October is the national cybersecurity awareness month. To celebrate and carry out awareness as Stract Consulting, we have four areas to ensure a safer cyberspace for Kenya. These are:
- Making the home digitally safe
- Demonstrating the careers and capability for our service offering
- Ensuring an effective cybersecurity awareness and training program
- Safeguarding our nation’s critical infrastructure.
Week one Make Your Home a Haven for Online Safety
- Make sure your Wi-Fi is secure, that is a password is required to ensure information is encrypted. Change the default password provided by your service provider
- Make sure your devices are secure. Don’t download apps from insecure sources, keep your devices updated. Always ensure review the apps running on your devices if they are still valid
- Keep your password safe. Not just passwords, also PIN, patterns etc. Also note that most so called “Kamiti Scams” will try and exploit your trust and will lure to give personally identifiable information such as date of birth, ID details, account balances etc.
- Keep backups. Chances are high you will lose your devices, so if possible carry out backups for your most cherished information. There are many providers such as Google and Apple that provided affordable backup services that you can subscribe to on their cloud.
- As children connect to online services be careful on what they are exposed to, talk to the Communications Authority of Kenya, @CA_Kenya on their Child Online Protection Measures, https://squad.wpp-scangroup.com/2018/cop/images/docs/COP%20Booklet.pdf
- Protect your social accounts. Use two factor authentication. This is typically where an additional authentication measures is required in addition to a password, such as code being sent to your phone. See examples in our blog https://www.stractconsult.com/blog/
- What if you are hacked? First, if you can log in, do so immediately and change your password. Try and contact the service provider. Monitor your credit cards and account statements. You can also contact us https://www.stractconsult.com/pages/contact-us/
Week Two Educating for a Career in Cybersecurity
- Need ICT Audit? This is an independent audit on IT governance, access to programs and data, computer operations and In summary, it gives you an assurance of your overall ICT investment. https://www.stractconsult.com/blog/service/information-systems-audit/
- What is penetration testing? Have an expert attack your systems in a manner in which a malicious attacker would do but with safeguards in place to ensure you can correct any weaknesses in your systems. https://www.stractconsult.com/blog/service/it-security/
- Cybersecurity training and awareness – Did you know that 91% of Cyberattacks begin with a spear phishing email. Talk to us about how our partnership with @KnowBe4 is enabling leading organizations improve their “human Firewall” https://www.stractconsult.com/blog/service/information-security-awareness/
- Any question on cybersecurity? Chances are high we have an answer, including managing your endpoint, perimeter security or compliance with increasing sets of regulation talk to us https://www.stractconsult.com/blog/service/it-security/
- One of the biggest challenge is having skilled cybersecurity professionals. Talk to us about upskilling your technical teams through on-demand labs with hands-on practical. This is captured in the ISACA state of cybersecurity report 2018 https://cybersecurity.isaca.org/state-of-cybersecurity
Week Three Everyone’s Job to Ensure Online Safety at Work
- Organizations should learn to identify their assets, the third parties they connect to and what are the industry threats. A cybersecurity governance frameworks should also be in place.
- Protect your systems by patching your systems, using strong authentication, backup and disaster recovery plan, least privilege access, continuous awareness and phishing to your users, https://www.stractconsult.com/blog/service/cybersecurity-consultancy/
- Detect cybersecurity incidents in a timely manner. Review suspicious emails, talk to us about log correlation tools, review your physical security environment, https://www.stractconsult.com/blog/service/cybersecurity-consultancy/
- Some attacks will succced, so learn to respond to them in a timely manner and mitigate their impact. Disconnect and isolate affected systems, utilize your backups, notify regulators, law enforcement and other stakeholders. Talk to National KE Cirt, @KeCIRT https://www.stractconsult.com/blog/service/cybersecurity-consultancy/
- Recover from a cyber-attack to full restoration of your systems, document the root cause of the incident and lessons learnt, improve your processes and cybersecurity capabilities, review the reputational damage https://www.stractconsult.com/blog/service/cybersecurity-consultancy/
Week four Safeguarding the Nation’s Critical Infrastructure
- We need to learn to secure our critical infrastructure. Learn about the Nation state Actors, are responsible for highly targeted attacks carried out by extremely organized state-sponsored groups. Their technical skills are deep and they have access to vast computing resources.
- Cyber resilient organizations are those who are aware that attackers can come in from various sources such as phishing, hacking and even having insiders within your organization. Read the interesting story of the Russian Interference with the US election here. https://www.stractconsult.com/blog/nation-state-actor-the-case-of-russian-interference-with-the-us-election/
- Learn about the Computer Misuse and Cybercrime Act whose objective is to enable timely and effective, prevention, detection, prohibition, response, investigation and prosecution of computer and cybercrimes in Kenya, https://www.stractconsult.com/blog/the-computer-misuse-and-cybercrimes-act-2018/
- Learn about EU’s General Data Protection Regulations (GDPR) that prescrives fines up to €20 million or 4% of your worldwide turnover for the last 12 months.
- Get to know about the Various Central Bank of Kenya Regulations on Cybersecurity that provides for proper cybersecurity governance, assessments both internal and external and proper cybersecurity awareness. https://www.stractconsult.com/blog/guideline-note-on-cybersecurity-for-psps/