No matter how advanced an organisation’s defences may be, one careless click on a phishing email or an unsecured USB stick can bring an entire system to its knees.

Welcome to the era of the human firewall, where people, not just technology, determine whether Nigeria’s cybersecurity fight will be won or lost.

The Stakes Are High

Nigeria’s digital transformation has accelerated across the public and private sectors. From e-governance platforms to cloud-based financial systems, almost every aspect of national life now relies on interconnected networks. But with this progress comes vulnerability. 

Studies have shown that human error accounts for over 80% of cybersecurity incidents globally, and Nigeria is no exception. A 2022 study on Kaduna State’s e-government system revealed that poor employee awareness was a major cause of vulnerabilities in the public sector. 

Similarly, the National Information Technology Development Agency (NITDA) has consistently identified low awareness and inadequate expertise among civil servants as critical barriers to national cybersecurity readiness.

In essence, Nigeria’s digital progress is moving faster than the people who must safeguard it.

What Does “The Human Firewall” Really Mean?

The term human firewall refers to employees who act as the first line of defence against cyber threats through awareness, vigilance, and sound security behaviour. It’s not about replacing technology but complementing it with smarter human actions. 

A strong cybersecurity human firewall is built when employees can:

• Detect suspicious emails or phishing attempts.
• Use strong, unique passwords and enable multi-factor authentication.
• Secure their devices, especially when working remotely.
• Report anomalies promptly to IT or security teams.

Unfortunately, many organisations in Nigeria still underestimate this role. Cybersecurity awareness is often treated as a one-time training exercise instead of a continuous, embedded culture.

Why Nigerian Organisations Struggle

There are several reasons Nigeria continues to struggle with building strong human firewalls:

1. Low Training Budgets: Many organisations, especially in the public sector, allocate minimal resources for cybersecurity training.
2. Legacy Systems: Outdated technology and a lack of automation make it difficult to enforce consistent security controls.
3. Cultural Gaps: Hierarchical work environments discourage junior staff from reporting incidents or questioning suspicious communications.
4. Regulatory Gaps: While NITDA and CSEAN have made progress in promoting awareness, implementation at the agency level remains inconsistent.

In short, Nigeria’s problem isn’t a lack of frameworks; it’s a lack of practical, human-centred execution.

The Link Between Awareness and Infrastructure

Even the most advanced DevOps or IT infrastructure can be undone by one untrained user.
Imagine a secure cloud deployment whose administrator stores passwords in plaintext or neglects patching because they “don’t want to break anything.” 

That single act can bypass millions in security investment. The same applies in government: a public officer who clicks on a malicious link can inadvertently open the door to a national data breach.

True infrastructure resilience isn’t just about redundant servers or zero-trust networks; it’s about human reliability. DevOps teams and system administrators must work with cybersecurity units to create a culture where awareness and infrastructure security go hand-in-hand.

How to Build a Strong Human Firewall

For Nigeria to strengthen its cybersecurity posture, organisations, both public and private, must begin to treat employees as part of the security system. Here’s how:

1. Continuous Training: Awareness campaigns must be regular, interactive, and relevant to real-world scenarios like phishing and social engineering.
2. Security Champions: Identify and empower individuals within departments to advocate for security best practices.
3. Embed Awareness in KPIs: Security should form part of employee performance evaluations.
4. Simulate Threats: Conduct controlled phishing simulations to gauge and improve awareness.
5. Promote a Reporting Culture: Encourage openness and immediate reporting of suspicious incidents without fear of blame.
6. Leadership Involvement: When executives model secure behaviour, it trickles down to all staff.

The Road Ahead

Technology alone won’t save Nigeria from cyberattacks; awareness will. The best cybersecurity system is useless if the people operating it are unaware of the threats they face. The real firewall is not in a server room; it’s in the minds of employees who understand that every click, every password, and every email matters.

If Nigeria hopes to secure its digital future, the human firewall must be prioritised in both public and private sectors, because cybersecurity is no longer the sole responsibility of IT teams; it’s a shared national responsibility.

The call comes as part of activities marking the 2025 National Cyber Security Awareness Month.

With technology now part of everyday life, including mobile banking and social communication, among others, NITDA says awareness and personal discipline are essential in preventing cyber incidents that target unsuspecting users. 

