Cybercrime watch: Three simple Quick Free Tips That Can Keep Your Cards Safe

Tip#1: Avoid Giving Your Card To A Server or Bartender

Photo credit to Ian Arunga (

Beware of your cashier. I have been skimmed before at an upmarket restaurant/bar/lounge in Westlands and I realized this is a pervasive problem. Evidence suggests that restaurants are now breeding grounds for skimming activity.

Tip #2 – Pay for your fuel in cash

Petrol station skimmers are found almost every day in petrol pumps but it’s the ones they don’t find that you should be worried about.  Pay for your fuel in cash and NEVER put your debit card in a gas pump.

Tip #3 – Supermarkets

skimmer 3.jpgThe next time you go shopping, be sure to pay close attention to the clerk who swipes your card.  Department stores can be potential hot spots for skimming because much like a restaurant or bar, it is not unusual for a clerk to leave your site to process the transaction, making the temptation greater, and the successful completion of the scam easier.  Sometimes a skimmer will pay an inordinate amount of attention to the number on your card, so if they seem to be staring as though trying to memorize your number, or examining it front and back as if they’ve never seen such wonders before, it would be smart to watch them closely.



Source: SignalVault and the Identity Theft Resource Center


Dubai’s cyber security strategy

His Highness Sheikh Mohammed bin Rashid Al Maktoum, launched the “Dubai Cyber Security Strategy” aimed at strengthening Dubai’s position as a world leader in innovation, safety and security.

The plan focuses on five main domains*;

  1. A cyber smart nation aimed at raising public awareness on the importance of cyber security, ensuring building a society that is fully aware of the dangers of cybercrime, as well as developing the skills and capabilities required to manage cyber security risks among government and private institutions and individuals in Dubai.
  2. Innovation in the field of cyber security, and the establishment of a secure and safe cyberspace characterized by freedom and justice, so as it encourages innovation in Dubai.
  3. Building a secure cyberspace “Cyber Security” by establishing controls to protect the confidentiality, integrity, availability, and privacy of data; and
  4. Maintaining the flexibility of the cyberspace “Cyber Resilience” and ensuring the continuity and availability of IT systems in cyberspace. These objectives can only be achieved through the national and international collaboration among different sectors, and thus, the fifth domain is concerned with this aspect.

The next phase will witness a number of effective initiatives that will contribute to achieving the strategy’s objectives and providing a secure cyberspace for users, making Dubai’s cyber security experience a global model.

*From the Dubai Government Services Directory

Your device, your privacy: the who, what and the how of mobile privacy

Lest we forget, digital secrecy does not exist. We may not realize it but we are kept on a close electronic leash and tracked, followed, observed and monitored on a very large scale and we are actively participating in this through our use of mobile phones.

Before you write me out as some paranoid cyber security lawyer, be aware that your personal data, behaviour, tastes and relationships form the basis of the economic models adopted by the free app providers making your information even more lucrative. With an attention span shorter than a Goldfish, we don’t bother going through the End User License Agreements, it’s just a pain.

So you go about your normal day sending business and personal e-mails, downloading apps, or updating your social media status, a little pop-up appears that has nothing to do with what you’re actually doing. Then it dawns on you. You may have seen this product page before. A simple search you did in the past has come searching back for you.

Accessing user information both for legitimate and malicious purposes is no longer uncommon in the digital age, where you do just about everything using a mobile device. But can breaching one’s privacy be stopped? What should you do to protect your privacy from mobile threats like this?

  • Who

The right to mobile privacy

We all have the right to privacy. But this easily gets violated whenever someone tries to access our personal information on any platform, without our consent or any given lawful reason. Breaching could be as simple as a friend spying on your social media account to marketing agencies deliberately studying the types of websites you visit and barraging your inbox with unsolicited alerts or offers.

With everything going mobile these days, it’s not surprising that some, if not most of us, often disregard the value of privacy. Sometimes, we ourselves, enable ‘data leaks’ failing to log out of sites leaving cybercriminals more than happy to take advantage of our oversight.

In social media alone over-sharing has become a springboard for more severe types of cybercrime like identity theft with the creation of a number of malicious apps engineered to steal sensitive user data.

