cybersecurity - Afrikan Heroes

Leading Cybersecurity Firm, Softline, Pours More Investments Into Egyptian Market

December 6, 2021

Softline, a major provider of digital transformation, cloud, and cybersecurity services, has announced plans to expand its operations and investments in Egypt. The company recently met with officials from various government agencies and departments, including the Ministry of Communications and Information, the General Authority for Investments, and the Information Technology Industry Development Agency (ITIDA).

“It was an honour to meet with officials and decision makers in Egypt, which is making a great leap forward in terms of its digital transformation and IT. Today we are looking forward to expanding our business in the Middle East by increasing our investments in Egypt, which will also serve as a hub for our business in the region,” Engineer Ahmed Nabil, the managing director of Softline Egypt said.

Softline investments Egypt — *Credits: Softline*

Softline’s projected investments over the next three years, as the firm attempts to consolidate its position and investments in Egypt, were discussed during these discussions by representatives from the company and the government. They also talked about how they might work together to promote Egypt’s national digital transformation plan, which involves a variety of organizations and industries.

The talks also discussed the company’s plans and strategy for hiring new engineering graduates from Egyptian institutions, particularly technology colleges, as well as providing ongoing support through training.

The meetings were attended by Roy Harding, President of Softline International; Atul Ahuja, Softline Senior Vice President for Middle East, Africa and Asia; Engineer Ahmed Nabil, Managing Director of Softline Egypt; and Mohamed Khattab, director of government and education sector at Softline Egypt.

“These meetings have given us a very clear sense of how Softline can support the public and private sectors, and we’re excited to be playing a part in realizing Egypt’s vision for overhauling its digital infrastructure over the next decade,” Roy Harding, Softline International’s President said.

“At Softline Egypt, we feel we are at the right time and right place. Softline’s global experience in offering solutions and services for emerging economies would be just right for the growth and transformation Egypt as a country is experiencing,” Atul Ahuja, Softline Senior Vice President for Middle East, Africa and Asia, said.

Nabil, asserted that the stable economic situation in Egypt and the continued improvement of the investment environment in Egypt “gives us a confident push to increase our investments in Egypt and support Egypt’s national agenda and the long-term strategic plan of the state to achieve the principles and goals of the sustainable development in all sectors according to Egypt 2030 vision”.

Softline, based in London, is a major global provider of digital transformation and cybersecurity solutions and services. The company connects over 150,000 enterprise companies across a wide range of industries with over 6,000 best-in-class IT providers, as well as providing its own services and patented solutions, to allow, facilitate, and accelerate their digital transformation.

The company is present in over 50 countries and in around 95 global cities., with substantial development potential in markets such as Asia, Latin America, Eastern Europe, and Africa.

Softline has grown from its inception to a revenue of US$ 1.8 billion in fiscal year 2020, making it one of the fastest-growing companies in the industry. The company successfully completed an initial public offering of its depositary receipts on the London and Moscow stock markets in October 2021.

Softline investments Egypt

How Gozem App Platform is Expanding Operations Across West and Central Africa

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

UN Calls on Nigeria, Others to Tighten Cybersecurity Regulations

September 19, 2021

The International Telecommunications Union (ITU), the global telecommunications arm of the United Nations (UN) has called on the government of Nigeria and other governments across Africa to strengthen their Internet safety regulations. Because of the COVID-19 pandemic and general shift online, many African countries are now more exposed to cybersecurity threats than before, necessitating renewed efforts into protecting these spaces.

According to the Guardian Nigeria, the UN noted that in Africa, many countries have seen a rise in reports of digital threats and other malicious cyber activities. The results include sabotaged public infrastructure, large-scale monetary theft from digital fraud, and national security breaches.

The UN says that addressing these vulnerabilities requires a greater commitment to cybersecurity than those already present.

This renewed commitment, says the UN, requires enforceable policy safeguards, risk prevention and management approaches, which together with protective technologies and infrastructures can go towards defending each country’s cyberspace and citizens therein.

