Whether you’re scrolling social media, checking emails, or downloading apps, cyber criminals are always looking for new ways to exploit vulnerabilities. 

The threat landscape is as broad as your web presence. What’s more, organisations must contend with AI-driven attacks that are growing in scale and sophistication day by day.

It’s no longer enough to react, cybersecurity strategies must be prevention-first. That’s why raising awareness about cybersecurity isn’t just important, it’s essential for protecting your personal information, financial data, and digital identity.

Check Point‘s Jeremy Fuchs, from their CTO office, outlines five essential cybersecurity tips as his contribution for Cybersecurity Awareness Month:

Tip 1. Cyber Risks from Apps: Verify Before You Download

Malicious apps can still slip through the cracks despite the apparent safety of device-based app stores. Before downloading any application, take a moment to verify the developer’s credibility.

Look for apps from well-known companies or developers with strong reputations and positive user reviews.

Be cautious of apps that request excessive permissions, if a flashlight app wants access to your contacts, that’s a red flag. Be particularly skeptical of apps that seem too good to be true, offer unrealistic promises, or have very few downloads despite being available for months.

Always download apps directly from official app stores rather than third-party websites, and keep your apps updated to ensure you have the latest security patches.

Tip 2. Spotting Brand Phishing: Don’t Fall for Fake Communications

Cyber criminals love to impersonate trusted brands to steal your information. When you receive emails, texts, or messages claiming to be from well-known companies, take a closer look at the sender’s details. Legitimate businesses typically use official email domains and consistent branding.

Watch out for pressure tactics designed to make you act quickly, phrases like “urgent action required” or “account will be suspended” are common red flags.

Avoid clicking on links in suspicious messages. Instead, navigate directly to the company’s official website by typing the URL into your browser or using a bookmark. If you’re unsure whether a communication is legitimate, contact the company directly through their official customer service channels.

Organisations need to stay a step ahead by preventing messages from reaching employee inboxes through anti-phishing and anti-ransomware protection, combined with user education.

Tip 3. Detecting Deep Fakes: Trust but Verify

Deep fake technology has made it easier than ever to create convincing fake videos and audio recordings of real people.

When you see content that seems surprising or out of character for someone, take a moment to double-check the person’s identity and the authenticity of what you’re seeing.

Look closely at videos for telltale signs of manipulation, unnatural facial movements, inconsistent lighting, or audio that doesn’t sync properly with lip movements.

When verifying images, pay attention to backgrounds, shadows, and any elements that seem digitally altered.

Most importantly, if you receive suspicious content claiming to be from someone you know, confirm directly with that person through a separate, trusted communication channel before believing or sharing the content.

Tip 4. Ignore Unknown Text Messages: When in Doubt, Delete

Text message scams (smishing) have become increasingly common, with criminals sending everything from fake delivery notifications to bogus prize announcements. The safest approach with messages from unknown numbers is simple: don’t engage.

Never click on links in text messages from unfamiliar senders, even if the message seems legitimate or urgent.

These links often lead to malicious websites designed to steal your information or install harmful software on your device.

If you receive a suspicious text claiming to be from a company or service you use, ignore the message and contact the organisation directly through their official channels. When in doubt, delete the message immediately and block the number to prevent future attempts.

Tip 5. Leaked Credentials: Stay One Step Ahead

Data breaches happen more frequently than you might think, potentially exposing your usernames, passwords, and other sensitive information. In fact, compromised credentials have surged 160% this year.

Regularly check if your credentials have been compromised by using reputable breach monitoring services that can alert you when your information appears in known data breaches.

When you discover that your information has been leaked, change your passwords immediately — not just for the affected account, but for any other accounts where you’ve used the same or similar passwords.

Enable two-factor authentication wherever possible to add an extra layer of security to your accounts.

Consider using a password manager to generate and store unique, strong passwords for each of your accounts. For organisations, the risk from leaked credentials is amplified by the potential for it to lead to a broader incident.

Prioritising Zero Trust-based secure access, organisations protect themselves from attackers moving laterally in the network after unauthorised access.

“For organisations, it’s essential to be prepared for more and more sophisticated attacks. Full coverage across all employee devices, web applications, email, and secure access are pillars for protecting your workforce. In general, following this rule of thumb will cover most scenarios: If you’re unsure, or if something feels off, report it and don’t engage. By implementing these five cybersecurity practices and making online safety a priority, you can stay secure in our hyperconnected world,” Jeremy says.

The post Five Essential Security Tips for Cybersecurity Awareness Month appeared first on Tech | Business | Economy.