  • What

Your device settings

Your default device settings serve as suggestions you can use to increase protection. By familiarizing and modifying these settings to suit your mobile needs, you can be assured that no one has easy access to your mobile device. Getting familiar with these settings could gain you more security.

Visiting malicious sites and drive-by downloads

Symantec security defines a malicious website as a site that attempts to install malware (a general term for anything that will disrupt computer operation, gather your personal information or, in a worst-case scenario, gain total access to your machine) onto your device. Malicious websites often look like legitimate websites and sometimes ask you to install software that your device appears to need.

Drive-by downloads are malware that can be installed on your device simply by looking at an email, browsing a website or clicking on a pop-up window with text designed to mislead you, such as a false error message.

So don’t open that email or click on that pop up message if you think it is malicious; guys, there’s no swimsuit model in Russia who thinks you’re hot – trust me.

Your mobile behaviour 

Owning a mobile device gives you the freedom to access the online world more frequently. But does it change your behaviour when it comes to security? This freedom often makes mobile users more vulnerable to threats through mobile activities like social networking, shopping and banking.

Cybercriminals are stepping up the production of threats that affect social networking sites, online stores, and even banks—and they won’t just stop at creating apps that could easily be mistaken for legitimate ones.

Why – money is the driving force

Mobile devices have impressively centralized one’s online activities. But at the same time, it has opened doors to vulnerabilities exploited by cybercriminals driven by one agenda: money.

Kenya Cybercrime firm Serianu estimates that Kenya lost more than KES 17 billion to hackers in 2016. Not only did the number grow, the sophistication and capabilities associated with these threats grew as well. Cybercriminals are always on the lookout to steal information stored in smart phones and tablets that can be used for profit.



They’re called free apps for a reason

It is so easy to get lost in the number of free apps you can download these days. One click and you can enjoy the game everyone is talking about or that app that filters your photos to the stone age. But remember that there’s always a trade-off. If they don’t charge you for using their app, chances are they could be earning by reselling your personal information. How about that!

Device loss or theft

No matter how careful you are with what you store in your mobile device, once it gets lost or stolen, you have little to no control over what happens with the sensitive files or data you have in them.

End-User License Agreements (EULAs)


You know that little checkbox you click that says you’ve read the terms of the agreement? That’s what the online service developers use to look out for themselves, they’re called EULA’s. You see it on the terms they ask you to agree with that they can change at any time, with or without notice. Before saying yes to these EULAs, you should read up and familiarize yourself with what’s stipulated. You may end up allowing them to sell your photos, track your online activities or hand over information to authorities without your knowledge.

Bring Your Own Device (BYOD)

Employers are now turning the tide with regards to personal devices for work related activities. Companies are now investing in their own devices and top of the range anti-virus software to curb the menace associated with BYOD. But if your organization allows you to BYOD, be wary since even a company’s IT policy could mean giving your IT department access to your personal files and information.

Anyone could fall victim to cybercriminals trying to breach your privacy. But there are still stops you can pull to prevent this.

General Checklist:

  • Configure your device’ privacy and browser settings to control the amount of information it shares.
  • Activate screen locks and passwords to minimize chances of hacking and change passwords every three months for security.
  • Refrain from storing compromising files (photos and videos) you’re not comfortable with on your device
  • Clear your mobile browser cache regularly to avoid data leakage and information-stealing malware. Constantly monitor your app and account settings to make sure sharing and connectivity are secure. For the less tech savvy, I would recommend theClean Master App. A few clicks and you’re safe.

Get rid of apps you don’t use

  • Download only from trusted sources like the developer’s website or from Google Play. Remove apps not in use.
  • Always check the app’s permissions to ensure that it doesn’t perform functions outside of its intended use.
  • Use your mobile browsers’ private browsing settings, especially for sensitive transactions like online banking.

Device Loss or Theft Readiness

  • Take note of your account credentials or make use of a convenient password manager when the need to reset them arises.
  • Backup files with irreplaceable information in the cloud.
  • Prepare to contact the authorities, your service provider, and concerned organization to avoid the malicious use of your identity and to block bill charges.
  • Sign up for a reliable remote service that allows you to find, lock or wipe your device when you need to.