From a legal perspective, ITU says that out of 54 African countries assessed, only 29 had passed any legislation to promote cybersecurity. Four countries are currently in drafting processes of their own cyber legislation or are seeking approval.

Interestingly, ITU says that Africa comes second to Europe in terms of the prevalence of protective legislation. Still, it said, that these legal frameworks lack the adequate depth necessary to tackle real online crime. In fact, ITU says that only 10 African countries possess a national cybersecurity strategy that fully addresses measures related to critical infrastructure.

The ITU says that the factors that are forging a conducive environment for the prevalence of cybercrime in Africa included limited public awareness and knowledge regarding potential risks online, underdevelopment of digital infrastructure, limitations in institutional capacity to coordinate and implement what cybersecurity laws are available, and an absence of Cybextensive cybersecurity policies.

In terms of which countries stand out of the African region as cybersecurity leaders, ITU signals Mauritius and Tanzania as top performers, whose high Global Cybersecurity Index scores (96.89 and 90.58 out of 100, respectively) were influenced by aspects like consistent investment in ICT infrastructure and skills, widespread information of the digital rights of citizens and cross-border collaboration on cybersecurity initiatives. ITU urges other countries in Africa to learn from these examples.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Cybersecurity Should Be a Top Priority for Africa’s Digital Transformation

August 12, 2021

By Ian Engelbrecht

Cloud adoption in South Africa and many other African countries is accelerating, helped along by the COVID-19 workplace disruption, and the need to reduce costs, manage risk and scale, and become more competitive.

There are many drivers behind digital transformation strategies and many decisions that need to be made, such as which public cloud to consume. However, this should be less urgent than addressing security concerns.

As we continue to work with organisations in different industries spread across our diverse continent, cybersecurity and cyber risk are increasingly important considerations for the C-suite.

Against the backdrop of high-profile security breaches and ransomware, addressing security weaknesses are a key part of the success of digital transformation initiatives. An organisation needs to digitally transform to secure itself from threats.

Security Should Be a Top Consideration

In this context, security is ahead of function and location in the pecking order of considerations. Organisations have a pressing need to secure themselves as the long-term consequences of failing to do so are devastating.

Here, managing and upgrading infrastructure is vitally important, as is building a careful strategy to manage legacy applications and the risks inherent in them. A robust Modern Data Protection strategy, ensuring seamless backup and recovery, is a vital cog in this wheel.

Beyond the added pressures to address security, which is a global challenge, the uptake of the cloud in Africa does have additional challenges, with some countries being more affected.

Hybrid Work vs. Remote Work

Let’s start with the actual physical organisation. From a South African perspective, we are seeing a trend where many companies are requesting that their workforce return to offices – if only for a certain percentage of the time.

The sense is that while much can be accomplished virtually, there are certain functions such as skills transfer that have been hamstrung by the work-from-home culture. For instance, if an IT worker shadows someone in person, there are some skills and nuances that cannot be transferred virtually.

The future workplace will therefore be a hybrid model, where the functions that can be done remotely are done from anywhere, but areas that need in-person collaboration, skills transfer, and a reading of body language in important meetings will happen on-premises.

It is important not to read this as a threat to digital transformation broadly and migration to the cloud specifically. It won’t change the need for enterprises to migrate to the cloud, but it does signal an appetite to consider hybrid solutions – that nothing is one-size-fits-all.

Three Biggest Challenges to Africa’s Digital Transformation

The three biggest challenges in Africa are bandwidth, connectivity, and infrastructure. While South Africa has made impressive headway in these three areas, they remain a bigger challenge elsewhere.

By way of analogy, imagine a bank that needs to handle hundreds of transactions every second or millisecond, which is fed into a database. To transfer this into a public cloud that is hosted in another country, or a data centre that is physically some distance away needs fast, reliable, and stable connectivity. If a transaction takes a millisecond longer than it would if it was on-prem, then the customer experience becomes affected.

African businesses are aware of this, and in the Veeam Data Protection Report 2021, 35% of African organisations cited industry disruption as the biggest challenge they anticipated. This was followed by economic uncertainty (32%) and changing customer needs (32%).