Cybersecurity is a shared responsibility that requires the collective effort of every individual, business, and government entity to ensure a secure digital environment.

As a leading body in the field of cybersecurity in Nigeria, we are committed to enhancing our nation’s cybersecurity posture.

The increasing reliance on digital technologies has brought about significant benefits, such as improved access to information and efficient service delivery.

However, this digital transformation has also introduced significant cybersecurity risks that threaten national security and economic stability.

Current State of Cybersecurity Awareness

A significant portion of the Nigerian population, especially in rural areas, lacks basic cybersecurity knowledge.

This limited awareness makes individuals vulnerable to various cyber threats. Also, many organizations, particularly Small and Medium Enterprises (SMEs), lack adequate cybersecurity infrastructure and resources, leaving them exposed to cyberattacks.

The shortage of skilled cybersecurity professionals further worsens these challenges, as organizations struggle to effectively address the growing threat landscape.

Phishing attacks remain a persistent threat, with individuals falling victim to sophisticated social engineering tactics.

Data breaches continue to occur, compromising sensitive personal and financial information. Cybercrime, including online fraud, identity theft, and ransomware attacks, is on the rise, causing significant financial losses and reputational damage.

Recent studies have highlighted the current state of cybersecurity awareness in Nigeria. For instance, research conducted among university students in Northeastern Nigeria revealed that while there is some basic knowledge of cybersecurity, there is a pressing need for more comprehensive awareness programs, particularly in areas such as cyberbullying, child online protection, self-protection, and internet addiction.

Another study on online banking users in Nigeria showed a high level of awareness of cybercrime but also identified gaps in password security practices and the need for more robust cybersecurity measures.

Poverty and unemployment drive cybercrime in Nigeria, posing a threat to national security and socio-economic development.

Addressing these underlying issues, promoting awareness, and implementing effective cybersecurity measures are crucial for mitigating cybercrime and fostering a safer digital environment.

To this end, we are calling on all stakeholders, including government agencies, private sector organizations, educational institutions, and civil society, to join us in this important endeavour.

Government Initiatives

We appreciate the Nigerian government’s efforts to enhance cybersecurity and protect its cyberspace through various initiatives, which include the establishment of the National Cybersecurity Coordination Centre (NCCC) to facilitate the implementation of cybersecurity

programs and legislation, the NCCC coordinates national efforts against cyber threats; The 2021 National Cybersecurity Policy and Strategy (NCPS) which builds on the 2015 framework, addressing evolving cybersecurity challenges.

It aims to enhance digital competitiveness, promote indigenous technology, safeguard critical infrastructure, and combat cyberattacks, online fraud, and misinformation; The Cybercrime (Prohibition, Prevention, etc.) Act 2015 which was enacted to combat cybercrime and protect digital assets.

The recent Cybercrimes (Prohibition, Prevention, etc.) Amendment Act 2024 further strengthens cybersecurity measures by introducing Sectoral Computer Emergency Response Teams (CERTs) and requiring reporting of cyber threats within 72 hours; The Amendment of the National Identification Number (NIN) Requirement which mandates its use for electronic financial transactions to facilitate tracking and verification; and The Nigeria Data Protection Act 2023 which builds on previous data protection regulations to strengthen data protection rights and enhance security in response to the evolving data landscape.

These initiatives aim to create a more secure digital environment in Nigeria, addressing evolving cyber threats, protecting critical infrastructure, and safeguarding personal data.

The government’s commitment to international cooperation, capacity building, and legal frameworks ensures a proactive approach to cybersecurity.

Our Initiatives

We have been instrumental in raising cybersecurity awareness in Nigeria. Through various initiatives, we are actively promoting cybersecurity best practices and educating the public about emerging threats, which include the annual Cyber Secure Nigeria 2024 Conference and this year’s conference theme Leveraging Artificial Intelligence for Cyber Resilience: Building A Secure Future Bridge.

This event brought together academia, industry experts, government officials, and cybersecurity professionals to share knowledge and insights; we also offer training and workshops to equip individuals and organizations with the necessary skills to protect themselves from cyber threats; we conduct various awareness campaigns to educate the public about the importance of cybersecurity.

These campaigns often involve social media, workshops, and public events to reach a wider audience; we publish regular cyber threat landscapes and forecasts to highlight emerging threats and vulnerabilities in Nigeria.

These reports help individuals, organizations and governments prioritize their security efforts and allocate resources effectively; and we collaborate with other organizations, both locally and internationally, to share knowledge, resources, and best practices.

