PRIVACY ISSUES AND CYBERSECURITY AWARENESS FOR STAFF AND STUDENTS OF FEDERAL POLYTECHNIC NEKEDE, OWERRI, IMO STATE.

PRIVACY ISSUES AND CYBERSECURITY AWARENESS FOR STAFF AND STUDENTS OF FEDERAL POLYTECHNIC NEKEDE, OWERRI, IMO STATE.

PRIVACY ISSUES AND CYBERSECURITY AWARENESS FOR STAFF AND STUDENTS OF FEDERAL POLYTECHNIC NEKEDE, OWERRI, IMO STATE.

Cybersecurity Year

2017 is globally recognized as Cybersecurity year: a time to raise awareness and improve education about cyber threats, as well as promote the work being done to facilitate better management and prevention of cyber attacks. Not many of us will leave our houses or cars unlocked or valuables unattended but when it comes to information we tend to be less careful.

Lets take a look at the phone hacking scandals, many of the victims left their passwords on the factory default settings (password), which made it easy for hackers. It shows we need to be more careful with information about ourselves and the ones we manage for others.

This is what you need to know about information security

We store important information on our phones, computers, tabs etc but yet we don’t treat the devices housing the information with care.

What if this information gets into the wrong hands? We are faced with embarrassment, inconvenience, public scandal, and dismissal. Information security is about being more aware of the risks we are taking.

Personal information may seem unimportant to you but to a criminal it might just be a key to success.

First line of defense

  1. Don’t make your password easy to guess, use at least 8 characters with no dictionary words, combine Upper & lower case, numbers & special characters.
  2. Change immediately should someone find out because, you’ll be liable for actions from your account.
  3. Never share your password with anyone.
  4. Avoid writing down your password
  5. Avoid using your Email passwords on social media, shopping sites, banks or across other sites.
  6. Old passwords run the risk of compromise. Change them regularly.
  7. Do not open mail attachments from untrusted senders.
  8. Do not install pirated, unapproved or unlicensed software on your computer
  9. Ensure your contacts are who they say they are before trusting with your information
  10. Limit the handful of personal information, interests and dealings you post on Internet.
  11. Encrypt [encode] sensitive data on all your devices.
  12. Never for once let your laptop be out of sight
  13. A regular Update of antivirus on your laptop.

NOTE: When using your ATM cards online, ensure that the https:// is available.

Credit card is the prime target of criminals so ensure the person behind you isn’t watching while putting your code.

 

ELECTRONIC SURVEILLANCE WHY MTN, GLO, FACEBOOK, YAHOO AND GOOGLE WON’T PROTECT YOU FROM THE BIG BROTHERS.

In movies, we see surveillance as a difficult and intensive task for the police or detectives. Imagine a police officer climbing a telephone pole to attach a couple of wires just to intercept a phone line or imagine an EFCC officer listening to phone conversations just to monitor and eavesdrop on the bad guys. This is of course how surveillance was done a few years back but nowadays it is as easy as switching on your mobile or other devices.

 

Modern surveillance now takes effect from the comfort of an Air-conditioned room, Executive swivel chair with hot coffee on your table. Someone typing on the keyboard performs the surveillance itself with few keystrokes.

WHOSE FINGERS ARE BEHIND THE KEYBOARD?

It’s not the police; in fact, it’s the employees working for whom we entrusted our private data. Search Engines, social networking sites, and Telecommunication companies. These companies have teams that do noting but respond to Government’s surveillance requests.

Sprint, the third largest telecoms company in the U.S.A has more than 110 employees who do nothing but respond to government surveillance request, Facebook has 25 employees who do noting but respond to government surveillance request. Facebook is the most popular APP but isn’t the site a bit too savvy? A topic you just talked about will find its way into your Facebook feed, is that a coincidence? The microphone on your phone is really selling out your secret. Most of us are not aware that when our Facebook is on and the microphone setting is set to on, our conversations are heard loud and clear. The theory was tested, pls visit https://www.youtube.com/watch?v=ZBX5PKvkbXA

The site itself admitted that it uses your microphone to identify the things you’re listening to or watching. Make sure you remove Facebook from your microphone setting.

Our modern surveillance status would not be possible without the willing assistance of these companies. We are spied on because they help.