These three challenges that are holding back some cloud adoptions are not typically the challenges one would see in developed markets. However, it is important to acknowledge that while there are many that can, not all organisations will be able to move 100% to the cloud – and not all will need to.

The Hybrid Cloud Model

Largely, there is still going to be a level of physical infrastructure required to manage local offices.

Some industries can certainly be run with 100% cloud strategies, but others can’t. Some applications don’t make sense going to the cloud yet.

By way of analogy, let’s imagine a bank once more. There may be dozens of databases inside their application stack. Some of those databases may not have support yet in the public cloud, so some would move to the public cloud, while some would remain on-prem – so the bank would need to invest in the public cloud, while still renewing hardware on-prem.

When the cloud is 100% ready, the shift will happen, but the likely scenario is a hybrid cloud strategy for the foreseeable future.

Much of the roadmap that we will follow on this continent is being carved out by developed markets, and it gives us a clear sense of where and how cloud strategies in Africa will evolve.

Once ensuring there is a clear strategy for securing data, African enterprises will continue to leverage and unleash the power of the cloud, but this won’t happen with a one-size-fits-all approach.

Ian Engelbrecht is the Africa lead, systems engineer at Veeam.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Africa is Witnessing Cyberattacks Comparable to Global Average

July 21, 2021

There are indications that Africa has started witnessing the level of cyberattacks comparable to what obtains in other parts of the world. With digital transformation a top priority on the corporate agenda as companies identify new ways to grow their business, cyber attackers and opportunist cybercriminals remain very active. Although Africa is not necessarily considered a focus area for the more sophisticated types of cybercriminal activity such as targeted attacks or advanced persistent threats (APTs), the continent is certainly not immune to these or other types of cyber risks, warn Kaspersky researchers.

When looking at the general cyberthreat landscape as it impacts consumers and businesses, Kaspersky research shows that in 2020, worldwide, approximately 10% of computers experienced at least one malware attack. Interestingly, in some African countries, including South Africa, the figure was only slightly under the global 10% average, making the African region comparable to that of North America or Europe in terms of cyberattacks. On some parts of the continent, in countries like Liberia, Tunisia, Algeria and Morocco as examples, Kaspersky has seen a slightly higher rate, while other parts show a lower rate – a 5% or 6% average. For the first quarter of 2021, the figures are only slightly lower than 10%, both in relative and absolute terms.

Says David Emm, Principal Security Researcher at Kaspersky; “Generally speaking, and based on our research, Africa has the same hit rate as we would see for other parts of the globe when it comes to cyberattacks and activity. This only emphasises that the cyber threat landscape truly does incorporate the whole globe where no continent or country is free of this growing danger and where all consumers, businesses and industries alike need to pay attention to effective cybersecurity measures – and especially during the current pandemic and resultant turbulent times.”

No respite in an evolving cybercrime landscape

In South Africa, Kenya and Nigeria, Kaspersky’s research has identified the top malware families as ransomware, financial/banking trojans, and crypto-miner malware. When comparing Q1 2021 with Q2 2021, Kaspersky saw a 24% increase in ransomware in Q2 2021 in South Africa, as well as an increase of 14% in crypto-miner malware. In Kenya and Nigeria, Kaspersky saw a large increase in financial/banking trojans in Q2 2021 when compared to the figures for Q1 2021 – a 59% increase in Kenya and a 32% increase in Nigeria.

While on a technical level, not much has changed when it comes to cyberattacks, what is different is that the pandemic presents a persistent topic in which the world has a vested interest in. So, unlike the Olympics or Valentine’s Day which are limited in terms of a timeline, the pandemic offers a wealth of opportunities for cybercriminals to use malware to attack. Everything from the daily numbers and lockdown restrictions to vaccinations, hackers are leveraging every aspect of the current situation to compromise systems.

“While the bulk of attacks are still speculative and randomly targeting individuals and businesses, there is a shift happening with the increase of APTs and more strategically targeted based attacks. These use continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period, with potentially destructive consequences. Because of the time and effort required to perpetrate such an attack, these are often levelled at high value targets, such as nation states and large businesses,” adds Emm.