These partnerships help to strengthen the cybersecurity ecosystem in Nigeria. By actively promoting cybersecurity awareness and education, we play a crucial role in safeguarding Nigeria’s digital landscape.

Call to Action

To address growing cybersecurity challenges, individuals, organizations, and the government must take concerted action. Individuals should prioritize digital literacy, strong password hygiene, online vigilance, and regular software updates.

Organizations should invest in cybersecurity infrastructure, train employees, develop incident response plans, and prioritize data protection.

The government should strengthen legal frameworks, foster public-private partnerships, invest in research and development, and promote cybersecurity awareness.

To further enhance Nigeria’s cybersecurity posture, stakeholders should collaborate on training programs, promote cyber hygiene, raise awareness about emerging threats, engage communities, and support research initiatives.

Also, strengthening cyber threat intelligence capabilities through investment in research and developing Sector-Based Incident Response Capabilities. International cooperation and continuous learning are also essential components of a robust cybersecurity strategy.

By taking these comprehensive steps, Nigeria can better protect its digital infrastructure, safeguard privacy, and ensure national security.

Conclusion

As we conclude Cybersecurity Awareness Month 2024, we urge Nigerians to prioritize online safety. Cybersecurity is a shared responsibility requiring collective action from individuals, organizations, and the government. Let us continue to engage in discussions, share knowledge, and report suspicious activities to build a secure digital environment. By working together, we can ensure a safer cyberspace for all.

*Article written by Ade Shoyinka, President of Cyber Security Experts Association of Nigeria (CSEAN) and John Odumesi, Director of Research and Development, CSEAN

The post Strengthening Cybersecurity Awareness in Nigeria – A Call to Action appeared first on Tech | Business | Economy.

In a message to customers via email, as part of the Cybersecurity Awareness Month, the bank enjoined customers to integrate four key measures into their online practices to safeguard their personal data from digital threats.

These include, using strong passwords and/or a password manager, turning on multifactor authentication, recognizing and reporting phishing and regular update of their phone or computer software.

The National Cybersecurity Awareness Month is usually celebrated in October annually. It is a month-long effort dedicated to promoting cybersecurity awareness and education.

It aims to empower individuals and organizations to take proactive steps in safeguarding their digital lives, assets, and sensitive information.

According to Ecobank, customers should be risk aware enough to recognize and report phishing, describing phishing as an attack that attempts to steal money, or identity, by getting bank customers to reveal personal information, such as credit card numbers, bank information, or passwords – via a phishing website or link that poses to be legitimate.

“Cybercriminals typically pretend to be reputable companies, friends, or relatives in a fake message. Be careful if you receive an email or message asking for personal information. If you get this type of message, don’t provide the requested information without confirming that it is legitimate. Also,  we advise customers to always use multi-factor authentication to protect their bank accounts and confidential information.  Multi-factor authentication acts as an additional layer of security that helps prevent unauthorised users from accessing your accounts, even when the password has been stolen. Multi-factor authentication is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their mobile or email, answer a secret question, or scan a fingerprint”, the bank stated.

Further, Ecobank stressed the need for a strong password, “Your PIN, OTP and passwords should always be kept confidential. For strong passwords, consider using three random words, a mixture of capital letters, special characters and even numbers.” In addition, “You should update your apps and your device’s software as soon as they are available. Updates include protection from viruses and other kinds of malware and often improvements as well as new features.”

The Pan African Bank noted that it continually runs awareness programmes to ensure employees and customers understand the various forms of cybercrime and how to prevent them, stressing that with digital banking being a key pillar of its strategy,

“we must ensure our platforms are well secured to safeguard the integrity of our data. The Bank has heavily invested in training and various forms of capacity building to ensure staff understand cyber related challenges and address them promptly,” the statement added.

The post Be Cyber Security Conscious, Ecobank Advises Customers appeared first on Tech | Business | Economy.

The new releases, ranging from innovative products to educational campaigns, are designed to make cybersecurity second nature for users, ensuring a safer online experience.

Pixel 8: Enhanced Security with Google Tensor G3

One of these unique updates is the Pixel 8, built with an advanced Tensor G3 chip and enhancing the phone’s resistance against cyber attacks. 

Collaborating with the Titan M2 security chip, Pixel 8 offers advanced security and privacy and the Face Unlock feature now meets the highest Android biometric standards, allowing secure usage for banking and payment applications like Google Wallet.

Passwordless Security: Introducing Passkeys

To enhance user experience and security, Google is introducing passkeys as the default sign-in method across personal Google Accounts. This passwordless approach provides a simpler and more secure way to access online sites, aligning with Google’s dedication to user safety.

