FAQs

Cyber Security

During the COVID-19 pandemic, is there an increased cyber security risk? Why?

Mauritius - BLC Robert & Associates

The effects of the COVID-19 continue to be felt across the world as the pandemic disrupts the health, economic, political and social systems. The social isolation policy has compelled organizations to have their employees work from home as a business continuity measure.

The shift in working environment has an impact on information security as digital tools (e.g., internet connection) available to staff as they work from home may not be as robust as those at the workplace.  There is therefore the underlying risk of cyber-attacks as cyber criminals could exploit the situation to access the employee’s computer resources.

Morocco - BFR & Associés

The effects of the COVID-19 continue to be felt across the world as the pandemic disrupts the health, economic, political and social systems. The social isolation policy has compelled organizations to have their employees work from home as a business continuity measure.

Inevitably, the shift in working environment has an impact on information security as digital tools available to staff as they work from home may not be as robust as those at the workplace.  There is therefore the underlying risk of cyber-attacks as cyber criminals could exploit the situation to penetrate otherwise secure organizational systems.  By concealing malicious login without being detected by the target organization’s security team, such criminals could penetrate an organization’s cyber defenses. This can easily be achieved through social engineering.

On 21 March 2020, the Moroccan Centre for Polytechnic Research and Innovation the (the MCPRI), the official representative of the international association to fight cybercrime in Morocco, urged all Moroccan Internet users, and security officers of information systems, to exercise vigilance when using the internet, systems and digital resources, during this exponential global health crisis due to the spread of the COVID-19 epidemic.

The MCPRI also indicated cybercriminals take advantage of critical situations and global crises to exploit the vulnerabilities of information systems and especially the ignorance of internet users, in order to attack victims of all dimensions, establishments, organizations, companies and even individual Internet users.

Nigeria - G.Elias & Co.

Yes, and for a number of reasons. First, the COVID-19 pandemic has provided additional cover for bad actors to perpetrate malicious activities using various e-channels as they pretend to offer solutions, financial or otherwise, and information on the COVID-19 pandemic to unsuspecting users.

Second, as the social isolation policy has compelled organizations to have their employees work from home, many more employees now use digital tools that may not be as robust as the ones they use at their workplaces, and may leave them susceptible to cyber risks.

Third, the security agencies are currently distracted by the sudden focus on measures being implemented by government both at the federal and state levels. Time and resources that would have otherwise been available to combat cybercrimes are now diverted to enforcing stay at home orders and the implementation of regulations to prevent the spread of COVID-19 both at the Federal and State levels. Further, the lockdown has greatly limited the effectiveness of government agencies responsible for enforcing laws against cybercrimes.

Rwanda - K. Solutions & Partners

The effects of the COVID-19 continue to be felt across the world as the pandemic disrupts the health, economic, political and social systems. The social isolation policy has compelled organizations to have their employees work from home as a business continuity measure.

Inevitably, the shift in working environment has an impact on information security as digital tools available to staff as they work from home may not be as robust as those at the workplace.  There is therefore the underlying risk of cyber-attacks as cyber criminals could exploit the situation to penetrate otherwise secure organisational systems.  By concealing malicious login without being detected by the target organisation’s security team, such criminals could penetrate an organisation’s cyber defences. This can easily be achieved through social engineering.

General

The effects of the COVID-19 continue to be felt across the World as the pandemic disrupts the health, economic, political and social systems. The social isolation policy has compelled organizations to have their employees work from home as a business continuity measure. 

Inevitably, the shift in working environment has an impact on information security as digital tools available to staff as they work from home may not be as robust as those at the workplace.  There is therefore the underlying risk of cyber-attacks as cyber criminals could exploit the situation to penetrate otherwise secure organisational systems.  By concealing malicious login without being detected by the target organisation’s security team, such criminals could penetrate an organisation’s cyber defences. This can easily be achieved through social engineering.

What is social engineering?

Mauritius - BLC Robert & Associates

According to Norton Security , ‘social engineering’ is the act of manipulating a person into giving out sensitive information rather than by outright stealing the information.

Morocco - BFR & Associés

Social engineering refers to a broad spectrum of malicious activities that rely on human interaction to achieve their ends. This could be a call from your “internet service provider” to check on the quality of your internet at home or from your “Bank”, to talk about using the new online banking platform.

The realism associated with the increased sophistication of social engineering attacks can fool employees into divulging sensitive information that may make an organization vulnerable to hackers.

According to a report published by Kaspersky on IT threats in Morocco for the second quarter of 2019, more than 30% of users were attacked by threats conveyed by the web. Morocco ranks 34th in the world in terms of the dangers associated with web browsing.

Nigeria - G.Elias & Co.

It refers to a broad spectrum of malicious activities that rely on human interaction to achieve their ends. This could be a call from your “internet service provider” to check on the quality of your internet at home or from your “Bank”, to talk about using the new online banking platform.

