Safeguarding our data

The Ministry of Communications will host its annual National Cyber Security Awareness Month (NCSAM) from October 1st to October 31st, 2021, through the National Cyber Security Centre (NCSC), an institution tasked with coordinating Ghana’s cyber security development. The month-long program will bring to the forethought leadership sessions, panel discussions, workshops, capacity building, awareness creation efforts among Ghanaians on cyber security and cyber security concerns. In line with the Safer Digital Ghana campaign, The National Cyber Security Awareness Month (NCSAM) will educate the public and businesses on recommended best practices for cyber hygiene. Cybersecurity awareness primarily entails how much end-users know about cyber security threats and dangers, the risk involved, and the best measures to guide their behaviour.

The pandemic is still dragging and covid fatigue is real. We are not out of the woods yet. In recent weeks, there have been reports of a new deadly variant — the delta variant has been reported in 98 countries as of July 2021, and most organizations are considering and settling with remote work. However, the digital life today and accessibility to a plethora of e-services and e-commerce platforms makes us exposed to cybersecurity issues.

There have been concerns in the global IT supply chain regarding critical information infrastructures in the banking, telecommunications, energy, and health sectors. The recent spate of hacking of website and social media accounts of governments and organizations have raised serious insecurity concerns on data privacy, internet governance, and trust. Recently, there has been a ransomware attack on a major US meatpacking plant JBS, an attack on a US largest fuel pipeline, and several reports of phishing of data.

According to the World Economic Forum, Global Risks report 2020 says cyber-crime is expected to reach $6trillion in 2021. The report also suggested that cyber-attacks on critical infrastructure rated the top risk in 2020. Experts are attributing the uptick to how remote working has opened the floodgates for cybercriminals.

Modus operandi of cybercriminals

The operations of cybercriminals have become increasingly sophisticated with their organized and well-coordinated strategies and methods. Cybercrime has also been coupled with threats within the institutions and organizations we work in. Insider threats, in connivance with these cybercriminals, relay important data and information to these criminals.

Our pervasive and boundless digital lives, as well as the diverseness in digital governance effort, end up sharing a lot of personal and professional data with several organizations, online and with third parties. We share a lot of socials and cybercriminals are always surfing, searching for data, plotting, and scheming in silence. This is the psychological web we are caught in.

How do we secure our data?

Securing our data involves integrated and concerted effort from all stakeholders. Companies and institutions may outsource third parties for their cloud storage and remote communication channels so that their employees could keep up with their work from home or remotely. Salient to this conversation is ensuring cybersecurity audits and assessments be done regularly for security to be top-notched. Organizations must enforce two-factor authentication — ensuring two-way factor authentication must be implored as it enhances an organization’s security by requiring users to identify themselves beyond a username and password. Also, implementing content delivery network (CDN) services, and ensuring Distributed Denial of Service (DDoS) mitigation is essential to keeping your data and customer’s data secure.

Training employees in handling data and awareness is key. Many organizations casually overlook this, although it is a pivotal aspect in safeguarding our data. Employee training must also center on the psychology of how cybercriminals operate, handling, and processing of data. Screening of employee’s behavioral patterns must be considered, as reports of insider threats are on the rise.

Closely related to this is how organizations should encourage a healthy separation between work and home life. There should be clear distinguishing policies on how social media and different digital technologies can be used with continuous education and training.

Securing your data and assets involves building awareness internally, being proactive and not reactive, thus putting measures in place to protect and secure your assets from any malicious attack. We must practice securing our data and information with strong passwords, as cybercriminals are getting craftier by the day using advanced hacking tools to crack passwords. We must move away from weak passwords such as 1234, abcd, date of birth. These weak passwords are broken with ease. Even though such weak passwords are easy to remember (the common reason for many users), they should be avoided as it leaves accounts and devices very vulnerable to cyber-attacks.

We can raise our security a notch higher by using a minimum of 8 long character passwords, comprising alphanumeric with a mix of lower and uppercase letters and symbols. Organizations and individuals should practice periodic password changes. This makes it difficult for cybercriminals to break into. Cybersecurity is one tortuous journey and not a destination, a long marathon, and not a sprint. There is no endpoint in this digitally evolving world. As cybercriminals are getting more and more complex, organizations and individuals need to stay ahead of the curve in securing data and information.

 

Author: Osei Manua Kagyah (Member, Institute of ICT Professionals Ghana)

For comments, contact kagyahosei@gmail.com or Mobile: +233247103939