Gmail Security Upgrades

Gmail, with its robust AI-powered defenses, already blocks over 99.9% of spam, phishing, and malware, filtering out 15 billion unwanted emails daily. New requirements for large senders have been implemented to create a safer and more user-friendly email environment for everyone.

Privacy Control Enhancements

Google is rolling out updates to privacy controls, offering users more ways to protect their personal information. Improvements to Chrome’s deletion tools on Android will allow users to delete the last 15 minutes of their browsing history, site data, and recent tabs swiftly. Additionally, Google is expanding its dark web report feature, making it accessible through the account menu in the Google App on Android, with iOS support coming soon.

Google App as Credential Provider for iOS Devices

Google is enabling users to utilize the Google App as their Autofill provider on iOS devices. This integration allows for secure and quick password filling into any app or website, enhancing convenience and security.

Educational Initiatives Beyond Google Products

In partnership with the Cybersecurity and Infrastructure Security Agency (CISA), Google is actively promoting cybersecurity education across the United States. As part of CISA’s Secure our World campaign, Google has launched a series of user-friendly videos offering practical tips on cybersecurity best practices. These initiatives aim to raise awareness about multifactor authentication, strong password usage, software updates, and recognizing online scams.

Google’s mission to enhance cybersecurity goes beyond its products, it also includes education and support for users to navigate the digital age securely.

These initiatives take us towards a safer online environment, emphasizing the importance of continuous cybersecurity awareness and proactive measures for all users.

The post Google Rolls Out Enhanced Cybersecurity Features, Education Initiatives for Cybersecurity Awareness Month appeared first on Tech | Business | Economy.

Last years, the agency trained 3242 on basic and intermediate cybersecurity skills in partnership with CISCO.

The Cybersecurity Awareness Month held every October, is a month set aside globally to educate and create cybersecurity awareness.

This year marks the 20^th in the series of collaborative awareness campaigns between public and private sector organisations globally.

To mark the 2023 National Cybersecurity Awareness Month, NITDA has lined up series of programmes specifically focused on sensitising the public on cybersecurity threats and steps necessary to protect ourselves in the ever-growing digital space, according to a statement on Monday signed by Mrs Hadiza Umar, Head of the Agency’s Corporate Affairs and External Relations.

The theme for this year’s celebration is: See Yourself in Cyber, which highlights that cybersecurity is everyone’s responsibility.

“The main purpose of this awareness campaign is to encourage the adoption of safe cyber hygiene. To achieve this effectively, citizens need to accept, understand and be willing to apply these security measures to stay secure”, Umar said.

This year’s awareness campaign focuses on sensitising citizens on identifying and countering the following:

• Digital Misinformation and Disinformation.
• Social media attacks (Authentication and Social Engineering attacks).
• Phishing (Phishing scam websites, Email phishing/Business email compromise).
• Cyber bullying.
• Online responsible behaviour.
• Ransomware attacks.

NITDA is partnering with relevant stakeholders to carry out grassroot awareness campaigns aimed at sensitising the public of these cyberthreats and how to protect themselves.

Specifically, the Agency is collaborating with Galaxy Backbone to disseminate specially designed information flyers to public sector organisations.

“The Agency has, in conjunction with O-range Cybersecurity Training Service Limited, conducted Cybersecurity Training in Ilorin, Kwara State, where more than 5,000 youths from various states participated”, Umar explained.

Other activities lined up include:

• The NITDA-Cisco Cybersecurity Awareness Training aimed at training 4,000 youths in Ethical Hacking, Endpoint Security, Network Defense, and Cyber Threat Management. The call for application was opened on the 2^nd October while the portal for the virtual training will be opened on 18^th October 8, 2023;
• A two-day Innovation Challenge on Cybersecurity programme, designed to identify and showcase innovative technologies on cybersecurity with special focus identifying solutions that can be adopted in the public sector. So far, over 3,000 applications have been submitted; and
• General Awareness programme focusing on sensitising the public on NITDA’s initiatives and services such as:
• Trustmark system for online trading.
• Free Web Application Firewall for all MDAs.
• Public Key Infrastructure (PKI).
• Free Vulnerability Analysis and Penetration Testing (VAPT) for MDAs; and
• Monitoring of MDAs portals, social media monitoring and recovery, digital forensics, Cyber drill, and Cybersecurity Training.

“We therefore call on private and public sector organisations as well as the public to join us in ensuring that the Nigerian Cyberspace is safe and secure. Together, we can make the Nigerian cyberspace and the world at large safe and secure for all.