The realism associated with the increased sophistication of social engineering attacks can mislead employees into divulging sensitive information that may make an organization vulnerable to hackers.

Rwanda - K. Solutions & Partners

It refers to a broad spectrum of malicious activities that rely on human interaction to achieve their ends. This could be a call from your “internet service provider” to check on the quality of your internet at home or from your “Bank”, to talk about using the new online banking platform.

The realism associated with the increased sophistication of social engineering attacks can fool employees into divulging sensitive information that may make an organization vulnerable to hackers.

Uganda - MMAKS Advocates

It refers to a broad spectrum of malicious activities that rely on human interaction to achieve their ends. This could be a call from your “internet service provider” to check on the quality of your internet at home or from your “Bank”, to talk about using the new online banking platform.

The realism associated with the increased sophistication of social engineering attacks can fool employees into divulging sensitive information that may make an organization vulnerable to hackers.

General

It refers to a broad spectrum of malicious activities that rely on human interaction to achieve their ends. This could be a call from your “internet service provider” to check on the quality of your internet at home or from your “Bank”, to talk about using the new online banking platform.

The realism associated with the increased sophistication of social engineering attacks can fool employees into divulging sensitive information that may make an organization vulnerable to hackers.

What is phishing?

Mauritius - BLC Robert & Associates

Phishing is a form of social engineering. It relies on the computer user’s own vulnerabilities, namely ignorance.

The current anxiety about COVID-19 has triggered many emails from “experts or state agencies” containing links to information on the pandemic. While some of these emails are genuine, cyber actors are exploiting the situation by:

  1. launching phishing attacks using attachments that have data on COVID-19; and
  2. sending emails from fake “Government institutions or companies”.

On 20 March 2020, the Mauritius Computer Emergency Response Team issued a Communique advising people not to click on links on unsolicited emails and to be beware of attachments relating to COVID-19.  Like for any cyber incident, a person may report a COVID-19 related cyber incident on the following website: http://www.maucors.govmu.org

Because more people will be working from home or remotely, cyber criminals will continue to look for ways to exploit this. Therefore, employees need to be sensitised about this.

Morocco - BFR & Associés

Phishing is a commonly used social engineering tactic. It is a cyber-attack that uses emails that appear to be originating from a trusted source, to obtain personal information that can then be used maliciously against an individual or organization.

The intention is to trick the email recipient into clicking on a malicious link, or download an attachment, which installs malware on the email recipient’s device, and enables the scammer to access critical information, such as passwords. This provides a pathway through which the individual’s and/or organization’s cyber defences are weakened and accessed by the cyber actor(s).

In a briefing note issued by the Information Systems Security Branch (the ISSB), the administration warns of malicious applications and websites “who have appeared and are exploiting the coronavirus theme to infect a significant number of victims”.

For instance, ISSB indicated that given the current circumstances and the wide media coverage of coronavirus, several malicious applications and websites have emerged.

ISSB cited as an example:

  • the Coronavirus tracking application “Covidlock” which is a ransomware. This ransomware takes over the victims' devices and asks that a $100 ransom be paid in bitcoin within 48 hours to recover access to the infected device. The perpetrators of this ransom warn victims that contacts, photos and other content will be deleted on the one hand and social media accounts will be disclosed on the other hand;
  • “BlackWater" is another variant of the malware that appeared in this wake. The attack is initiated by phishing e-mails containing malicious attachments that claim to contain relevant information about COVID-19 to attract victims. Once these parts are opened, the malware is downloaded on the victim’s computer.

In order to counter these types of attacks, it is advisable to ensure that the source of the applications is trusted and that the resources used come from government health structures or official media.

General

It is a commonly used social engineering tactic. It is a cyber-attack that uses emails that appear to be originating from a trusted source, to obtain personal information that can then be used maliciously against an individual or organisation.

The intention is to trick the email recipient into clicking on a malicious link, or download an attachment, which installs malware on the email recipient’s device, and enables the scammer to access critical information, such as passwords. This provides a pathway through which the individual’s and/or organisation’s cyber defences are weakened and accessed by the cyber actor(s).

The current anxiety about COVID-19 has triggered a lot of emails from “experts or state agencies” containing links to information on the pandemic. While some of these emails are genuine, cyber actors are exploiting the situation by:

  1. launching phishing attacks using attachments that have data on COVID-19; and
  2. sending emails from fake “Government institutions or companies”.

Owing to the fact that more people will be working from home or remotely, cyber criminals will continue to look for ways of exploiting this, therefore employees need to be sensitised in order to avoid insider threats.

What prescriptive measures should your organization consider in dealing with phishing?

