CyberSecurity

The Nigerian Communications Commission (NCC), being the nation's premier communications regulatory agency under the Federal Ministry of Communications, Innovation & Digital Economy is mandated to work with all stakeholders to ensure a secure cyberspace that is safe for the operators and consumers of communications services and infrastructure in Nigeria.

In alignment with its mandate, the Nigerian Communications Commission (NCC) employs a multifaceted approach to address the evolving challenges of cybersecurity in Nigeria. This approach encompasses not only reactive measures, but also proactive strategies aimed at anticipating and mitigating emerging threats. By fostering a culture of continuous improvement and innovation, the NCC seeks to stay ahead of cyber adversaries and minimize potential disruptions to the country's communications infrastructure.

Furthermore, the NCC recognizes the importance of public-private partnerships in strengthening cybersecurity governance and fostering collective resilience. Through collaborative initiatives with industry stakeholders, including telecommunications operators, internet service providers, and technology companies, the NCC promotes information sharing, capacity building, and joint initiatives to combat cyber threats. By leveraging the expertise and resources of both public and private sectors, the NCC aims to create a coordinated and cohesive cybersecurity ecosystem that can effectively respond to and mitigate cyber risks. Through these collaborative efforts, the NCC endeavors to uphold its mandate of ensuring a secure and trusted cyberspace for all stakeholders in Nigeria's communications sector.

The following details the news, structures, projects and activities being undertaken by the Commission to secure Nigeria's cyberspace.

NCC CSIRT

NCC Computer Security Incidence Response Team (CSIRT)

The Nigerian Communications Commission has established a CSIRT for the telecommunication industry, the NCC CSIRT provides its constituency with services and support surrounding the prevention and management of potential cyber security related emergencies.

The Overall function of the NCC CSIRT is to respond to computer security incidents to regain control and minimize damage, providing or assisting with effective incident response and recovery and inhibiting computer security incidents. The NCC CSIRT Team will collaborate with the National CERT (ngCERT) at the office of the National Security Adviser.

The NCC CSIRT is actively engaged in proactive measures such as conducting vulnerability assessments, threat intelligence gathering, and promoting cybersecurity awareness campaigns within the telecommunication industry. By identifying potential vulnerabilities and educating stakeholders on cybersecurity best practices, the NCC CSIRT aims to pre-emptively mitigate risks and strengthen the resilience of Nigeria's telecommunications infrastructure. Through these proactive initiatives, the NCC CSIRT demonstrates its commitment to not only responding to cyber threats but also preventing them from occurring in the first place, thereby fostering a safer and more secure digital environment for all.

CSIRT Incident Response Form

Hide Standalone View

Off

CyberSecurity Projects & Activities

National Cyber Security Awareness Month (NCSAM)

October is Cybersecurity Month, and we're committed to raising awareness and promoting cybersecurity best practices! Stay tuned for upcoming events and information sessions dedicated to enhancing your digital security. From tips on safeguarding your personal information to insights into emerging threats. Together, let's build a safer online environment for all. Keep an eye on this space for updates throughout Cybersecurity Month!

#NCCBeCyberSmart #StaySecure #CyberAware

Banking & Email Safety Tips

Internet Banking Safety Tips

Never log on to your Internet or Mobile Banking using public WI-FI, your data can easily be stolen my malicious persons using the WI-FI Access.
Never open your internet banking by clicking a link, rather type in the banks URL manually to avoid being taken to a clone site where your data can easily be stolen.
Always use two-factor authentication password for sensitive data such as your internet banking- This will give you an added layer of security for your data.
Always have your internet/mobile baking Apps up to date as required.

Email Safety Tips

Do not open emails from unknown sources. Also, if an email looks suspicious it usually is do not open it.
Always look out for grammatic typo on the email, this is usually a sign that the email is fake.
Be careful when you download- Do not open or download attachments from someone you do not know, even if the sender is familiar. This might contain a virus or malware that will infect your device once opened.
Use Spam filters on your emails, this helps to keep spam emails away from your main inbox.
Always report any suspicious activities on your email to your organisations IT department, they will advise you accordingly.

