Osbert Kanyesigye, the Product Manager at InfoSec Technologies Ltd advises that one should avoid using the same password across many accounts and should also not feature known details about themselves like name or birthday or their spouse’s name.
Most often, people use passwords to protect information on their computers, emails, online banking, among other computer related activities and programmes. But in this age where there are myriad tech-savvy individuals, simple passwords are no longer enough to safeguard your information and accounts.
They can be cracked and such cases are what are regarded as cybercrimes. Cybercrime is any form of misconduct committed on the internet or by use of computers with a major aim of defrauding or stealing from users.
Thus, it's advisable to come up with a stronger and complex password with special characters that cannot be easily guessed or cracked.
Osbert Kanyesigye, the Product Manager at InfoSec Technologies Ltd advises that one should avoid using the same password across many accounts and should also not feature known details about themselves like name or birthday or their spouse's name.
"Attackers always try to guess the password. For sensitive online transactions like online banking, it's advisable to employ two-factor-authentication where you don't only depend on the username and password to log into your account but also use a one-time password (OTP) which is usually sent to your phone in real time to give you access to the virtual account.
Most banks like Standard Chartered are already employing two-factor-authentication for their online banking clients," he says.
Kanyesigye advises that when buying goods online using one's credit/debit card, it's always secure to first verify whether the site where they are purchasing goods from is a genuine site.
"This can be done by checking whether it has a Secure Green Mark which is located on the left side of the web address like (Secure: https://example.com).
You can click on the Secure Mark to verify whether the merchant is genuine. Once you insert your credit card details to the wrong merchant, they can always use them to steal money from your card," he cautions.
Debit/credit cards have all the information on the card that completes the transaction online including the security code.
This is a three-digit number usually on the back of the card. It is advisable to redact it and just keep it in your head. In case your debit card lands in the wrong hands it can be used by anyone to make online transactions since all the information required to complete the online transaction is on the card.
When inserting a mobile money (Personal Identification Number) PIN, one should always make sure no one is looking over their shoulder since the PIN is typed into the PIN field in raw digits.
"I believe the telecom companies still have a lot to do here as far as technology is concerned to protect the users," Kanyesigye states .
Online Fraud / Malware
We receive a lot of emails from people unknown to us with links and attachments usually carrying a luring message like an investment proposal or someone willing to help you with money or partner with you.
"When you click on the link or try to download the attachment, malware or a bot agent is automatically and silently installed on your computer without your knowledge. This agent can always be remotely controlled by the attacker to do anything on your computer or even use your computer to attack another computer once connected to the internet," Kanyesigye explains.
This, according to him is the same technic that was used to attack the Hillary Clinton campaign manager during the 2016 US general elections when a link was sent in disguise of an IT Technician asking him to click on the link to change his password.
"The remedy here is to first check the email sender ID. If it looks fishy or if you don't know the person, go through the message. If it's irrelevant, ignore or ask an IT technician to open it from a more secure computer," he advises.
Another remedy is to always make sure that you have up-to-date Anti-Virus installed or up-to-date firewalls configured for enterprises.
What NITA-U is doing
The National Information and Technology Authority - Uganda (NITA-U) indicates that as Uganda moves into the e-government era, there is need to secure transfer of information for citizens, public and private sectors.
NITA-U has put in place the information security framework to provide Government with the necessary process, policies, standards and guideline to help in Information Assurance.
Furthermore NITA-U through various stakeholders has operationalized the National Information Security Advisory Group (NISAG) to advise on information security governance, risk remediation planning and response.
Incident Monitoring and management
With the rampant cybercrimes, the national computer emergency response team (CERT) has been established to serve the government of Uganda by helping to protect the critical information infrastructure.
The national CERT plays a key role in coordinating incident management with the relevant stakeholders at national level. One can therefore report an incident on https://www.cert.ug/
NITA-U in collaboration with the Internet Watch Foundation (IWF) put in place the ‘Child Sexual Abuse Reporting Page'-OSCARP www.report.nita.go.ug an online mechanism where citizens in Uganda can report online child sexual abuse material.
The portal will be able to support tracing and take down of harmful content, rescue of victims as well as assist in investigations to prosecute cyber criminals.