Check your BYOD Agreements

  • Are you required to produce personal devices for forensic analysis?
  • Does this apply to devices shared with other family members?
  • Who can access personal information stored in your device?
  • Can your company track your location? Is this a requirement? Do they have notifications if the need for this arises? Under what circumstances?
  • Are your personal online activities monitored? Are these systems active outside regular work hours?
  • Is this information retained when you leave the company?

Verizon to get Yahoo at a 350M discount following cyber attacks

Yahoo will now sell its core business to Verizon at 4.48 billion USD (350 million less the original amount of 4.8) following Yahoo’s disclosure on massive cyber-attacks back in September 2016. While not a deal-breaker as posted earlier, a significant cut to the original price has left Yahoo licking its wounds and sending a message to Kenyan companies that cyber security is a big deal.

It is reported that Verizon will get Yahoo’s Internet business, which includes Yahoo Mail, Flickr, Tumblr and Web properties such as Yahoo Finance and Yahoo Sports, hoping to rival Facebook and Google in digital advertising.

Read more of the story here

The impact of technology in Africa

As a major transformative force around the world, technology is increasingly disrupting existing monopolies and in some segments, completely changing the game. From  artificial intelligence technologies (AI), financial services technology (fin-tech), Medical care technology (med-tech), education (edu-tech), innovations in law (legal tech), mining and exploration (mine-tech) among others, supported by high-speed internet penetration and mobile phones offers Africa a huge opportunity to enhance development.

Africa’s penetration of smartphones is expected to reach 50% by 2020, from only 18 percent in 2015.[1] Mobile payments are sweeping across the region with East Africa being the global leader in mobile payments. E-commerce is growing fast as is e-learning.

Technology has also been used to bring government officials to task and therefore there is an increase in integrity and accountability of government officers. This should offer investors comfort to come in. Given this relative stability, some of the regions commercially oriented start-ups such as Africa Internet Group and Interswitch are either being acquired or going public. Investors will be keen on which others show similar potential.

Ubiquity in internet access 

Placing internet access in a ubiquitous position requires consistent innovation. Companies have began testing alternative technologies to make this possible such as Google’s balloons [2] and Facebook’s solar powered drones[3]). Currently there are two impediments to a fully connected continent:

  1. Cost – costs are many times higher in Africa, an Internet Society report mentions that a person needs 15.7% of average GDP per capita in Kenya to get broadband – compared to less than 2% in Europe[4].
  2. Geography – the geography of Africa is extremely challenging with large open spaces or dense jungle – often sparsely populated.

Full internet connectivity is likely only going to come through a mix of technologies and cost improvements.


In 2013 Kenya completed a pilot on the deployment of internet use in rural areas. Dubbed Project Mawingu[5] (Swahili for “cloud”), Microsoft together with Strathclyde University, local telecoms firms and the Communications Authority began tests to provide affordable, high-speed wireless broadband to rural areas using alternative untapped technologies in TV “whitespaces” (TVWS).

White Space refers to the unused broadcasting frequencies in the wireless spectrum. Television networks leave gaps between channels for buffering purposes, and this space in the wireless spectrum is similar to what is used for 4G and so it can be used to deliver widespread broadband internet. It is believed that Kenya could lead the way with a model of wireless broadband access that in Europe and the USA has been tied up in red tape.  This pilot does not require mains electricity and is being run totally on solar power.

The internet  impacting  traditional/rural societies on education and social norms

There are, two schools of thought in African societies in relation to the impact of the internet:

  • Those who embrace the internet as a tool to protect, maintain and promote cultural diversity; and
  • Those who believe that the internet serves only to endorse capitalist ideals and sanction products of the modern industrial society[6]

There is no denying that a democratization of information will lead to impacts on traditional and rural societies.  Western social mores, celebrities and news are going to be now available to everyone.

That said, there is no guarantee that traditional and rural societies will be overwhelmed.  The internet will allow people’s art, language, culture, histories and traditions to be shared, learned, promoted and distributed[7].

The expansion of mobile money payment systems such as M-Pesa. 

Expansion to new markets in developing countries is continuing as is bringing more people into the mobile money market. As at March 2016, M-Pesa had entered into Tanzania, DRC, Mozambique, Uganda, Rwanda and Zambia.