Furthermore, another concern is that as the cyberthreat landscape evolves, the nature of malware is changing.

Continues Emm; “Take ransomware as an example. In the beginning, it was very random targeting as many people as possible hoping for a relatively small amount of money paid in ransom. During the past five years, there has been a shift with a decline in the number of ransomware families being developed as well as an overall global decline in attacks. However, attackers are now focusing on specific companies and individuals where they can get the maximum benefit. The new approach of ransomware is to expose data, negatively impacting the reputation of a company. To this effect, financial crime has become more sophisticated and organised.”

Financial institutions a top targeted industry

The financial services sector remains a top targeted industry in Africa when it comes to cybercriminal activity and such cyberthreats – not surprising when one considers the digital first approach this sector continues to take, driven by the needs and expectations of its customers.

“It is relatively easy for a hacker to target an individual and capture passcodes, one-time passwords, and install malware on their computers to get financial information. Increasingly, this is expanding to financial institutions given the sheer number of new entrants in the market emerging. For hackers, online or cyber fraud offers direct monetisation of an attack and gives them access to money as quickly as possible,” adds Emm.

Financial based malware and cyberattacks are also becoming more targeted, complicated, and difficult to prevent, and with digital transformation progressing at a rapid rate within such a sector, there is no shortage of attack surfaces for cybercriminals to exploit.

“In a world where cybercrime remains rife and is only fuelled by aspects like the pandemic, there is never a moment one should not consider the implications of a cyberattack, especially as the cyberthreat landscape evolves and become even more targeted and sophisticated than it was a mere few years ago. Cybercrime is a business. This means that consumers and companies alike must remain vigilant against an increasing attack surface. Not only does this entail a more focused cyber training approach for staff within an organisation, but also using the latest technologies that feature artificial intelligence and machine learning for accurate and proactive protection and prevention in real-time,” concludes Emm.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Cybersecurity Is More than a Tech Problem – It’s a Business Problem Too

June 15, 2021

A growing number of South African companies are not prepared for the inevitability of a cyberattack despite the significant financial and reputational risks, so says Ryan Mer, MD, eftsure Africa, a Know Your Payee (KYP) platform provider, adding that “Too few senior managers view cybersecurity as a business problem and not just a technology problem.”

“The reality is cybersecurity is very much a business consideration. CEOs and CFOs will eventually face critical questions such as: How much money do we spend on cybersecurity? Do we change key processes? How do we create awareness and change company culture? Do we put security ahead of operational functionality? What is the role of internal processes and staff on data security and integrity?.”

Mer adds that because cybersecurity is a business-wide risk it requires more than isolated activities to be addressed. “This is where the role of a Chief Information Security Officer (CISO) is important”.

The CISO, therefore, needs to have technical and security skills and competencies, but equally as important, should understand the finance function, operations of the business, and have the business as well as communication skills to effectively create this span.

While large corporates are more likely to have the resources to fill the CISO role, businesses below the corporate level may not. In such instances, Mer says an outsourced or CISO-as-a-service offering could add immense value.

“Ultimately, and especially in relation to the Protection of Personal Information (POPI) Act, there needs to be a coherent strategy and allocated responsibility in place with respect to cybersecurity, data management, compliance and fraud prevention.”

He adds that in the absence of commonplace and well-developed CISO roles, it is the CFO who should lead the way in addressing cybersecurity concerns, particularly in smaller organisations.

“It is potentially disastrous for the finance team to be ignorant of cyber risk. Attackers can target many areas of an organisation, but the dangers are usually measured in financial terms: CFOs cannot ignore cybersecurity simply because it is a complex issue outside their area of expertise.”

In addition to having the skills and oversight necessary to take a broad and long-term view of the potential financial impact of an attack, Mer says the CFO is one of the most natural custodians of data, from collection to its ongoing management.

“Attacks will very often target the finance department and its team members directly, and in many instances may even be perpetrated by or assisted by internal team members, in attempts to steal and defraud the business. CFOs need to ensure their own vulnerabilities are both understood, and urgently addressed.”

