Security & Support | |
Security & Support | |
2293 VIEWS | |
![]() |
Wednesday, July 15, 2020/04:00PM/ By Florence Bola-Balogun[1]
and Opeyemi Adeleke[2] of AELEX / Header Image Credit: Pinterest
Introduction
The COVID-19 pandemic hit the world in an
unprecedented manner and, in just a few months, it has had such a profound
impact on the world of work. The need to curb the spread of the COVID-19 virus
forced governments of affected countries to issue lockdown orders and restrict
movements. As a result, physical office premises were shut down and many
employees engaged by organisations were forced to work from home with little or
no security policy in place or a viable data backup and recovery plan. In
addition, some organisations resorted to employees using their personal
computers and other devices to carry out official assignments. The resulting
effect is possible exposure to cyber-risks from the use of insecure Internet
protocol (IP) addresses and the possibility of data not being backed up
appropriately.3
In this article, we examine data backup and other
data security guidelines that may be useful in assisting Nigerian organisations
during the pandemic.
Data Backup and
Recovery
Data backup and recovery refers to the process of
backing up data and setting up systems that allow data recovery in order to
forestall loss of data. Data backup and recovery is very important in running a
business for many reasons. Computers may crash, human errors may occur,
documents may get corrupted and several other issues might occur which the
organisation may be ill prepared for.4
Backing up data requires copying and archiving computer data so that it is accessible in case of data deletion, corruption or a human-caused event such as a malicious attack (virus or malware).5 Some popular data backup tools include Microsoft Outlook's OneDrive, SharePoint, Oracle Database Backup Service and Google Drive. It is, however, advisable that for every backup that is carried out, adequate security must be in place.
Recent Incidents of
Cyberattacks
In 2018, it was reported that 60% of Nigerian firms
suffered cyber-attacks, and that the country spent $270 million on cyber
security.6 There is also evidence to show heightened cyber-attacks
during the COVID-19 pandemic. Consequently, the Central Bank of Nigeria in a
recent press release7 alerted the general public of cyber-criminals
taking advantage of the pandemic to defraud citizens, steal sensitive information
or gain unauthorized access to computers or mobile devices using various
techniques.
However, the increasing trend is not peculiar to
Nigeria. Other parts of the world have witnessed a rise in cyber-attacks. For
instance, just recently, EasyJet8 reported a phishing attack to the
United Kingdom's Information Commissioner's Officer.9 Similarly, it
has been reported that a New York law firm used by A-list stars has been hacked
by cybercriminals who claimed to have accessed clients' data including contracts
and personal emails. 10
It is pertinent to note that when employees are targeted by cyber criminals, employers of the organisation are often vicariously liable for the actions and inactions of employees whether done intentionally or negligently.
National Information
Technology Development Agency's Position
National Information Technology Development Agency
("NITDA"), the agency in charge of data protection regulation in Nigeria,
issued the Nigeria Data Protection Regulation ("NDPR") which prescribes that11
anyone involved in processing or controlling data shall develop security
measures to protect data. Such security measures include protecting the systems
from hackers, setting up firewalls, storing data securely with access to
authorised individuals, employing data encryption technologies, developing
organisational policy for handling personal data (and other sensitive or
confidential data), protection of emailing systems and continuous capacity
building for staff. Furthermore, while celebrating the World Backup Day on 31st
March 2020, NITDA advised Nigerians on Data Backup as impact mitigation
strategy in light of COVID-19. The following are the basic guidelines that
NITDA has recommended:
1. Ensure that you backup your data frequently and at relevant intervals;
2. Consider using remote storage for your backups;
3. Ensure that the files containing your data backups are encrypted and protected; and
4. Use multiple methods and multiple media for your data backups.12
The above guideline is mostly premised on the
principles of the NDPR, which include storage, security and accuracy.
Responsibility for
Data Security
Organisations have a duty of care to protect clients' information and/or documents. Within13 the organisation, the data controller has the responsibility for providing data security. Consequently, in order for organizations to adequately protect themselves, it might be advisable that they encrypt their data and/or set up passwords on emails or documents sent. Overall, organizations should be conscious of cybersecurity issues and probably develop a security policy.