In India, the National Rural Livelihoods Mission uses M-Pesa to enable financial inclusion for women’s groups. The Mission is using the service to disburse pre-natal health benefits.

A mobile money solution is proven in Kenya to bring people into the money economy and in unbanked countries, is a good way of bringing people out of barter into the money economy. However, M-Pesa’s current iteration will  not have success in more developed countries.  Mpesa failed in South Africa[9] partly due to the fact that most South Africans already have good banking access.

The impact of drone technology in inaccessible areas.

The potential in this space is huge. In Rwanda, San Francisco based start-up Zipline got the go ahead to pilot drone tech in doing daily deliveries of critical medical supplies (primarily blood and vaccines) to 21 locations across the country.  Drones allow items to be delivered in areas where roads are unreliable or impassable.

As elsewhere in the world, African regulators are struggling to determine the appropriate regulatory response. In Nigeria [10] the person flying the drone must have a pilot license and pay significant fees to get a security clearance.  Kenya has similar rules currently before the National Security Advisory Committee.  Until then, the use of drones is banned. Drones will remain a future technology until the regulatory issues are resolved.

The educated urban elite and global competitiveness

The educated urban tech-savvy African now has all his work and school in his phone and backed up in his email-managed cloud account. With good internet access, he/she can join meetings virtually, submit school assignments and work reports, run a successful business while still keeping tabs on family and friends.

The educated urban elite in Africa is becoming more like the urban elite of other countries and joining the global middle class.  Africans have been ready adopters of platforms like Facebook and twitter.

Africans are learning to code and adapting programs to their particular needs.  There is a thriving technology scene in Africa’s bigger cities – Lagos, Nairobi, Cairo – where Africans are developing African solutions to their problems.

That said, it is unlikely that African technology will emerge as a major player on the world scene.  The big money in technology resides in Los Angeles/San Francisco, London and New York.  Africa’s best and brightest technologists will likely end up in those cities working for Google, Facebook or Microsoft.

Social media as an organizational tool for political systems

The Arab Spring showed the power of social media on corrupt and violent governments.  High internet penetration and social media allowed protesters to mobilize and organize these revolutions.

Social media gives a voice to the people that might not otherwise have existed in many regimes.  It is clear that the Chinese Communist party has realized that not only does social media bring down governments but that it also gives governments a real time insight into what people are interested in[11].

In China, the government is both listening and also looking to capitalize on the data created by social media and internet interactions as a tool of social control[12].  China’s track record of censorship and suppression is now extending online with no open Internet and no Net Neutrality in their vocabulary.

In Africa there is a big hurdle to social media having a positive or negative social impact – only urban elites are generally on social media so it is unlikely to lead to a mass movement in sub-saharan African countries (Kenya and South Africa excepted where internet usage much more prevalent). Consequently, social media is unlikely to have any impact on political systems in the near term – but who knows about the future.

There will still be brain drain

The internet has removed the tyranny of distance and allows a good professional sitting in Africa to work anywhere in the world.  Sites such as upwork, freelancer and others allow people to sell their services to a worldwide market.

That said, the big deals and high profile jobs are still based in London, New York, Paris and Berlin.  It is, to a certain extent, a rite of passage for an African professional to seek professional fulfillment overseas.  The internet is unlikely to change this to any great extent.

Tech prospects on raw material extraction and advanced manufacturing in Africa?

  • Mining

African mining is currently extremely labour intensive and dangerous for the miners.  Technology will undoubtedly change both of these things.  Mining in many other jurisdictions is much more automated – especially once the grades of ore become poorer.

Much of the mine-tech used in Africa is developed abroad. As a result, most companies remain at the early stage of the adoption curve-placing a majority of their innovation focus on technological optimization of old techniques in a bid to reduce costs or discover deposits more efficiently. Given the rapid pace of technological advancement, companies have to keep an eye on cross sectional innovations that may impact mining in the future. These include:

Artificial Intelligence: The move towards autonomous vehicles and automated technologies such as Australia’s AutoHaul has already revolutionized mine operations. As the “intelligence” of these machines grows, they will be able to perform increasingly complex tasks, including hazardous processing activities—reducing labor costs and enhancing productivity as a result.