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Data Protection: What Startups In Nigeria Must Do To Be Data Privacy Compliant

June 2, 2021

In March this year, the Nigerian Information Technology Development Agency (NITDA), the body which, for now, regulates all activities related to data collection and protection, did the uncommon: it slammed the sum of ₦5 million ($13,123) against a financial services provider, Electronic Settlements Limited, for data protection breach.

In fact, NITDA did not stop there; it proceeded to place the fintech company, which is behind products like Paypad, a mobile Point of Sale (mPoS) service, and CashEnvoy, a web payment gateway, under an intense six-month oversight.

NITDA’s action was uncommon because, before then, matters of punishment for data protection breaches in Nigeria have been rare and far-fetched.

In fact, after that incident, the agency quickly published an implementation guide on the rules on data protection (passed in 2019 as Nigerian Data Protection Protection) to show it means every bit of its words on data protection in Nigeria.

Therefore, to assist Nigerian tech startups substantially comply with laws on data privacy, it would be important to clarify Nigeria’s regulatory ecosystem for data privacy in practice.

Nigeria data protection startups Nigeria data protection startups Nigeria data protection startups Nigeria data protection startups

S/N	COMPLIANCE AREAS	REQUIREMENTS	OTHERS/DOCUMENTATION	REPORTING TIMELINE/AUTHORITY

1	Consent	-Obtain positive consent from data subject on every point of data collection. Consent is positive if it allows data subject to act on it. -Consent must be explicit and never implied, such as the use of “tick-box” or “opt-in box”	Consent is required: -for any direct marketing activity, except to existing customers of the Data Controllers who have purchased goods or services; -for the Processing of Sensitive Personal Data; -for further processing; -for the processing of the personal data of a minor; – before personal data is processed in a country which is not in the Whitelist of Countries published by NITDA from time to time. -before the Data Controller makes a decision based solely on automated Processing which produces legal effects concerning or significantly affecting the Data Subject	–
2	Security	-Adhere to relevant security standards while protecting the company’s data. Adherence may be verified through data security certifications pursuant to standards such as ISO 27001; SOC2, etc.		–
3	Data Protection Impact Assessment (DPIA)	-Conduct DPIA whenever intense use of personal data is involved. -Specifically in Nigeria, conduct DPIA if data processing involves; a) evaluation or scoring (profiling); b) automated decision-making with legal or similar significant effect; c) systematic monitoring; d) when sensitive or highly Personal Data is involved; e) when Personal Data Processing relates to vulnerable or differently-abled data subjects; and f) when considering the deployment of innovative processes or application of new technological or organizational solutions. – DPIA is required for highly sensitive personal data such as: Biometric data; Data related to sexual preferences; Genetic data; Health data; Political opinions; Race and ethnic origin; Religious or philosophical beliefs; Trade union memberships. -Where the origin of the sensitive data is of a country other than Nigeria, conduct DPIA in accordance with the rules and regulations of the foreign country.		– DPIA report and approval obtained from NITDA for collecting data under paragraphs (a) to (f) in the requirement section. – Assessment reports may be facilitated by softwares such as Smartsheet; OneTrust ; TrustArc; Tugboat Logic
4	Internal Data Protection Policy	-Develop and circulate internal data protection policy to staff and vendors, especially as it concerns the collection and processing of Personal Data. -In the policy document, outline the steps they are to take to ensure the organisation’s direction is achieved and maintained; methods of responding to data breach, etc.		–
5	Data Protection Officer	-Appoint a data protection officer if: a) the core activities of the organisation involve the processing of the Personal Data of over 10,000 (ten thousand) Data Subjects per annum; b) the organisation processes Sensitive Personal Data in the regular course of its business; or the organisation possesses critical national information infrastructure (as defined under the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015 or any amendment thereto) consisting of Personal Data. -If the Nigerian company is a subsidiary of an international company, appoint a data protection officer to be based in Nigeria. Also, give the Nigerian DPO full access to the entire data management system of the international company.	-The DPO shall not be liable if the company fails to comply with data protection rules. -The DPO shall oversee the entire data protection practices of the company.	– Appoint DPO within 6 months from starting a business or within six months from November, 2020.