Conclusion
Data Controllers should always remember that
actions and inactions of their employees rise and fall on them. Hence, organisational
and technical controls should be put in place to protect information of the
clients in its possession from the risks of unauthorised disclosure, hacking,
corruption, etc. while trying to store data, backup and or recover information.
Footnotes
[1] Associate at AELEX
2 Associate at AELEX
3 Dan Dahlberg, 'Identifying Unique Risks of Work from
Home Remote Office Networks' (2020)
Bitsight <https://www.google.com/amp/s/www.bitsight.com/blog/identifying-unique-risks-of-work-from-home-remote-office-networks%3fhs_amp=true/ > accessed
on 21 May 2020
4IT, 'Importance of data backup' (2019) Brickhost https://www.brickhost.com/importance-of-data-backup-and-recovery > accessed on 16 June, 2020
5'Backup and Recovery' (2017) Techopedia <https://www.techopedia.com/definition/24058/backup-and-recovery#:~:text=Backup%20and%20recovery%20refers%20to,of%20data%20deletion%20or%20corruption.> accessed via 16 June, 2020
6 Jumoke Akiyode-Lawanson 'SMEs hardest hit by cyber
attacks, as 60% of Nigerian business
suffers attack (2019) Businessday <https://businessday.ng/technology/article/smes-hardest-hit-by-cybercrime-as-60-of-nigerian-businesses-suffer-attacks/> accessed on June 11 2020
7 Isaac Okorafor ' Alert, Beware of Covid-19
cyber-attacks fraud' (2020) CBN <https://www.cbn.gov.ng/Out/2020/CCD/CBN%20Press%20release%20-%20COVID-19%20-%20Cyber%20Security.pdf> accessed
on June 11, 2020
8 'EasyJet Airline Company Limited - Company Profile,
Information, Business Description, History, Background Information on easyJet
Airline Company Limited'
Reference for Business <https://www.referenceforbusiness.com/history2/7/easyJet-Airline-Company-Limited.htm>l accessed on 21 May, 2020
9 Jane Wakefield'EasyJet admits data of nine million
hacked' (2020) BBC<https://www.google.com/amp/s/www.bbc.com/news/amp/technology-52722626> accessed on 20 May, 2020
10 Joe Tidy 'Hackers hit A-list law firm of Lady Gaga,
Drake and Madonna' (2020) BBC
< https://www.google.com/amp/s/www.bbc.comnews/amp/technology-52632729> accessed on 20 May, 2020
11 Article 2.6 of the NDPR
12Ugo Onwuaso 'COVID-19: NITDA advises Nigeria on data
backup as impact mitigation strategy' (2020) Nigeria Communications Week https://nigeriacommunicationsweek.com.ng/covid-19-nitda-advises-nigerians-on-data-backup-as-impact-mitigation-strategy/ accessed on 16 June, 2020
13 Article 2.1(d) of the NDPR
Related News
1.
Identification Management: The Key to Digital and Financial Inclusion in
Nigeria
2. The Implication Of COVID-19 On Financial Inclusion And Financial Literacy
3. CBi Nigeria to host Webinar focused on Nation Building and Data
Management
4. COVID-19 Rebound: Building Entrepreneurs and Supporting Financial
Inclusion Through Xpress Point
5. Regulatory Flexibility and Agency Banking Will Enhance Financial
Inclusion in Nigeria - Henry Chukwu
6. Ahead of Tomorrow on WebTV: Discussions on COVID-19; Deepening Financial
Inclusion in Nigeria
7. Ahead of Tomorrow on WebTV: Discussions on COVID-19; The Fourth
Industrial Revolution and Nigeria
8. COVID-19: Impact and Opportunities for Financial Services Agents in
Nigeria
9. Firstbank: Empowering Women through Financial Inclusion
10. Mandatory Data Privacy Compliance for Nigerian Companies - A Data Audit
Offer
11. How Nigerian MFBs Use Digital Strategies To Deepen Financial Inclusion
12. Digital Technology Will Enhance MFB Operations in Nigeria - Victor Mba
13. Identifying The 4 Pillars for Achieving Nigeria's Financial Inclusion Target - Patrick Akinwuntan