What does this mean? 15-20 years ago, if EFCC or FBI had wanted to trail someone, to watch where they go 24hours a day, monitor their activities, they would have needed a team of 10 to 20 agents, few vehicles etc. 24 hours surveillance requires 24 hours surveillance team with lots of agents and lots of salaries.

In the days of scarce surveillance resources, the government had to figure out who is a high priority for surveillance but with modern surveillance, it’s no longer the case.

Modern surveillance is cheaper and more efficient. Technology Companies make everything more efficient and cheaper. Today, a police officer can monitor over 200 people from the comfort of his office with individual location in real time with services provided by telecommunication companies.

Sprint (Cell phone company in America) for instance, has a website that can provide you with an individual’s location with just $30 a month. Last year, sprint announced that since its setup, its been used over 8,000000 times.

Verizon one of the largest in the world revealed that in 2007 over 80,000 requests per year for user data from law enforcement agencies.

Google is probably the most transparent company in the industry, for that, we should thank Google. Google has a transparency report site (https://www.google.com/transparencyreport) designed for its users which provides aggregate detailed information breaking down surveillance request every 6months showing requests from the law enforcement in different countries including Nigeria.

One thing we should know, with the way most laws are written; companies cannot turn down government surveillance requests. When the request comes in, the data goes out and money gets to the company. The norm in the industry is not telling users about the request for their data.

All social media store the data of individuals including who you are, where you are searching from and the kind of information you seek. The trend in Silicon Valley (home for world’s largest high-tech corporations, located in the northern part of USA) is to store as much data and try to monetize it later.

Most widely used free apps are furtively stealing personal information stored on users’ mobile phones and tabs.

According to the Threat assessment report of some group of cybersecurity experts, 60% of the free applications in the Google Play Store perform functions that surpass the basic needs of what the apps should be executing.

These seemingly harmless apps, which have accumulated several billion downloads, have put the privacy and security of users at risk simply by requesting overzealous permissions that users unknowingly adhere to.

These telecommunication and application developing companies keep our private data that would eventually get its way into the government’s hand. Why? Because the dominant business model in Silicon Valley (home for world’s largest high-tech corporations, located in the northern part of USA) is to provide free services to consumers in exchange for their personal information. These companies give us access to fantastic social networking services, free Email, web browsers and free apps in order to collect our data and monetize them. USER DATA GOES IN, PROFIT COMES OUT.

Personal data being gathered on the worldwide web means bigger profits for the private sector and is also being shared with the police, argues Steve Rambam, founder and CEO of Pallorium Inc., an international online investigative service. ­At a time when electronic gadgets and hi-tech innovations dominate our lives, violating privacy and mining people’s personal data is easier than ever. The damage that this 24-hour surveillance could do to society and its freedoms is overwhelming.

If you keep data for the purpose of data mining and analytics, there is noting you can do to stop the government when they come in to ask for the data. So companies have to choose between privacy and the business model.

 

So does keeping, mining and monetizing our data over privacy make these guys evil?

Personally, I don’t think this makes them evil but I do think we have to acknowledge that they made a conscious choice in choosing between privacy and the business model.

MTN, GLO ETISALAT also keeps records of phone calls, text messages, all locations visited for a long time. These Telco’s don’t need to mine private user data to subsidize the service as they make more than enough profit to protect user’s data but they give out those details to the government when the request comes. They are all embedded with government agencies so you can’t get any privacy protection. The services here are been paid for but for free services, there will always be a clash between business model and privacy. If we want privacy from Facebook, yahoo and App developers, we have to start paying for the service.

Tips on how to improve privacy and security on your device: from eavesdroppers and help you from getting infected with spyware that could cost you your identity.

Going forward, users are recommended to follow a number of best practices that optimize both their privacy and security on their mobile devices.

Most importantly, users need to begin to look more closely at the permissions their apps request of them. We should use common sense to ask whether a particular app really needs access to the information it wants. If it doesn’t, we’re better off doing some research online and looking for safer alternatives. Applying common sense most times is all we need protecting our online identity, data and devices. It is up to us to take up the responsibility.

Some useful Tips:

Tip 1.    Disable your GPS at all time except in an emergency or when you need to use your smartphone for navigation purposes;

Tip 2.    Disable your NFC (Near Field Communications) or on Apple devices, iBeacon, unless you need them enabled for critical applications (http://support.apple.com/kb/HT6048);

Tip 3.    Disable Bluetooth at all times except when you are in your car, driving, if you want to have hands-free calls, if supported by your car;

Tip 4.    Verify Apps behavior and privacy risk BEFORE installing – do some research and ask the questions “why does this app need GPS, MICROPHONE, WEBCAM, CONTACTS, etc.?” – most apps don’t need these ports unless they want to invade your privacy. Find an alternative before installing risky Apps;

Tip 5.    Either put masking tape over your webcam and microphone when not in use or pull the battery out of your smartphone when you are not using it.

Obviously for #1, there’s no need for geolocating you, unless you don’t mind being spied upon by

these malicious apps – or worse – your children’s location being monitored by online predators. Best to keep this hardware port disabled until you really need it.

For #2, you’re probably wondering “what the heck is NFC and why should I care? ”. Well, it’s a new protocol for ‘bumping’ or getting close to other devices, within 3 meters or so, to exchange information such as photos and contacts. Is it secure? No. Can it be hacked just like Bluetooth? Yes. Go into your device settings, find NFC, if you see it, disable it.

Ok, for #3, you’re thinking ‘that makes sense’ – Bluetooth is an easily hacked protocol and folks can eavesdrop on communications over Bluetooth; broadcast into your earpiece (yes, it’s been done); access your contacts list and hack your smartphone device over Bluetooth. So, if you disable this protocol everywhere except when you are in the car, wanting a hands free experience for making and receiving calls, you should be much more secure.

For #4, how many times do you install a free app with excitement about promised features and functions, only to find that it requires incredible privacy risk? If it’s too good to be true it probably is and nothing in this world is free.

There are 9 major advertisement networks and some deploy spyware. Some free apps use these networks to monetize their businesses and some are developed by professional cyber criminals, enemy nation states for spying or by hackers for malicious reasons.

#5, There’s really nothing you can do to block webcam and microphone eavesdropping, so why not make it hard for the bad guys to see or hear anything useful? SOLUTION: Some of the free Apps write settings and have access to your device storage; it may be to install additional backdoors or remote access Trojans (RATs). Therefore you might need to reset your phone completely after an uninstall of your favorite App. Some might even wish to go to FACTORY RESET or a WIPE. Once you’ve cleaned off the App RAT, you might still want the right app on your phone that you can trust, make sure you follow the rules. What about Apple iPhone and iPad or Microsoft WindowsPhone apps? The apps pre-installed on the Apple iPhone appear to be safe. However in both the iTunes store and on the Windows Phone app store, Most 3rd party apps access various hardware ports. The ports they access while they are running includes Webcam, Location Services, using your GPS and other coarse location based Internet. In addition, they use your Internet connection. The good news is that on these two operating systems apps like this cannot hide in the background. The bad news is when you download some Apps on these two platforms, they are still building up a profile on users including your location, and are able to send and receive information over the Internet – totally unnecessary for a basic App.

WARNING: Don’t reset or wipe without backing up ONLY those contacts and files you are certain to trust. If you do a complete device backup and restore, you risk also restoring malware. Ask a friend who is an expert with your kind of phone or contact the ICT unit, you may also wish to contact the staff at the store you purchased your smartphone or tablet on how to do this the right way.

UNINSTALLATION INSTRUCTIONS for Android Apps: 1. Visit your device’s Settings menu > Apps or Application manager (this may differ depending on your device). 2. Touch the app you’d like to uninstall. 3. Select Uninstall.

The management of Federal Polytechnic Nekede, recognizing the importance of information security and privacy in the repositioning of the institution both nationally and internationally did not shy away from offering full support and material empowerment to those responsible for information security management.

As a step in a positive direction in protecting the Staff / Students’ data & information exchange, and in order to free up strained Server resources, we decided to partner with Microsoft. The platform provided by Microsoft for information exchange is based on ISO 27001 framework with built-in malware and spam filtering capabilities that help protect inbound and outbound email messages from malicious software and help protect staff and students’ data from spam and hackers. The partnership will provide a platform for the customized fpno.edu.ng domain for all staff and students e.g. rector@fpno.edu.ng

We saw the partnership with Microsoft as a great way of combining institutional system with technology that the staff and the new generation of students were most familiar with. The Microsoft collaboration platform is designed to help meet our Institution’s needs for content security and data usage compliance with legal regulation.

 

Prepared by ICT

KNOWLEDGE AND SKILL FOR SERVICE.