We're savvy on the streets, but hopelessly exposed online

What you need to know:

  • The same Kenyans do not take similar safety measures online and therefore present easy targets to an increasing number of cybercriminals.
  • Of what use is a complex password if you give it to your secretary or personal assistant, who may then share it with their friend or colleague?
  • If you lost your mobile phone or tablet today, chances are that the thief would have automatic access to your email and possibly your social network accounts.


The human being, it is often said, is the weakest link in any security framework.

Put differently, if the government enacted the necessary cybersecurity laws while the judiciary, prosecution and the police upgraded their ICT skills appropriately, Kenyans would still be vulnerable online unless they too did their bit.

Most Kenyans are street-savvy and stay out of danger by not walking along certain streets or not driving through certain roads after dark.

However, the same Kenyans do not take similar safety measures online and therefore present easy targets to an increasing number of cybercriminals.

Take, for example, the matter of passwords. There is a good number of users whose password is either their name or the name of their girlfriend, boyfriend or some close relative.

If your name is, say, David Kamau, please be more creative and avoid a password like “davidkamau” because that is what the hackers begin with in their effort to guess your password.

Of course the reason users prefer simple passwords is that they do not want to forget them, but unfortunately this makes life easy for the hackers.

PASSWORD SHARING

To meet the conflicting demands of a strong but memorable password, users should mix letters and numbers while sounding out some words.

Eye_Se@_Se@” for the word “ICC” or “8-f0re-f0re” for the phrase “8-4-4” would form good password examples, in that they are not uniquely attributable to you, are fairly long and complex, and remain easy to remember.

Don’t adopt these specific examples, of course, but think along these lines when coming up with your complex but memorable passwords.

Many senior executives are known to be so busy that they delegate their passwords to staff in order to avoid stalling operations requiring their digital interventions or approvals.

This brings us to password sharing, another human weak link in the security framework. Of what use is a complex password if you give it to your secretary or personal assistant, who may then share it with their friend or colleague?

ONE PASSWORD MANY ACCOUNTS

Another emerging problem is the blurring lines between the social and corporate lives of employees. Many executives and politicians today have active social media accounts on Twitter, Facebook and LinkedIn among other networks.

Rather than trying to remember different passwords for the many accounts, these folks tend to share one password across these accounts which exponentially increases their exposure to attacks.

Hackers may compromise one social media password, and use that to gain entry into the rest of the accounts that may include corporate emails and databases. The moral of the story is that one should keep their social media passwords very different from corporate and other passwords.

HARVESTING PASSWORDS

Similarly, but on a more personal level, if you have an online banking account, please ensure that your banking password is different from your Twitter or Facebook password, otherwise you are a big victim waiting to happen.

Another area that is popular for harvesting passwords is that favourite pub or coffee shop offering free Wi-Fi or Internet hotspots. Many of the facilities offering free Internet do not have professionally installed hotspots.

This means that hackers can easily gain control of the hotspot and plant a “listener” that proceeds to monitor communications and harvest important passwords from innocent customers.

Does it mean we should not enjoy free Internet services at restaurants, pubs, coffee shops or airports? Not exactly.

CONTINUOUSLY LOGGED ON

Just like you know when it is safe to walk across that lonely street, or when to visit that ATM machine, you should also be able to judge which free hotspots are likely to be poorly managed and avoid them.

However, the general rule irrespective of the facility is that sensitive tasks such as online banking should never be executed over random, free wireless hotspots.

User devices such as laptops, tablets and mobile phones present the highest source of risk within a security framework. This is particularly true because mobile devices today are Internet-enabled, meaning that users tend to be continuously logged on, even when not using them.

If you lost your mobile phone or tablet today, chances are that the thief would have automatic access to your email and possibly your social network accounts. They can essentially pretend to be you, the classic case of identity theft.

FAKE DISTRESS MESSAGES

Having acquired your identity, they can proceed to change your password and lock you out of your services, and then with your account, start sending fake SOS messages, claiming that you are stranded in a some remote banana republic, and urgently need dollars from your friends and relatives to get you out of a mess.

What, then, should online users in Kenya do? There is never going to be a situation that is 100 per cent secure unless you decide to switch off your online services and retreat to life in a cave like our forefathers.

The preferred option, then, is to stay online, but ensure you enhance your online security awareness, and remain street-savvy on the information superhighway.