Mauritius - BLC Robert & Associates

You should consider the following:

  1. Does your organisation have in place reminders on phishing including what a phishing email looks like?
  2. How often are employees reminded of such attacks?
  3. Have employees been cautioned against clicking on links or opening emails from suspicious sources? How often are they cautioned?
  4. Does your anti-virus scan identify suspicious links?
  5. How are links embedded in emails monitored?
  6. Does the business have a cyber security incident response plan and a business continuity plan?

Morocco - BFR & Associés

You should consider the following:

  1. Does your organization have in place reminders on phishing including what a phishing email looks like?
  2. Do you have a way for concerned people to report such attacks so that originating senders/domains can be blocked?
  3. Have employees been cautioned against clicking on links or opening emails from suspicious sources?
  4. Does your anti-virus scan identify suspicious links?
  5. Has the business developed an IT/cyber security incident response plan in readiness for any threats?
  6. How does your organization ensure that its software and terminals are up to date?
  7. How does your organization make sure that its partners and suppliers protect the information they share with them?
  8. What authentication methods are used to control access to systems and data?

Nigeria - G.Elias & Co.

You should consider the following:

  1. Does your organization have in place reminders on phishing including what a phishing email looks like?
  2. Do you have a way for concerned people to report such attacks so that the attacks can be reported and investigated and originating senders/domains can be blocked?
  3. Have employees been cautioned against clicking on links or opening emails from suspicious sources?
  4. Does your anti-virus scan identify suspicious links
  5. Has the business developed an information technology (“IT”)/cyber security incident response plan in readiness for any threats?
  6. Does your organization have quick access channels to IT personnel for guidance?

To the extent that the organization lacks any of the above, please address the inadequacy immediately.

Rwanda - K. Solutions & Partners

You should consider the following:

  1. Does your organisation have in place reminders on phishing including what a phishing email looks like?
  2. Do you have a way for concerned people to report such attacks so that originating senders/domains can be blocked?
  3. Have employees been cautioned against clicking on links or opening emails from suspicious sources?
  4. Does your anti-virus scan identify suspicious links?
  5. Has the business developed an IT/cyber security incident response plan in readiness for any threats?

General

You should consider the following:

  1. Does your organisation have in place reminders on phishing including what a phishing email looks like?
  2. Do you have a way for concerned people to report such attacks so that originating senders/domains can be blocked?
  3. Have employees been cautioned against clicking on links or opening emails from suspicious sources?
  4. Does your anti-virus scan identify suspicious links?
  5. Has the business developed an IT/cyber security incident response plan in readiness for any threats?

What do insider threats entail?

Kenya - Anjarwalla & Khanna

These are malicious threats originating from people within an organization who have knowledge of the organization's systems, data and security procedures. Insider threats are also a reality for organizations during this health crisis.

Such people include employees, business associates, contractors etc. 

With employees working from home, under relaxed supervision, exploiting systems via the office becomes easier.

Further, because of the emphasis on social distancing, security officers are unlikely to go through laptops and bags for fear of getting infected, and this provides a major opportunity to exploit the measures.

Mauritius - BLC Robert & Associates

Inside threats are malicious threats originating from people within an organization who have knowledge of the organization's systems, data and security procedures. Insider threats are also a reality for organizations during this health crisis.

At the place of work where a security check is in place when employees leave their place of work, security officers are unlikely to go through bags for fear of getting infected. This provides a major opportunity to exploit the measures.

Morocco - BFR & Associés

These are malicious threats originating from people within an organization who have knowledge of the organization's systems, data and security procedures. Insider threats are also a reality for organizations during this health crisis.

Such people include employees, business associates, contractors etc. 

With employees working from home, under relaxed supervision, exploiting systems via the office becomes easier.

Further, because of the emphasis on social distancing, security officers are unlikely to go through laptops and bags for fear of getting infected, and this provides a major opportunity to exploit the measures.

Nigeria - G.Elias & Co.

These are malicious threats originating from people within an organization who have knowledge of the organization's systems, data and security procedures. Insider threats are also a reality for organizations during this health crisis.

Such people include employees and some business associates, contractors. 
With employees working from home, under less stringent supervision than is usual, exploiting systems via the office becomes easier.

Further, because of the emphasis on social distancing, even in situations where skeletal office services continue security officers are unlikely to go through laptops and bags for fear of getting infected, and this provides a major opportunity to exploit the measures.

Rwanda - K. Solutions & Partners

These are malicious threats originating from people within an organization who have knowledge of the organization's systems, data and security procedures. Insider threats are also a reality for organizations during this health crisis.

Such people include employees, business associates, contractors etc. 
With employees working from home, under relaxed supervision, exploiting systems via the office becomes easier.

Further, because of the emphasis on social distancing, security officers are unlikely to go through laptops and bags for fear of getting infected, and this provides a major opportunity to exploit the measures.

What prescriptive measures should your organization consider in dealing with insider threats?