Protecting Your Data Online

How to protect your data Online

Here are a few tips on how to protect your data:

Backup your data; this helps with retrieving back data when your device is stolen, lost, or compromised.
Encrypt confidential information.
Create strong passwords and make it a habit to change it often.
Install Antivirus and Anti malware protection - this places a security layer for devices.
Always have your device software up to date.
Turn off your Bluetooth when not in use, as it can be used by attackers for malicious activities.
Set up privacy settings on all devices and social media.
Regularly check and update permissions on applications on all devices.
Always keep your firewall settings on.
Do not save passwords on your browser.
Remember to always lock your devices when they are not in use.

How to Protect against Phishing Attacks

Here are a few tips on how to protect against phishing attacks:

Be Skeptical: Exercise caution when receiving unsolicited emails, especially those requesting personal or financial information.
Verify URLs: Hover over links in emails to verify their legitimacy before clicking on them, and be wary of shortened URLs.
Use Multi-Factor Authentication (MFA): Enable MFA whenever possible to add an extra layer of security to your accounts.
Educate Employees: Provide cybersecurity awareness training to employees to recognize phishing attempts and report suspicious emails.

How to Protect against Phishing Attacks

Here are a few tips on how to protect against phishing attacks:

Be Skeptical: Exercise caution when receiving unsolicited emails, especially those requesting personal or financial information.
Verify URLs: Hover over links in emails to verify their legitimacy before clicking on them, and be wary of shortened URLs.
Use Multi-Factor Authentication (MFA): Enable MFA whenever possible to add an extra layer of security to your accounts.
Educate Employees: Provide cybersecurity awareness training to employees to recognize phishing attempts and report suspicious emails.

How to Protect against Identity Theft

Here are a few tips on how to protect against Identity theft:

Protect Personal Information: Avoid sharing sensitive information such as National Identity Number, bank account details, or passwords online unless necessary.
Use Strong Passwords: Create strong, unique passwords for each online account and consider using a reputable password manager to securely store them.
Monitor Financial Statements: Regularly review bank and credit card statements for any unauthorized transactions and report suspicious activity immediately.
Enable Account Alerts: Set up alerts for account activity to receive notifications of any unusual login attempts or changes to your account information.

Protection from Malware Infections

How to Protect against malware infections

Here are a few tips on how to protect against malware infections:

Install Antivirus Software: Use reputable antivirus software and keep it updated to detect and remove malware from your devices.
Update Software Regularly: Keep operating systems, applications, and firmware up-to-date with the latest security patches to address known vulnerabilities.
Exercise Caution with Downloads: Avoid downloading software or files from untrusted sources, as they may contain malware.
Scan Removable Media: Scan USB drives and other removable media for malware before opening files or transferring data to your computer.

Social Engineering Attacks

How to Protect against Social Engineering Attacks

Here are a few tips on how to protect against social engineering attacks:

Be Cautious with social media: Limit the amount of personal information shared on social media platforms to minimize the risk of social engineering attacks.
Verify Requests: Verify the identity of individuals making requests for sensitive information or access, especially if the request is unexpected or urgent.
Implement Access Controls: Implement strict access controls and authorization procedures to limit access to sensitive information and systems.
Train Employees: Provide regular training to employees on social engineering tactics and how to identify and respond to suspicious requests.

Data Breaches Projection

How to Protect against Data Breaches Projection

Here are a few tips on how to protect against data breaches projection:

Encrypt Sensitive Data: Encrypt sensitive data both in transit and at rest to protect it from unauthorized access in the event of a data breach.
Implement Data Loss Prevention (DLP) Solutions: Deploy DLP solutions to monitor and prevent the unauthorized transmission of sensitive data outside the organization.
Limit Data Access: Restrict access to sensitive data on a need-to-know basis and regularly review and update access permissions.
Monitor Network Traffic: Monitor network traffic for signs of unauthorized access or unusual activity that may indicate a data breach