6	Offshore Data Transfer/Sharing	-Make sure country of data transfer/sharing falls within NITDA’s White-List -Obtain an adequacy decision from Attorney-General of the Federation through NITDA -Where the destination of transfer falls outside the White-List, present verifiable consent documents to NITDA. -Implement a Binding Corporate Rule (BCR) or sign and submit a Standard Contracting Clauses (SCC) to NITDA where personal data transfer is to a foreign subsidiary or headquarters	Documents for approval of transfer: – the list of countries where the Personal Data of Nigerian citizens and residents are being transferred to in the regular course of business; -the data protection laws of the relevant data protection office/administration of such countries listed in (i) above; -the privacy policy of the Data Controller, which is NDPR-compliant; -an overview of the encryption method and data security standards; and -any other detail that assures the privacy of Personal Data is adequately protected in the target country	-Transfer reported to NITDA on a case-by-case basis; -BCR or SCC submitted separately on each occasion or included in data audit report.
7	Third Party Risk Management	-Enter into data processing agreements with third parties for every data sharing. In the third party agreement, ensure that clauses on data use only permit third parties to process expressly authorized data. The agreement must also grant the party sharing the data rights to delete, rectify or access the data. Insert a clause in the agreement to demand the third party receiver to comply with NPDR or their local data laws. -Secure confidence, either by agreements or document verifications, that the third parties have adequate security for the shared data. -Publish a list of third party data receivers. The publication must contain the category of third party receivers; the type of data disclosed; their countries; the purpose of the disclosure.		-Publication of third party data receivers included in the audit report and submitted to NITDA every 12 months.
8	Data Correction; Updating; Objection; Deletion Systems	Ensure there is a system in place for data: -correction, update, objection or deletion.		–
9	Data Retention	-State retention period of data collated in every contract, privacy policy with data subject. -Document evidence of data destruction		-Where no retention period is stated in the agreement, the retention period shall be -3 (three) years after the last active use of a digital platform. – (six) years after the last transaction in a contractual agreement. -Delete immediately if deceased relative presents evidence of death. -Delete immediately if data subject requests.
10	Data Protection Audit	– Engage a Data Protection Compliance Organization (DPCO) to perform a Data Protection Audit and file a report with NITDA	-DPCO must submit data protection audit every twelve months. -If the company is processing personal data of more than 1000 people in 6 months, submit a summary audit through DPCO to NITDA. – For company processing personal data of more than 2000 people in a year submit an audit report through DPCO to NITDA	– Deadline for submission is on or before every 15^th of March.
11	Data Breach Response	-Notify victims of breach within 72 hours. -Write an official letter to NITDA, notifying them of personal data breach within 72 hours of breach. -Write an official letter to Nigeria Computer Emergency Response Team (‘ngCERT’), notifying them of system breach within 7 days of each breach. – In the notification letter : describe breach; state period of breach; describe personal data breached; assess risk of harm of breach; estimate victims of breach; describe remedial steps; describe steps taken to inform victims; contact of the notifying company.		-Report to NITDA 72 hours of the breach. – Report to ngCERT within 7 days of each breach.
12	Data Protection Compliance On Website	-Publish privacy policy on website. -notify and allow data subjects CONSENT to the use of cookies on the website. Keep the cookies policy simple and easy to understand. The privacy policy should contain the following: a)what constitutes the Data Subject’s consent; b) description of collectable personal information; c) purpose of collection of Personal Data; d) technical methods used to collect and store personal information, cookies, JWT, web tokens etc.; e) access (if any) of third parties to Personal Data and purpose of access; f) available remedies in the event of violation of the privacy policy; g) the time frame for remedy;		-within 3 months of commencement of business.
13	Data Protection Compliance on apps	– Publish privacy policy on apps -Privacy policy should contain the following heads: i)Information the company collects ii) Why the information is collected iii) What the company does with the information it collects. iv) Consent and privacy controls v) Sharing information vi) Security of Information vii)Deleting, retaining information viii) Third party sites, etc. -There should be pop-up consent boxes at every point of information collection in the app for purposes of obtaining consent from data subjects.		-Within 3 months of commencement of business.
14	Continuous Training	-Train members of senior management and employees that collect data on Nigerian data protection laws and practices.		-within the first 6 (six) months of incorporation and then on a biennial basis

