Enhance digital security awareness for users
What you need to know:
- Using a smartphone for personal social media and also corporate activities carries a higher risk of cyberattack.
- It is important to have a structured means to carry out a cybersecurity training and awareness.
The digital world has no rules.
While the benefits abound, there is a need to be aware of the security implications of using these platforms.
As social media users share their lives with friends and family on the networking platforms, the hosts collect significant information.
They have, consequently, built a picture of what we like, who our friends are, where we work, our age, how we spend our time and so on.
The information is primarily used to create targeted adverts.
Malicious actors, however, use such troves of information to target users and defraud them and even influence their decisions online and offline.
The debacle of Cambridge Analytica has demonstrated how elections are being manipulated using the information users share on social media platforms.
The British company is said to have illegally accessed users’ data from Facebook and ran campaign advertisements in various parts of the world to influence voting preferences.
The proliferation of smartphones and mobile applications has also resulted in the growth of malicious applications.
Leading cybersecurity firm Kaspersky Lab reports that Kenyan users are among the most targeted with 20 per cent of smartphone users in the country hosting malware on their phones.
The report, released in November, has Kenya in the list of top 10 countries attacked by mobile malware.
While at a personal level the damage online is high, it gets worse in the corporate world.
Cybercriminals targeting enterprises and governments are more sophisticated and organised and have vast resources.
Using a smartphone for personal social media and also corporate activities such as accessing company email, carries a higher risk of cyberattack.
According to KnowBe4, a leading information security company that deals with training and awareness, 91 per cent of cyberattacks are aided by users unwittingly being used to channel attacks in institutions.
Aware of the challenge of cybercrime, the Kenyan government has proposed a computer and cybercrime law, whose draft is being debated in Parliament.
The bill proposed fines and penalties for cybercriminals.
However, while this might be a welcome move, the bill has contentious areas.
One is classifying unauthorised disclosure of a password or access code as a significant offence with culprits liable to a fine of up to Sh5 million or spend three years in jail.
This is harsh, especially for users who routinely share their computer credentials.
In the National Youth Service fraud two years ago, a senior officer is alleged to have shared his password, which was later used to initiate fraudulent payments.
How do we make everybody aware of their digital security? Charity begins at home.
Parents should be empowered with tools that can help to provide child-friendly content online.
Also, the Communications Authority of Kenya’s campaign on online child protection is noble.
Cybersecurity awareness should also be included in the school curriculum.
As children are exposed to tablets and other technological innovations, it is important to guide them on how to avoid malicious content online.
That should include dealing with other issues such as cyberbullying, which is becoming increasingly rampant.
At the enterprise level, it is important to have a structured means to carry out a cybersecurity training and awareness.
The Central Bank of Kenya, for instance, has issued guidelines to handle various cyberthreats in the financial sector.
An outstanding component of the guidelines is a requirement for training and awareness for all employees in an organisation.
The firms are also required to carry out the awareness for their clients — which is important since customers are usually the most targeted as fraudsters attempt to access their mobile and online banking platforms.
Mr Bett is a principal cybersecurity consultant, Stract Consulting Ltd. [email protected]