The following are the Public Notices issued by the Nigerian Communications Commission. By the publication of these notices in print, broadcast or online, the Commission seeks to inform the public of developments and upcoming actions relating to its activites and the Nigerian telecommunications industry.
As the National Cyber Security Awareness Month comes to an end, it is important to note that cyber threats are persistent. Therefore it is imperative to be aware of emerging threats and preventive measures.
Cyber Security is our collective responsibility as users of the internet, for general online security is only as strong as the weakest link. Over the course of the month the NMIS department has been publicizing different themes to increase awareness on cyber threats and ways to counter them.
General Notices on online etiquettes and use –
Week 1 of the NCSAM focused on general security guidelines and online etiquettes that consumers should practice while on the cyberspace. Some of the tips shared are
- Only make online transactions on secure sites that have HTTPS.
- Share with Care; think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you and others now and in the future. Etc.
These practices and many more shared will help protect yourself and others - remember, users who are lazy with their mobile device security become easy targets for hackers and other cyber criminals
Security Tips for Parents, Administrators and Children –
Week 2 focused on ways Parents, Administrators and Children protect themselves and others while using social media. The issue of cyberbullying was tackled and advice was given to Parents and Administrators on how to monitor children online.
Building Resilience - Trends, Risks and Safeguards –
For week 3 trends and online threats like online banking fraud, fake news and Ransomware where discussed and safety tips was provided.
Provisions of the Cyber Crime Act 2015 –
The Cybercrime Act objectives was discussed and some provision of the Act were highlighted. This is to notify consumers that there is repercussion to illegal activities online. There are thirty two (32) offenses and penalties in the Cybercrime Act 2015, some of which were highlighted.
Continuous education of consumers on online safety, through awareness and sensitization campaigns will be done to empower them. This will make them aware of both the positive and negative potentials available online and measures to take in safeguarding themselves.
It is always important to remember that Cyber Security is our collective responsibility as stakeholders in the cyberspace. We should please ensure that we follow all the safety tips and advice provided over the cause of the Nation Cyber Security Awareness Month (NCSAM).
The message was brought to you by the NMIS department of the NCC.
The Cybercrime Act was enacted into law by the President of the Federal Republic of Nigeria in March, 2015. The objectives of this Act are to:
- Provide an effective and unified Legal, Regulatory and Institutional Framework for the Prohibition, Prevention, Detection, Prosecution and Punishment of Cybercrimes in Nigeria;
Ensure the protection of Critical National InformationInfrastructure; and
- Promote Cyber Security and the protection of Computer Systems and Networks, Electronic Communications, Data and Computer Programs, Intellectual Property and Privacy Rights.
TRENDS, RISKS AND SAFETY TIPS
Society’s reliance on the internet for daily activities and transactions has left it open to risks of cyber-attacks. New trends are also constantly emerging in cyberspace accompanied by new online threats. Find below some of the trending online threats and tips to safeguard yourself against them.
Online Banking Fraud
The internet is now the favoured mode for performing financial transactions checking one’s bank balance, requesting for bank statements and cheque books, upgrading debit cards and even purchasing goods online. Most of the transactions are conducted via payment cards, debit and credit cards, and electronic channels, such as ATMs. Therefore, both private and public banks as well as other financial institutions are becoming increasingly vulnerable to sophisticated cyber-attacks.
Safety Tips for Online Banking
- Onscreen Keyboard: This would be the easiest way to protect your password from being recorded by key-loggers, especially at public terminals. All banks have this option available to input username and password. A key-logger, which can be hardware or an application installed on the computer, records and passes on information about the keyboard taps you make. Using this information, it would be easy to find your username and password. While software loggers are hard to spot, hardware loggers will have to be an attachment to the terminal. However, know that an on-screen keyboard is not fool-proof by itself.
- Browsers save pages you have viewed on your computer so that it can be accessed quicker if you wish to view it again, such as when you use the 'back' button. By clearing your cache after visiting your net banking account, you make sure no one else can view the confidential information you have viewed.
- Also, don't select the option on the browser that stores or retains user name and password, i.e. auto complete. It wouldn't take too long for a program to get that information from your browser.
- Keep your operating system and browser up-to-date with the latest security patches. Install these only from a trusted website. Apart from public terminals, also avoid locations that offer online connections through wireless networks (Wi-Fi), where privacy and security are minimal.
- If you have a computer at work running on a big network, it is likely that it is much safer than your home PC. Its level of security can be measured (roughly) by how strict the limitations are on its use.
Deliberate sharing of wrong information by people with huge followership on social media. Certain sources are known to play it fast and loose with headlines and facts. Others make up stories altogether.
Tips for recognizing fake news:
- Look at the tone of the articles on a website to get a sense of what kind of stories it produces. If featured stories are about aliens, miracle cancer cures and the like, you’ll get a sense of the seriousness of the publication, which is a good indication of its integrity.
- When checking the legitimacy of a news story, consider this:
Search keywords from the story and topic on a search engine. What results come up? If legitimate sites are running the same story, it’s likely true. But if all the search results you find cite the same original source where you found the initial story, which may be a red flag.
- Check if the address of the website has an odd domain name. Other tricks include incorporating a real website’s address into its address, such as cnnrealnews.com instead of cnn.com. Another is nearly using the name of a legitimate news site but misspelling it.
