Cyber Security: Protecting children and businesses from cyber criminals post-COVID

Kevin Omolo, is the Head of Technical Services at SGA Security.

Digital technology has been described as the ‘hidden hero of this unprecedented global crisis’ as the world adapts to the ‘new normal’ following the Covid- 19 pandemic. Thanks to lockdown, most households have become alternatives to remote workspaces and classes, play and participation for children. While this adapted concept has strengthened family bonds, it has led to the breakdown of boundaries between work and private life prone to cyber-attacks.

Kenya reported six million cyber-attacks in 2019, according to a recent report on the state of national security with more prevalence of crime incidents being attributed to hacking, insider threat, identity theft and web application attacks. Since March this year, cybercriminals have taken advantage of adults’ and children’s anxieties and fears that affected their social, physical, emotional and intellectual well-being triggered by Covid-19.

As the majority of people turn to the digital space for learning, working and digital business, children have been exposed to the underworld of social media platforms from popular Applications such as Tik Tok, Netflix, Roblox, Instagram and Facebook among others. This has led to the rising cases of teenage house-party gatherings, missing children, child sexual abuse materials, gaming, gambling, drugs and sexual abuse, connoting negative societal environment. Cyberbullies are using fake identities to lure children and adolescents to sexual, alcohol and drug abuse under the roof of their parents and caregivers, who are oblivious of what their children are up to. Some children are also bullied through comments and insults lifting the lid of intimidation, harassment and sexual exploitation.

Individuals and organisations also fall victims of theft of personal information, financial data and exposure of sensitive information making them easy targets to phishing and malware attacks. In most instances, there is no privacy as partners and children listen in on conversations or share computers, mobile phones and printing machines yet work for different organisations. Online users are tricked into revealing sensitive information. The social engineering scams or attacks maybe designed to trigger a response by exploiting any naturally sensitive information such as the current Covid-19.

In April 2020, tech giant Google reported that it is blocking 18 million coronavirus scam emails every day to prevent malicious phishing attacks.

Countermeasures for cybersecurity risks

Promoting digital hygiene is a collaborative effort for individuals, organisations and digital companies to take into account post-Covid era. Parents and caregivers have a role to play in staying extra vigilant on the usage of internet. Advise children to think before clicking any suspicious advertisements, emails, attachments or unknown online users trying to reach out to them. "Free is a great price, and anything above free creates a lot of friction in that process". While a parent can install parental control products to keep tabs on and limit child’s online exposure to inappropriate content, there are also built-in controls on most computers that parents can easily employ with just a few clicks.

Similarly, updating network security through robust controls over configurations at both ends of the remote connection should be implemented to prevent potential malicious use. For example, employees should not have administration rights on firm-owned notebooks and, security-hardened configurations. Up-to-date endpoint security solutions and connection security parameters should be set according to good practices by being locked, and the corporate remote access infrastructure should be tightly controlled. Security scans of devices establishing a remote connection are good practice and remote access should only be granted to compliant devices.

Firms should implement additional security controls for critical functions that are normally not allowed to work remotely. For example, users who perform such activities should only be able to connect using firm-owned and controlled devices that are fully patched and configured to a high level of security and sensitive data should not be allowed to be stored locally.

Cloud technologies are increasingly implemented and used to quickly deal with higher capacity needs using cloud-based software, such as Microsoft 365, that has been developed with security at the forefront.

Enabling multifactor authentication is also vital. This may be in the form of the traditional passwords together with use of one-time passwords shared through mobile phones. Remote access services and user profiles should be only activated when required. Where no business need exists, remote access should be disabled, to reduce the attack surface.

Teleconferences should be run on vetted platforms and protected from unauthorized access.

Teleconferences should be run on vetted platforms and protected from unauthorized access to prevent ‘Zoombombing’ and other video vulnerabilities. Carrying out a vulnerability assessment before large scale deployment is crucial for proper information security, for example using PINs and reconciling actual participants with the corresponding invite.

Internet Service Providers need to ensure that their learn-and-play environment is safe for online users, especially tech-savvy children. They should assist users in avoiding unmanaged routers and printers, unsecured Wi-Fi passwords and home automation systems.

In addition, government, cyber experts, educators and protection authorities should collaborate in adopting innovative technologies, such as Primero X App, an online and offline application launched recently by UNICEF and Microsoft UNICEF to protect unaccompanied and separated children from gender-based violence and offer psychosocial support.

Dissemination of online safety materials through cyber-security sensitization programs should also be incorporated in schools and media to promote good practices of internet usage. The quick shift of new remote learning models has the potential to the unvetted deployment of technologies which educators and students have not been fully prepared to use. The free tools and services online may be riddled with inappropriate advertising and user tracking, insufficient privacy controls and even malware.

The future is digital. It is therefore essential to educate and empower users, especially children, on the safe and responsible use of online resources and platforms in a bid to establish a culture of cyber-safety.

The writer, Kevin Omolo, is the Head of Technical Services at SGA Security and a PhD student of computer science, with interests in cybersecurity and computer forensics at the University of Nairobi.