits:
1.
Be vigilant against ransomware:
Ransomware cyberattacks has become one of the biggest
cybersecurity threats. Ransomware is coined from - ‘’ransom’’ - money
demanded in return of a captured person or something valuable. Ransomware is
malicious software remotely deployed by cybercriminals (cyber-extortionists) to
encrypt, hold valuable digital information ‘hostage’ until a ransom is paid. A
combination of the following tips will help prevent not just ransomware but
other forms of cyberattacks, data breaches.
2.
Use strong, unique passwords, passcodes
or touch ID features to lock your devices (or use a password manager): Research
says more than half of Internet users choose the same password for everything
they do online. Common passwords such as — ‘’123456’’, ‘’QWERTY’’, ‘’password’’,
amongst others are easy to guess and compromise. Instead of the aforementioned
common passwords, try using multiword phrase or easy to remember sentence (e.g.
I am Passionate About Cybersecurity);
incorporate numbers and special characters such as #@&^. Better still, use
two-factor authentication or a password manager.
3.
Protect your online identity
and security on social media platforms: Social media and messaging platforms -
Twitter, Facebook, LinkedIn, Instagram, WhatsApp, amongst others, have become
intrinsic part of our daily lives. They help us communicate, network, stay
abreast of news and events. Your personal information (date of birth etc.), games
you like to play; your contacts list, your itinerary and location are assets to
cybercriminals. Be wary who gets such data and which Apps harvest such info.
4.
Keep software, Anti-virus, Applications
updated: A cybersecurity rule-of-thumb in securing your personal computer, smart
device is keeping your operating system and all software, Applications up-to-date.
Software updates help patch vulnerabilities.
5.
Secure your Wi-Fi (or use a
VPN): When a Wi-Fi or hotspot connection is not secured properly (weak
password), it can be an Achilles’ heel for hackers to penetrate. If for some
reason you have no choice but to use a public Wi-Fi network (hotspot), ensure you
secure your connection by using a VPN (virtual private network). This will
ensure your data is encrypted.
6.
Should a
suspicious process be detected on your computer or device, promptly turn off
the Internet connection. This is particularly efficient during the early stage
of a cyberattack because the ransomware won’t get the chance to launch a
connection with its remote Command and Control server and thus cannot complete
the encryption process.
7.
Switch off unused
wireless connections, such as Bluetooth or infrared ports.
Cybercriminals can surreptitiously exploit a Bluetooth to launch a cyberattack
or compromise a computer, a mobile device.
8.
Tor (The Onion Router) Internet
Protocol (IP) addresses or gateways are usually the preferred route for ransomware
to communicate with their Command and Control servers. Hence, blockading such
IP addresses may impede a malicious malware from infiltrating.
9.
When in doubt, throw it out: If
an email, link, attachment, social media post, advertisement, picture or video
look suspicious, even if you know the source, it’s best to delete or mark it as
spam. Don’t click or open it! Cybercriminals often conceal ransomware, malwares
on such gimmicks.
10.
Protect your financial
transactions: When banking and shopping, check to be sure the site is security
enabled. A website with “Http://” is not secure. Look for web addresses with
“https://” or “shttp://,” which means the site takes extra measures to help
secure your information.
11.
Avoid logging in to your bank
account with public Wi-Fi, public computers, cyber cafes or public libraries. Hackers
can intercept your information. If you must, ensure there is no key-logger,
clear the internet history or cache after use. Check your bank account balance after
making any transaction online.
 |
| Bank Verification Number BVN Scam |
12.
Type your internet banking URL: It is a safer to type your bank URL in the web browser’s address
bar than clicking on links. Links can be cloned, masked.
13.
Never give out your banking
details: bank verification number (BVN), Pin number, internet banking details
to someone purporting to call from your financial institution. Your bank will
NEVER ask for your confidential information via phone or email.
14.
Back Up You Information/files: Regularly
protect your files, valuable work, music, photos and other digital information
by making an electronic copy and store it safely in an external hard/flash
drive. Backups are useful only if they're created prior to a cyberattack.
15.
Be internet, Social media savvy
and stay current. Keep pace with innovations, new ways to stay safe online:
Check trusted websites for the latest information, and share with friends,
family, and colleagues and encourage them to be web wise.
16.
Think before you act: Be wary
of deals that sound too good to be true or messages that entreat you to act
immediately.
17.
It's a good security practice
to delete software, Apps you no longer use.
18.
Increase the privacy and
security settings on your online and social media platforms.
19.
Share with care: The Golden
Rule applies online, on social media. Think
before posting about yourself and others online. Consider what a post reveals,
who might see it and how it could be perceived now and it’s implication in the
future.
20.
Help fight cybercrime: Report
cybercrimes to law enforcement agencies, establishments such as the National
Information Technology Development Agency (NITDA) Computer Emergency Readiness
and Response Team (CERRT) for assistance regarding ransomware, cyberattack via
telephone (+2348023275039) or e-mail ( support@cerrt.ng).
Recommendation: If you are passionate about security and cybersecurity like
I am and you want to make a difference in the world of cybersafety, join the STOP.THINK.CONNECT campaign. Visit the
Department of Homeland Security, DHS Website or https://stopthinkconnect.org and sign up as an individual or a partner
organization. It’s free! Friends and partners of the campaign receive monthly
newsletter with cyber news, tips, and trends. You can also follow
@STOPTHNKCONNECT and @StaySafeOnline on Twitter for #CyberAware tips.
The
Nigerian government, relevant agencies will do well to formulate and implement
up-to-date national cybersecurity policy, data protection law. Ongoing public cybersecurity
awareness is exigent. Cybersecurity should be part of the primary and secondary
school curricula in Nigeria.
Written by:
© Don Okereke, a
security analyst/consultant, writer, public speaker, is CEO Holistic Security
Background Checks Limited (RC 1407617)
Twitter:
@DonOkereke
October 6, 2017
No comments:
Post a Comment