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

Cybersecurity Experts Warn of New SMS Phishing Scheme Spreading Worldwide

May 27, 2021

Experts have warned of a new, and viral, phishing scheme that has seen fraudsters putting mobile users’ financial information at risk. Global cybersecurity firm Kaspersky revealed that attackers, typically under the guise of a postal service, request a small sum of money for the shipping costs of a package. Once a user clicks on an SMS authentication code for the money transfer, the device is compromised thereby enabling increasingly larger amounts of money to be stolen.

“Because it is not a complex phishing attack, it has already gained traction in other parts of the world with fraudsters able to pose as virtually any service provider from prepaid electricity to airtime, naming just a few examples,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.

Phishing, regardless of the scheme used, is a significant issue that affects consumers and corporations alike. And while Kaspersky research in 2020 shows that the most frequent targets of phishing attacks were online stores (just over 18%), every person must remain vigilant against this scourge.

“Whether it is phishing emails or SMS messages, attackers are getting increasingly sophisticated. The poor grammar and spelling errors of the past have all but been eliminated and replaced with clever copy that can trick even the most experienced mobile user,” he adds.

While the best form of defence is to install security software, that includes anti-virus, anti-malware, and anti-spam technology, on every device connected to the Internet, users can also delete unsolicited text messages or emails without opening them. They must also consider blocking those numbers or email addresses that perpetuate the phishing messages.

“In the connected world, phishing, like any other form of malware, is here to stay. Combining the best technology solutions with proven best practice becomes invaluable to mitigate against the potential risk of compromise,” concludes Opil.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Growing Cycbersecurity Challenges is a Threat to Africa

May 1, 2021

The cybersecurity skills shortage is worsening. This is the definitive view of the ESG report ‘The Life and Times of Cybersecurity Professionals 2020′ , and that of multiple other surveys, reports and industry analyses. Organisations are facing an unprecedented threat. Cyber attacks, fraud, phishing, breaches, hacks have increased in sophistication, focus and capability

Every front is vulnerable, every corner at risk and the skills required to support organisations in the battle are rare, expensive and hard to find. According to Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4 Africa, this is not the time to behave like an ostrich or spend more money on that skilled and expensive individual; it is an opportunity to engage in local skills development that can make a long-term difference to both economy and skills availability.

“Organisations across Africa must care about skills development to overcome the skills shortage predicament,” she adds. “This is the time to invest into initiatives like GovX (www.GovXinnovationchallenge.com) or Cyber Heroines (www.CyberHeroines.com) that actively encourage people to become part of the cybersecurity industry, and that help to develop their skills. This is one career that is set to grow and evolve over the next few years, and we need to inspire people to recognise it as such.”

Amidst the challenge of limited skills, there is a pressing need to empower women within the cybersecurity space. With far more males than females currently in the industry, security is a sector that would benefit from not just volume, but diversity. Creating a space that is attractive to women would not only benefit the sector in terms of adding fresh flavour to security thinking and approaches, but could significantly change some of the urgent issues that have arisen around women’s rights during the pandemic.

“There is a growing body of research that points to how women have been set back by decades thanks to the global pandemic,” says Collard. “This makes the connection between empowering women and connecting them to an industry that sorely needs their talent even more relevant. This is the time for organisations and industry to tackle inequality alongside skills diversity and to potentially resolve two problems at the same time. It is never going to be a quick fix, but it is an intelligent one.”

Women are often the sole breadwinners in their families (https://bit.ly/3aQBIUy), and they often work in roles that will be replaced in the future – or have already been replaced. The average ratio of women in the cybersecurity industry is 20%, in Africa it is only 9% and in executive management, women only take up 1% of the roles according to Nir Kshetri, professor of management at the University of North Carolina.