- One of the biggest ways fake news sites have been effective is by tapping into people’s fears and emotions. Many fake news stories purposely play on fears and anxieties, knowing that doing so will make people follow their emotions. Take a deep breath, step back and evaluate what you’re reading and who is writing it.
This is a malware software that is sent to user’s computers to hold the computers hostage. An example of such, is the wannaCry ransomware attack that was targeted at computers with Microsoft operating systems by encrypting data and demanding ransom payments in the bitcoin currency.
Safety tips on Ransomware:
- Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
- Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
- Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from your service provider. Be sure to contact your service provider if you or your family or friends receive suspicious calls.
- Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
Week 2 will focus on the following theme:
SECURITY TIPS FOR PARENTS, ADMINISTRATORS AND CHILDREN
Social media is a term for the online platforms that people use to connect with others, share media content, and form social networks. E.g. Facebook, Twitter, What’s App and Instagram. Social media is part of the daily lives of young people as it has many benefits but also some risks. Below are tips to keep in mind when using social media.
• Be careful what you put on social media. Once it is out there you cannot take it back.
• Never accept invites or friend request from people the child doesn’t know.
• Do not clicking on pop-ups. Some pop-ups that seem safe can lead to pornography sites or ask for personal or financial information.
• Report any strange activities noticed online to a trusted Adult.
Cyberbullying is a form of bullying or harassment using electronic means - it is also known as cyber harassment or online bullying.
It has become increasingly common, especially among children and teenagers. Harmful bullying behaviour can include posting rumours, threats, sexual remarks, personal information, or derogatory labels (i.e. hate speech).
There are various forms of cyber bullying:
• Exclusion – is when a child is excluded from online activities.
• Harassment – is when abusive or threatening messages are intentionally sent to a child.
• Outing – is the public embarrassment of a child through online posting of private information without consent.
• Cyberstalking – is when attackers harass victims through online communication mediums such as emails or social media.
• Fraping – is when an individual logs into a child’s social media account and impersonates them by posting inappropriate content.
• Dissing – is sending or posting damaging information about a child online to tarnish their reputation.
• Trickery – is the act of gaining the child’s confidence so they reveal private information online without the child’s consent.
• Trolling – is the deliberate act of provoking a response through the use of insults on social media.
• Catfishing – is stealing a child’s online identity to recreate an online profile for deceptive purposes.
Please monitor your children closely to ensure they are not being bullied.
ADVICE FOR PARENTS
• Secure browsers by adding parental controls – The browsers used by children should have parental control features on or child friendly browsers should be installed.
• Monitor your child’s browsing history - Children should use the computer and especially the Internet only after asking prior permission from an adult. Parents should make it a habit of monitoring their children’s browsing history when the internet is used unsupervised. Parents can keep track of their children’s online activities by doing the following.
i) Become familiar with the sites your child visits.
ii) Keep computer and devices in public areas where the child can be supervised.
iii) Always have a security software installed and up to date.
• Parents should always make it a habit to know their children’s passwords to monitor their online behaviour.
• Always have the privacy setting on the computer set and the parent control features on both the computer and the browsers activated.
• Empower your children to handle issues - Teach children how to handle online issues such as bullying, unwanted contact, or hurtful comments. Work with them on strategies for when problems arise, such as talking to a trusted adult, not retaliating, blocking the person, or filing a complaint.
ADVICE FOR ADMINISTRATORS
• All activities should be supervised - Administrators should always supervise their student’s online activities, this can be done by monitoring the student’s online history and also by keeping up with the online trends amongst young people.
• Raise awareness on internet safety - students are not just accessing the internet from school, they may be accessing it at home or with friends, and may not be supervised. Hence schools should provide internet safety awareness sessions.
• It is your responsibility as an administrator to be a role model to your students online. Always ensure your online presence reflects a positive image - don’t post anything online that you wouldn’t want students or their parents to see.
• Raise awareness on cyberbullying –
i) Ensure every student understands what constitutes as cyber bullying and its different forms.
ii) Set policies to deter them from engaging in the act.
iii) Have an open relationship with the students to encourage them to report cyber bullying.
iv) Address all cyber bullying or internet safety concerns.
• Computer administration (admin) rights should be restricted on school computers to prevent students and teachers from by-passing security programs and safety measures.
• Routinely verify that only authorized personnel have admin rights on school computers to ensure software programs are not installed which could compromise the network security.
• Get parents involved – Schools should get parents to understand the need for Internet safety at home and at school. Schools can do this by providing parents with newsletters, tips, and tools for improving Internet safety at home. Inform parents about the latest application controls and filters, and encourage them to participate in their child's online safety by monitoring activity.
The Nigerian Communications Commission in exercise of its functions under the Nigerian Communications Act 2003 (the Act) published the Draft Internet Industry Code of Practice on its website for stakeholders’ comments.
In accordance with the Act, a Stakeholders’ Forum in respect of the draft document (https://ncc.gov.ng/licensing-regulatory/legal/other-documents) has been scheduled to hold on Friday, November 2, 2018 by 11am at the Nigerian Communications Commission Head office, Plot 423 Aguiyi-Ironsi Street, Maitama, Abuja.