Wearables: there is huge potential for innovations in the occupational safety market which mining is one of them. For example Night runner a US product initially developed for night athletes is being reconfigured to cater for miners of the night shift.

  • Advanced manufacturing

The prospects for significant amounts of advanced manufacturing in Africa are bleak.  The lack of infrastructure (bad roads, ports, limited rail options), political instability in some states, lack of reliable water and electricity, lack of access to local markets and generally low productivity among the workforce means that companies seeking to set up advanced manufacturing generally look elsewhere.

That said, progress is being made in relation to each of these impediments and it may be that Africa can look forward to a future of rapid industrialization.

Investment interests and drivers

Africa shows that there is potentially a feasible market in catering to the developing lower classes.  You don’t need to have a product that appeals to the AB demographic in a western country to be successful or make a meaningful impact in Africa.  There is a huge demand for products and services that cater to the less developed parts of the continent.

For example the informal economy represents about 80% of the total job market. A large number of informal businesses lack access to services such as ERP systems, small business banking (even with Mpesa, a large number of Africans are still unbanked), affordable third-party logistics or internet access. These present a huge opportunity for VC-backed start-ups to attempt scalable applications.


Kenyan based startup Lynk focuses connecting households with informal workers. Borrowing from the LinkedIn model, the application has been dubbed the LinkedIn for the ‘linked out’ allowing customers to book services from over 60 categories, ranging from plumbers to nannies. The platform works via mobile app, the web and SMS, and automatically identifies qualified workers based on sub skills and other signals such as location, price range, language and experience.

There are several pre-requisites for Africa to draw investment and interest:

  • Political stability – African countries have risen from past hostilities, creating the political stability necessary to attract investment thus far. For the momentum to continue there has to be a continuation of this stability and a strong legal protection of assets.
  • Appropriate regulatory standards towards Data Protection and Cyber Security – Africa’s tech sector is not bullet proof to cyber threats that face the industry in other parts of the world. Anti-virus adoption and creation of awareness around cyber security is key to building the trust of investors. In addition, Africa needs an increase in tech lawyers to better advise potential investors.
  • Increase Africa’s internet bandwidth and develop a stronger and more reliable tech infrastructure.
  • Tech-preneurs need to be equipped with business skills – there is a reason why only around 2% of start-ups attract investors, compared to more than a third in Silicon Valley. Africans may be tech savvy but not so much in the business skills to successfully grow their companies.
[1] Estimated by MGI using forecasts from The mobile economy: Sub-Saharan Africa 2015, GSMA, 2015; UN Population Division
[5] See  accessed on 3/1/2017

Getting regulatory approvals for Fin-tech: It’s not a one stop shop yet.

Fin-tech in Kenya was pioneered by Safaricom’s M-pesa application at a time when there was no regulation, pushing the unbanked and informal sector (which represents 80% of the total job market) to buy mobile phones and move from brick-and-mortar banking into the digital economy. Since then, Fin-tech has expanded to person-to-business (P2B – utility payments, shopping etc.), business-to-business (B2B), and credit and savings services, purchasing and transferring of airtime and so on.

Regulatory Framework

The current regulatory framework poses challenges that could potentially be a barrier to innovation and investors. Fin-tech obscures the current independent sectors of regulation; telecommunications and banking presenting an overlap between different ministries and Government agencies. It involves confirming with these agencies whether licensing or authorization is needed to operate, in addition to understanding which licenses would apply.

Generally, a tech company looking to launch Fin-tech in Kenya should be aware of the following licenses and applications.

1. An application to be authorized and designated as a payment service provider from the Central Bank of Kenya (CBK) for the money transfer services it would offer its proposed users. CBK has to be satisfied that the tech company has a minimum core capital of Kenya Shillings five million (KES.5,000,000/=) to be licensed as an electronic payment service provider. The CBK may label/designate the platform as a payment system if it believes that its payment system poses systemic risk, is necessary to protect the interest of the public, or if designation is in the interest of the integrity of the payment system. Though Kenya Electronic Payments and Settlement System (KEPSS) is the only payment system that is known as having been designated, the decision to designate remains with CBK.