For more inquiries visit www.nitda.gov.ng or e-mail: info@nitda.gov.ng

The post NITDA Announces Plans for 2023 Cybersecurity Awareness Month Celebration appeared first on Tech | Business | Economy.

Key Facts in this publication:

• Cybersecurity is an increasingly relevant topic in all areas of life, both business and personal
• More and more global companies, such as Santander, have cybersecurity training programs and offer bonuses to employees who know how to detect cyber scams, such as phishing
• The lack of specialised skills in cybersecurity will be one of the most important challenges that organisations will have to face in the coming years

For companies, cyber risks are increasing all the time. In fact, according to Check Point Research (CPR), attacks increased by 59% compared to last year.

Here in Africa, the weekly average of impacted organisations in 2022 is 1 out of 21, with an organisation on the continent being attacked on average 1,896 times per week in the last six months.

A recent World Economic Forum report revealed that 95% of cybersecurity problems are caused by human error, and if you add the global cyber skills shortage to the mix, then you have the perfect storm for a cybercriminal. 

The 2021 (ISC)² Cybersecurity Workforce Study showed that we are lacking almost three million cybersecurity professionals worldwide.

In light of this, some organisations have started to implement cyber initiatives for their employees. For example, Santander, a multinational financial services company, recently launched an incentive scheme whereby employee responses to phishing attacks are considered as part of the overall company bonus policy.

Check Point Software has also implemented various training initiatives to boost cybersecurity skills in the workforce across Africa.

In Kenya, together with Strathmore University, Check Point SecureAcademy runs free training sessions with lecturers and students. And since 2021 in Johannesburg, together with Get Informed and local partners, Check Point Software has been offering cybersecurity training courses and internships to under-privileged youth in the community.

Having people and staff that are well trained in cyber hygiene is one of the best foundations for good cybersecurity, and so, for Cybersecurity Awareness Month, Check Point Software provides some useful information to help companies identify attacks.

• Phishing: this is a technique that is often successful due to a lack of employee training. Often in the form of an email, it is when a cybercriminal will impersonate a colleague, company or institution to obtain personal data to then sell, use for identity theft or to launch further cyberattacks. It’s important to be careful when receiving emails, particularly any that include an unusual request. You should check the sender address is legitimate, check for grammar errors and any misspelled words, and don’t click on any unfamiliar links or open attachments.
• Malware: this is malicious software that is designed to harm a device or network. In order for it to be successful, the victim has to install such software on their computer, which is usually done by clicking on a malicious link that automatically installs it, but it can also enter through a file such as an image, document or video attachment. Again, it is crucial to be careful when receiving emails that contain links or files, and only download software from official stores.
• Ransomware: this is a type of malware attack that blocks access to systems unless a ransom is paid. For some time now, there has been double and even triple extortion ransomware, capable of blackmailing the victim’s customers too.  Like malware, it usually enters a device through a link from a trusted company or a file downloaded to it. Therefore, it is very important not to download anything from an unknown user and utilise multi-factor authentication.

To avoid becoming a victim of phishing, malware and ransomware, Check Point recommends:

• Enabling two-factor authentication: sign into your accounts with both a password and one other method. It could be a question, biometric data or a one-time code sent to your device. This creates an extra layer of security that prevents an attacker from being able to access an account with just a password.
• Using strong passwords: using the same keyword for everything, or simple combinations such as ‘123456’ or ‘password’, is making it too easy for cybercriminals. There are now a multitude of platforms that can generate strong, difficult-to-guess passwords with upper- and lower-case letters, numbers and symbols. Although we can also create them ourselves, it’s important to remember to use different combinations for each service.
• Learning how to recognise phishing: when an attacker sends a phishing email, there are usually some common identifiable traits such as misspellings or the fact that it asks for credentials to be entered. A company will never ask for a customer’s credentials on email. If in doubt, always go to the official page or platform of the company you want to access.
• Always keeping software updated: it is always advisable to update to the latest version of a company’s software as this is the way that they correct security errors of previous versions.

“Cybersecurity Awareness Month is an important time to not only raise awareness of cyber-safety but to drive real action among individuals. Most cyberattacks occur because of human error so it is in our hands to improve cybersecurity, both at home and at work. This is an essential activity in which we all have a part to play,” says Pankaj Bhula, Regional Director for Africa at Check Point Software. “The term ‘If you are not part of the solution, you are part of the problem’ fits perfectly when it comes to cybersecurity and users.”

The post October as Cybersecurity Awareness Month appeared first on Tech | Business | Economy.