A few years ago, when terrorists struck Garissa University, President Uhuru Kenyatta got a huge backlash when he stated that ''security begins with you,'' referring to the citizen.
It sounded quite insensitive then, given the tragic circumstances and the timing of the statement.
However, the President was right. Within the information security practice, everyone knows that the human being is the weakest link in any security architecture.
Put within context, the strength of the nation's cyber security depends on the strength or security consciousness of its populace.
It does not matter how technically sophisticated the national security team, equipment or software is, if the citizens are gullible to common baits thrown at them from cybercriminals.
Reports from the national Computer Incident Response Team confirm that Kenyans continue being hit by cybercriminals because they are, for lack of a better word, careless online.
For example, the infamous ''You have won 1 million Dollars $$$'' emails – it is unbelievable how this social engineering attack has survived generations and continues to claim victims.
Basically, the attacker uses deception to gain confidential information from the victim in order to commit fraudulent activities.
Cybercriminals have of course modified the attack for local consumption. For example, they would claim that you have won one of the many jackpots in the many sport betting or mobile operator’s promotional activities.
You would then get a call, rather than an email, congratulating you for your sudden fortune. As you drop your guard in anticipation, you start sharing your personal data recklessly.
Eventually, that personal data will be combined with other data for either swapping your SIM card, or changing your internet banking accounts, with serious repercussions on your financial status.
Another slightly sophisticated approach involves enticing you to download popular mobile apps that tend to do more than what they claim to.
For example, some of the web and mobile apps pretend to offer you easy loans or betting opportunities, while behind the scenes they indirectly harvest personal information from your phone.
Some use direct methods by requiring you to submit personal information in anticipation of the loan – which is subsequently declined. By the time you realise your application is unsuccessful, you have already surrendered very sensitive data that may eventually be used against you.
Another easy source of harvesting personal data is through free and open Wi-Fi Access points that exist in most social places like restaurants, public transport and entertainment clubs. Public Wi-Fi should be used sparingly and cautiously. Indeed, one should never use it to transact a serious business like online banking. It is very easy to harvest passwords that go through these free and open Wi-Fi access points.
Finally, general users rarely update common software like web browsers or Operating Systems. If your device, mobile or desktop, is running old software, you are basically acting as a ''honey-pot'' for hackers. Your ''un-updated'' software acts as a soft target for hackers to exploit and gain access to your sensitive data or to pivot into the rest of your network resources.
These are some of the basic online safety procedures that you, as a citizen, must strive to be aware of and ensure to implement as your contribution to making the Kenyan cyberspace a better place to be.
You are, after all, the weakest link in the security architecture, and security does indeed begin with you.
Mr Walubengo is a lecturer at Multimedia University of Kenya, Faculty of Computing and IT. Email: [email protected], Twitter: @Jwalu