Govt ill-equipped to fight cyber attacks

Every so often, cybersecurity analysts warn that we need to create a moat around digital assets.

If we neglect digital security, we stand to suffer losses, some of epic proportions.

World over, governments are targets for cybercrime. Cyberattack is the 21st century’s tactic for sizing-up a country’s security strength.

In fact, how a government guards its digital wealth is a testament to its national security might.

DIGITAL SECURITY
The first line of digital defence for organisations and governments is in ensuring that their staff have the requisite skills to sniff out attempts to compromise digital security.

That staff work with the right hardware and software, and are backed by a team of experienced technology-support team.

As much as possible, there should be a clear demarcation between personal online activities such emails and corporate activities.

Unfortunately, however, the largest workforce – government employees— are ill-prepared to transact business on the digital platforms.

They are exposed to cyberattack and in return, expose the government too.

SOFTWARE
Majority of the staff, especially those in the middle to senior band, have government-bought laptops but have different versions of software.

Computers running different software or different versions of same software on the same corporate network introduce fault-lines that cyber crooks find and exploit.

Worse, those computers rarely have anti-virus software to protect data from illicit infiltration.

Where the software exists, it is in most cases out-of-date.

Moving information from one computer to another is mostly by email or by use of flash drives.

Flash drives are the most common conduit for virus from one device to another.

It is a common practice within government to use one flash drive to transfer a file from one computer to multiple computers.

EMAILS
If the file is infected, all computers that receive that file catch the “sickness” and infect all others which they exchange information with.

It is akin to using one needle to inject multiple patients, effectively transmitting infections.

Government workers transact government business using their personal email accounts.

There is no clear demarcation between personal and official communication. Mails are exchanged through Gmail and Yahoo email accounts.

Transacting government business using personal resources such as personal email accounts is a bad business practice.

When an employee is hired, he is supposed to receive tools to work with.

The government, however, because it does not have a supportive email infrastructure, allows its workers to use their personal resources.

WHISTLE-BLOWER
Secure email communication, for example, is supposed to be protected through regularly monitored email communication servers and network.

But because staff use their personal emails, the government has no business enforcing secure email policies, such as a strong password.

The result is that sensitive documents and privileged government information is lying in thousands or probably millions of personal computers and emails.

When people leave government employment, they go away with all this information. It is partly the reason why it is nearly impossible to stop leakage of privileged government information.

Staff are never trained on how to protect their digital devices or information transmitted or maintained on those computers, tablets and mobile phones.

To defend Kenya from vicious online attacks, time is running out for the government to institute a ring of protection of its digital systems.

The writer is an informatics specialist. [email protected] @samwambugu2