Women are facing a real danger of being left behind and considering that the current cybersecurity skills shortage is sitting at 3.12 million and that job vacancies are gathering dust and cobwebs, it is a superb opportunity for organisations to invest into new ways of attracting women to join the industry.

“It is a fascinating industry to be in,” says Collard. “The perception that you have to be a math genius or a technology wizard to thrive in security is just that – perception. The truth is that it requires the ability to think laterally, to collaborate and to be willing to learn. These are boxes anyone can tick, given the right opportunity.”

KnowBe4 currently works with the government and other leading industry players on the Gov-X innovation challenge to promote skills development across the country. This collaboration with senior security professionals and enterprises is allowing for younger people to connect with mentoring opportunities and to really understand what the cybersecurity industry truly offers.

“In addition to these formal projects and initiatives that are designed to motivate and inspire students to join the industry, there needs to be a massive focus on cybersecurity within education,” concludes Collard. “This needs to become a part of the school curriculum, giving students the opportunity to develop relevant life and career skills that will stand them in excellent stead down the line. Cybersecurity is not a flash in the pan career, it is here for the long haul and now is the time to inspire people to join.”

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

How to Protect Organisations from Ransomware Attacks

April 23, 2021

In recent times, the methods cybercriminals use to distribute ransomware has changed dramatically. While a few years ago, they would spread encrypted files on a large scale, today, their ransomware attacks have become more focused.

Now, fraudsters examine the target in detail and research each target, looking for additional leverage. In order to protect business data from ransomware attacks, experts at Kaspersky recommend these seven tips:

Installing only applications obtained from reliable sources from official websites. Always have fresh backup copies of your files, so you can replace them in case they are lost (e.g. due to malware or a broken device). Remember to store them, not only on the physical object but also in the cloud for greater reliability. Make sure you can quickly access them in an emergency. And also pay more attention to digital literacy inside the company. For example, by introducing cybersecurity awareness training for your employees

Installing all security updates as soon as they are available. Always update your operating system and software to eliminate recent vulnerabilities

Carrying out a cybersecurity audit of your networks and remediating any weaknesses discovered in the perimeter or inside the network. Enabling ransomware protection for all endpoint, and remembering that ransomware is a criminal offence. If you become a victim, never pay the ransom. It won’t guarantee that you will get your data back, but it will encourage criminals to continue their business. Instead, report the incident to your local law enforcement agency.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Three Cybersecurity Challenges Triggered by COVID-19 Lockdown

April 18, 2021

The global COVID-19 pandemic disrupted the everyday operations of businesses and as a result, the cyber risk still remains a grave concern as many business practices have been compromised. The ZA Central Registry organisation, which is the administrator of South Africa’s .za domain name, recently warned that South Africa is a global target for international fraudsters and cybersecurity measures are more important now than ever before.

“It is essential for businesses to be aware of the nature of these cybercrimes and technology countermeasures to protect their businesses, especially when considering the cybersecurity challenges that have occurred during lockdown”, says Riaan de Villiers, Cybersecurity Expert and Business Analyst at LAWtrust.

Here’s a Quick Look at the Top 3 Cybersecurity Challenges Triggered by Lockdown:

An increase in cybercrime attacks: Cybercriminals are increasingly targeting users working from home, hoping to compromise their credentials that they can then reuse to gain access to the user’s corporate network.

Surge in demand for enhanced identity and access management: since many people have been working from home, interest in identity and access management solutions has surged. Identity and access management acts as a foundation for organisations to build an improved cybersecurity posture. It also allows IT (Information Technology) departments to implement multifactor authentication and single sign-on solutions across a range of approved I.T. applications.

Rise in Business Email Compromise (BEC): fraudsters are increasingly using email-based cons to catch unaware businesses off-guard. Business Email Compromise is a global phenomenon and a form of cybercrime that uses email fraud to target businesses, individuals and administrations.

“Cybercriminals have always been opportunistic but during the South African lockdown they have been especially persistent. To mitigate risk during lockdown, it is recommended to enforce virtual private network connectivity to corporate resources and implement multi-factor authentication as much as possible,” concludes de Villiers.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry