‘Checking your account balance, paying bills and managing your finances… Nowadays, it is pretty normal to do all those things online…. But are you sure you do them in the most secure way?
Presently, cybersecurity or (insecurity) in Kenya is the single biggest threat to business in terms of the consumption and use of Information Communication Technologies (ICT).
Over the recent months we have seen a rise in cases of cyber-attacks such as ransomware and data leakage, some which have even gone undetected. One such incident that went viral on regional social media circles involved a leading Kenyan bank. A hacker was supposedly able to access through a data systems breach, more than 500,000 customers’ details, including names and phone numbers and which were then plastered on various online platforms.
Unfortunately, innovation has meant that hacking tools are now cheaper and simpler to use in marking out vulnerable targets. Serianu Limited, the publishers of the Kenya Cyber security report, notes that Kenyan companies lost over Kes 15 billion in 2015 through Cybercrime. On top of this pile of victim losses sits the public sector at Kes 5 billion, followed by the financial services sector at Kes 4 billion. Sadly, this scenario is not unique to Kenya, cybercrime has been on a steady rise globally. Another study by consulting house PwC, notes that the number of cyber security incidents across all industries grew by 38% in 2015 and which is the biggest increase in the 12 years since the global study was first published.
No doubt the mobile phone is the universal communication device of choice for many. The Communications Authority of Kenya notes that we have 39 million mobile phone subscribers in Kenya, 22 million who access and are constantly on the internet. A huge proportion of this fraction estimated at about 95% doesn’t have mobile security in place. This could very well mean that the smartphone is the single largest cybersecurity weakness we have today. With the advent of the Bring-Your-Own-Device (BYOD) culture, this could be true for both the individual and corporate users. This is a huge vulnerability gap considering that online and mobile transactions have become the most convenient ways of banking in Kenya through USSD short codes and Mobile banking apps.
Whereas banks may have invested heavily in ICT security systems, most Kenyans remain grossly unaware of the various cybersecurity threats that exist. Some of these include keylogging, Man-in-the-middle, Phishing and even ransomware attacks.
So how can you the consumer of online banking services ensure that you are not a vulnerable and easy target for hackers?
Teddy Njoroge, Country Manager for ICT security solutions company, ESET East Africa, says the first step would be for ICT professionals to obtain latest training on the prevalent risks in the market. Consumers, he adds would do much better for themselves by being proactive about their online security by keeping up with common cybersecurity threat solutions.
“These could be specific to the type of devices or platforms on which you access your online banking services. However, the important thing is to be aware of the potential risks and how to mitigate these in real-time, since it is very possible to detect unwanted intrusions such as phishing and ransomware scams”, says Njoroge.
Safer Online Banking principles
According to Njoroge, some key principles of safer online banking and payments to consider include using trustworthy devices and internet connections, while keeping the operating systems and software up-to-date. Not every internet connection such as public Wi-Fi at the coffee shop or a random network at any office is secure to be used for online banking or making payments. It is advisable instead to use a virtual private network (VPN) to keep your communications encrypted (unreadable) to anyone who may try to intercept them.
“Whenever you connect to your online account, use your own computer, tablet or smartphone as it is more likely to notice if any suspicious activity is going. Avoid using a borrowed or public device that might put your data, account or savings at risk”, says Njoroge.
But having a strong password is perhaps the first step in proactively securing your device and online banking access. One easy technique in developing a strong but simple password regime is ‘pass phrasing’ which simply means using a sequence of words or other text to control access to a computer system, program or data. However, it is doubly important never to reuse your password e.g. for your bank, social media and other accounts which can mean a total hack into each account in case it leaks from any one of them. To manage these, one can use a password manager that will store all of them and allow you to remember just one master password.
Similarly, to enjoy the internet and maximize protection while connecting to an online banking account, one should install a trusted security solution on their devices. This will preferably be a reliable, multilayered and updated security solution. For example, ESET Smart Security offers protection from multiple types of malware as well as malicious tricks that might be disguised as harmless emails or websites. Cybercriminals will try anything to access your sensitive data. They will pretend to be your banker, pose as an innocuous notification in your email, or ask you to change the password via a link added to that email you just received. If you get any message asking you to change your banking credentials or click on a link, contact your bank and verify this immediately.
“If your bank offers two-factor authentication (2FA) for your online account, use it. This way the bank can double check if it is you connecting or making a transaction by using something only you have – such as your personal smartphone”, advises Njoroge.
For those who check their online banking account less frequently, it is advisable to set up alerts and notifications to your phone. Having information about all the current transactions makes it easier to recognize any suspicious activity. When not using your online banking platform, ensure to log out every time to avoid ‘man in the middle’ type of attacks.