Kenya - Anjarwalla & Khanna

The organisation should consider the following:

  1. What security measures do you have in place to safe guard against insider threats: do you have host based firewalls, security event management tools, etc.?
  2. Has your organisation carried out an internal/external vulnerability assessment in the last 12 months to check for loopholes that can be exploited by malicious cyber actors?
  3. Has your organization conducted a general IT audit within the last 12 months?

Malawi - Savjani & Co.

The organisation should consider the following points in developing prescriptive measures:

  1. What security measures do you have in place to safe guard against insider threats: do you have host based firewalls, security event management tools, etc.?
  2. Has your organisation carried out an internal/external vulnerability assessment in the last twelve (12) months to check for loopholes that can be exploited by malicious cyber actors?
  3. Has your organization conducted a general IT audit within the last twelve (12) months?

If the organization has not undertaken vulnerability assessements or IT audits in the last 12 months, it should prioritize doing so as soon as practicable.

Mauritius - BLC Robert & Associates

  1. Keep close contact with your employer - It is important to know new policies relating to COVID-19 to help keep you, your co-workers, and the business safe.
  2. Use the company’s tech toolbox – your employer’s tech tools are designed to protect data and devices; they can keep you ‘cybersafe’ when working remotely.
  3. Control the impulse to improvise – If a digital tool (e.g., a software which allows for teamwork) is not working, refrain from downloading a substitute. You could inadvertently introduce a software with a security flaw.
  4. Stay up-to-date on software updates and patches - Updates help patch security flaws and help protect your data.
  5. If you have Virtual Private Network (VPN), keep it on - A VPN can provide a secure link between employees and businesses by encrypting data and scanning devices for malicious software such as viruses and ransomware
  6. Beware of COVID-19-themed phishing emails – Cybercriminals are exploiting the COVID-19 virus outbreak to send out fake emails with dangerous links to emails.
  7. Develop a new routine - Working from home means new routine and making sure that you are cyber secure is part of that.

Morocco - BFR & Associés

The organization should consider the following:

  1. What security measures do you have in place to safe guard against insider threats: do you have host based firewalls, security event management tools, etc.?
  2. Has your organization carried out an internal/external vulnerability assessment in the last 12 months to check for loopholes that can be exploited by malicious cyber actors?
  3. Has your organization conducted a general IT audit within the last 12 months.
  4. Who is responsible for cyber security in your organization?
  5. Has your organization contract cyber security risk insurance?
  6. What security system do you use in your organization (endpoint security solution, network security solution, data protection solution or tractability solution)?
  7. Does your organization perform cyber-attack simulations?
  8. What is the approximate amount that your organization reverses in cyber security on an annual basis?

Nigeria - G.Elias & Co.

The organization should consider the following:

  1. What security measures do you have in place to safeguard against insider threats: do you have host-based firewalls, security event management tools and so forth?
  2. Has your organization carried out an internal/external vulnerability assessment in the last 12 months to check for loopholes that can be exploited by malicious cyber actors?
  3. Has your organization conducted a general IT audit within the last 12 months?
  4. Has your organization installed the latest software (especially security software) updates and patches on its systems?
  5. Do you have secure access such as Virtual Private Network (VPN) tunnels to cloud-hosted files?

To the extent that your organization lacks any of the above, please address the shortage immediately.

Contacts

Arshad Dudhia

Arshad Dudhia

Managing Partner, Musa Dudhia & Co.

Eric Cyaga

Eric Cyaga

Partner, K. Solutions & Partners

Foued Bourabiat

Foued Bourabiat

Managing Partner, Bourabiat Associés

Francisco Avillez

Francisco Avillez

Managing Partner, ABCC

Fred Onuobia

Fred Onuobia

Managing Partner, G.Elias & Co.

Geofrey Dimoso

Geofrey Dimoso

Partner, A&K Tanzania

Gil Cambule

Gil Cambule

Partner, ABCC

Iqbal Rajahbalee

Iqbal Rajahbalee

Partner, BLC Robert & Associates

Julien Kavuruganda

Julien Kavuruganda

Partner, K. Solutions & Partners

Krishna Savjani

Krishna Savjani

Managing Partner, Savjani & Co.

Luisa Cetina

Luisa Cetina

Director, Anjarwalla & Khanna

Mesfin Tafesse

Mesfin Tafesse

Principal Attorney, Mesfin Tafesse & Associates

Sahondra Rabenarivo

Sahondra Rabenarivo

Managing Partner, Madagascar Law Office

Salimatou Diallo

Salimatou Diallo

Partner, SD Avocats

Shemane Amin

Shemane Amin

Partner, A&K Tanzania

Timothy Masembe

Timothy Masembe

Managing Partner, MMAKS Advocates

Willie Oelofse

Willie Oelofse

Director, A&K Forensics & Investigations