The agency warned that while Nigeria’s digital economy grows, the risks grow with it, and citizens must adopt habits that make them less vulnerable to hackers and online fraud.

According to NITDA, simple habits can make a significant difference in keeping individuals safe online. These include using strong and unique passwords, enabling two-factor authentication, updating software regularly, and backing up important data. 

The agency also cautioned against opening links or attachments from unknown sources and advised people to think twice before sharing personal or financial details online.

This year’s theme, “Cyber Hygiene for a Safer Tomorrow,” reinforces the idea that cyber safety is not limited to individual behaviour. It is a shared responsibility that, when collectively observed, helps protect families, workplaces, and the wider digital community.

“Cyber hygiene is not only a personal responsibility but a collective effort. When individuals protect themselves, they also safeguard their families, workplaces, and the broader digital community,” the agency stated.

NITDA’s warning comes as more cyber incidents target both private citizens and organisations across Nigeria. The agency noted that strengthening cyber hygiene is indispensable in building a secure and resilient digital nation.

As part of its cyber safety campaign, NITDA urged Nigerians to “stay alert, click wisely, and stay safe online,” reminding everyone that cybersecurity starts with individual action.

The statement was signed by Mrs. Hadiza Umar, director of Corporate Communications and Media Relations at NITDA.

Unfortunately, with the arbitrary evolution of cyber threats, developers are now expected to integrate cyber hygiene in their thought processes.

I mean to imply the day-to-day practices that protect codes, systems, and data from breaches. Just as good personal hygiene keeps an individual healthy, cyber hygiene ensures the health and security of the digital environments that we build and maintain.

Over the years, I have found that often it is these small, consistent practices that make a tremendous difference in shielding properly secure information from vulnerabilities.

One of the most important practices of cyber hygiene is keeping the software up to date along with its dependencies.

Outdated libraries, frameworks, and tools constitute typical entry points for attackers. Routine updates to your source control and third-party packages shield you from known risks.

Tools such as Dependabot or Snyk, which notify about updates and security patches, can automate this process.

For example, an outdated library proved a critical vulnerability on one of our projects. We started automating some dependency checks in our workflow in response to this kind of concern.

Good password management is another pillar of cyber hygiene. Weak or reused passwords pose excessive risks, especially when getting control access to version control systems, cloud platforms, or development tools.

Password managers can significantly lessen this risk, making sure the password manager generates strong, random passwords and securely saves them. Meanwhile, having multi-factor authentication (MFA) further secures access and nullifies unauthorised access even in situations when the password might have been compromised.

Next to that, secure coding practices are equally important. The fundamental aspects of secure code, such as input validation, data sanitisation, or avoiding hard coded credentials, protect against SQL injection or cross-site scripting (XSS).

For instance, in a recent project where we introduced input validation as a secure coding practice, we prevented an injection of malicious data that would otherwise have exploited vulnerabilities in our application. When developers embrace secure coding from the outset, it fortifies the system they build with security in mind.

Another crucial practice is regular backup. Any data can get lost through either accidental deletion, ransomware attack, or hardware failure, these minimal impacts can easily be counter-mitigated through a proper  backup scheme.

It is always best practice to automate the backing up of all critical data to secure, safe, and offsite locations; this ensures that recovery post-incident can be done quickly.

I have seen so many teams lose days because of bad backups, a weakness  that could have so easily been avoided by implementing a proper backup plan.

Monitoring and logging are then equally important. Watching system logs while keeping track of unusual activity would help to identify possible breaches at an early stage.

The likes of Application Insights and ELK Stack are great tools to get insight into system behaviour and security events. For instance, you may spot a sudden spike in failed logins as being a sign of a brute force attack, allowing you to react before any damage.

Building a security culture among your team should be a very high priority. Cyber hygiene, by no means, is a solo endeavour; it is an ever-collaborative one. Regular training, knowledge-sharing sessions, and security drills will keep everyone in tune with the latest in terms of awareness.

Wide-open discussions about possible risks and incidents encourage the team to be able to face together and harmoniously along with efficacy any emerging issues.