2. Application to the Communications Authority of Kenya (CA) for a Content Service Provider (CSP) license, an Application Service Provider (ASP) license and /or a Network Facilities Provider (NFP) license;

  • Where the platform features sending SMS’s using a network carrier in Kenya, it will be considered to be providing a communication service under Kenya Information and Communication Act and thus a Content Service Provider CSP license would be needed.
  • Where the platform provides notifications and alerts in connection with the Fin-tech products that it offers, the platform will need to be licensed as an application services provider (ASP) by the CA.
  • Where the tech company will in addition to the above set up and operate communications infrastructure (based on satellite, mobile or fixed), it shall be required to procure a Network Facilities Provider (NFP) license.
  • If the application will only be web based then CA approval may not be needed however this needs to be confirmed by them.

3. If the platform offers cross border sending or receiving of money (money remittance), the tech company has to be licensed as a money remittance operator. For this license, the company has to demonstrate that it has a core capital of at least Kenya Shillings twenty million (KES. 20,000,000).

4. Other legal requirements that would be considered are money laundering, bribery, consumer protection, data protection and cybercrime.

Cyber Security – What if Yahoo was a Kenyan Company?


On 22nd September 2016, Yahoo confirmed a cyber-attack in which over 500 million personal accounts were compromised. This was arguably the largest cyber security breach in history. The information obtained by the hackers includes names, email addresses, telephone numbers, dates of birth and in some cases, security questions and answers.  This comes in the wake of the on-going merger with Verizon Communications in which Yahoo is selling its core business (search, email and messenger assets as well as advertising technology tools) for USD 4.8 Billion.

While not as embarrassing to its members as the Ashley Madison hack from 2015, this recent event raises a good prompt to question whether Kenyan law is relevant to the internet. What if Yahoo was a Kenyan company?  What would be the legal outcome of this breach?

Kenyan context 

Kenya’s legislature is attempting to keep up with evolving cyber security issues.  Existing law does not impose any sanction or penalty on to the Kenyan equivalent of Yahoo however there are three bills which would change this.

The Data Protection Bill 2013, the Computer and Cyber Crimes Bill 2016 (CCC) and the Cyber Security and Protection Bill 2016 (CSP) are based on the equivalent laws in South Africa and the UK and aim to incentivize companies to increase their internet security and to prohibit certain acts in the use of the internet. It is unclear if, or when, they will become law.

The Data Protection Bill aims to regulate the collection, retrieval, processing, storing, use and disclosure of personal data. The Bill proposes that all companies will be required to put in measures to protect data against loss, destruction and manipulation. Failure to put in adequate security measures will attract a penalty of 100,000 Kenya Shillings or to imprisonment of 2 years or both.

The CSP and the CCC share the same vision of regulating cyber crimes but adopt competing methods to try and deal with this issue. The CCC is a Government Bill whereas the CSP is privately sponsored, so there is currently no clarity on when or if these bills will be progressed.

The CSP aims to establish a Response Unit in the ICT Ministry to receive and investigate reports on cyber threats. The CCC proposes additional investigative procedures for police officers.

The CSP proposes an information sharing mechanism between public and private companies (and with each other) whereas the CCC is seeking to improve international co-operation for prosecuting cyber crimes.  Broadly, the goal of both bills is to hasten investigations and prosecution of cyber crimes.

Relevantly for corporations, the CSP would require a company suffering a cyber-breach to report it to the Response Unit within 7 days of it occurring. Failure to do so will be an offence.  Worryingly, for corporations, there is no element of knowledge to trigger the 7 day reporting requirement.  A company could be in breach of this provision if it were hacked and did not discover this fact for a significant period of time.  As mentioned above, the CSP bill does not currently have government support and so its chance of becoming law is not high.  However, its existence, and the Government’s CCC bill shows that the Kenyan legislature is moving towards regulating and imposing penalties in this area.  It is only a matter of time before one of these bills is enacted.

Separate to the legal outcomes, from a commercial perspective, a cyber-attack is bad for business. Yahoo not only faces potential class action suits, and reputational damage but the likelihood of the hack being a deal breaker on the merger with Verizon is high. With the potential for new legislative penalties in Kenya on the horizon, companies should place data protection and cyber-security on their risk management agenda sooner rather than later and before a cyber-breach occurs, not as a result of one.

Below is a clip on simple cyber security tips  we can all embrace from the Herjavec Group a cyber security firm.