Cyber hygiene means the day-to-day practices that shield the codebase, systems, and data from threats. Updates, passwords, secure codes, backup, monitoring, and security culture are ways to enforce cyber hygiene, which further minimises risks of breaches for developers to work around.

Although small, these consistent practices are the foundation of a secure and resilient development culture, and the consequences are more pronounced in a world where we face threats almost every day.

After all, prevention is better than cure!

*Faith Sodipe is a forward-thinking Software Engineer with a passion for developing user-centric, secure, and scalable solutions. Expertise in Flutter for cross-platform mobile applications and .NET for backend systems is complemented by a Master’s degree in Cybersecurity. Faith excels in leading and collaborating within teams to transform visions into functional systems.

He is dedicated to using technology for social good, particularly at the intersection of human-centered design and AI, to make technology accessible and impactful for all.

Trevor Cooke, the online privacy expert at EarthWeb, emphasizes the importance of adopting daily cyber hygiene practices to protect yourself against various cyber risks.

Trevor’s Healthy Online Habits

1.  Change Your Passwords

• Frequency: Monthly

Trevor says, ‘Creating strong, unique passwords for each online account is crucial in preventing unauthorized access to your sensitive information.’

Avoid using common phrases, birthdates, or easily guessable combinations. Instead, opt for a mix of uppercase and lowercase letters, numbers, and special characters.

Consider using a reputable password manager to generate and securely store passwords, making it easier to manage and update them regularly.

2.  Scan Your Device For Viruses

• Frequency: Weekly

Regularly scanning your device for viruses and malware helps ensure that your system remains free from malicious threats that could compromise your security.

Trevor advises, ‘Use reliable antivirus software to conduct weekly scans, as it can detect and remove any potential threats lurking on your device. Keep your antivirus software up to date to stay protected against the latest malware strains and cyber threats.’

3.  Check For Updates

• Frequency: Bi-weekly

Keeping your operating system, applications, and antivirus software up to date is essential for patching security vulnerabilities and protecting against emerging threats.

Set aside time every two weeks to check for and install any available updates. Enable automatic updates whenever possible to ensure that your software is always equipped with the latest security patches and enhancements.

4.  Backup Your Data

• Frequency: Weekly

Regularly backing up your data is critical for protecting against data loss due to hardware failure, malware attacks, or ransomware infections.

Create backups of your critical files and documents every week, storing them in secure locations such as cloud storage or external hard drives.

Consider using automated backup solutions to streamline the process and ensure that your data is consistently protected.

5.  Review App Permissions

• Frequency: Monthly

Trevor remarks, ‘Periodically reviewing and managing app permissions on your devices helps minimize the risk of unauthorized access to your personal information.’

Take the time each month to review the permissions granted to mobile apps and revoke any unnecessary access. Limit app permissions to essential functions only and be cautious when granting access to sensitive data such as location or contacts.

6.  Check For The Latest Scams

• Frequency: Weekly

Staying informed about the latest cyber threats and scams is essential for protecting yourself against online risks.

Dedicate time each week to educate yourself on emerging threats, cybersecurity best practices, and common scam tactics.

Trevor suggests, ‘Follow reputable cybersecurity blogs, subscribe to security newsletters, and stay updated on cybersecurity news to enhance your knowledge and awareness.’

7.  Empty Your Spam Folder

• Frequency: Bi-weekly

Regularly emptying your email spam folder helps prevent potential phishing attacks and malware infections.

Phishing emails often end up in the spam folder, but it’s important to regularly review and delete them to avoid accidentally clicking on malicious links or downloading harmful attachments. Empty your spam folder every two weeks to keep your inbox clean and secure.

8.  Clear Out Caches and Browser History

• Frequency: Monthly

Clearing out caches and browser history on your devices helps remove stored data that could be exploited by cybercriminals.

This includes cookies, temporary files, and browsing history that may contain sensitive information.

Set aside time each month to clear out caches and browser history on your devices, reducing the risk of unauthorized access to your personal data.

Trevor underscores the significance of integrating these cyber hygiene habits into one’s routine. He states, ‘Practicing good cyber hygiene is not just about protecting yourself from known threats but also staying vigilant against emerging cyber risks.

By adopting these cyber habits consistently, individuals can strengthen their defenses and navigate the digital world safely and securely.’

[Featured Image Credit]