Cyber Security – Data Loss and Protection

Dear Entrepreneur,

How often do you think about your Data Protection?

The ICT authority of Kenya in collaboration with the Communication Authority of Kenya drafted a Data Protection Bill in 2012. Despite this, Cyber Security has not yet become a reality for many in Africa particularly Kenya. We have had ‘ Scares” in 2017 but the threat has not really sunk in and I understand –To see is to believe right?

Medical Insurance covers offer one annual body check up for its clients but close to 70% of the people don’t take up this service yet have paid for it, the argument sometimes being “ I am feeling ok, or I don’t have time”. My point being it happens across sectors.

They say Prevention is Better than a cure.

In 2015, I witnessed my second biggest Cyber Attack, this was astonishing because the client had protection from a firewall. I got a notification that a ransomware had captured the 1TB File server and the hackers were demanding ransom in form of Bitcoin.

As a security consultant, I went on site to undertake an audit and realized that the firewall had been tampered with.

Company Data had been compromised and encrypted in addition, there was a silent worm spreading through the network monitoring information from LAN computers.

In such a case Client Information is compromised. Let me put this in perspective for you, Uber was hacked and over 57 million customer accounts and information was compromised. It is possible that 9 out of every 10 Kenyans have an Uber App installed on their phones and linked to their email. Think about the exposure and the magnitude of the threat.

IT Policies, Procedures and an experienced IT Specialist are very important in any organization doing Trade in the 21st Century.

Wi-fi Protection, End Point Anti-Malware and Anti-Virus Protection, Data Backup to Staff Training on risk exposure.

Data is the New Gold, we work so hard year after year not realizing that within a blink of an eye you can lose everything and it could be irreversible.

Cyber Security Threats have seen heads of IT Departments lose their Jobs, Businesses go down, Brands ruined, learn from others don’t be a sitting duck.

Cyber Security training is meant for every member of an Organization From the Board members to the Cleaners.

Ask yourself what it would cost you if you were to lose all your company Data.

Reach us today for Professional IT Consultancy.


The digital landscape has brought with it a bag of mixed fortunes. Too much exposure can be harmful and not enough access makes the individual seem underprivileged. Increase in the use of mobile phones and improved infrastructure has made it easier for children to be online.

Anthony Lake, the Executive Director of UNICEF, launched a report dabbed The State of the World’s Children 2017: Children in a Digital World. He said, “Our job is to mitigate the harm and expand the opportunities digital technology makes possible.” The rise and heavy use of technology are changing the childhood experience. The most connected age group is that of 15-24 years which stands at 71% against the global average of 48%. The increase in the use of the Smartphone as a mode of internet access has also led to a ‘bedroom culture’ that is secluded and has less supervision from parents.

Digital prevalence also varies around the globe with Africa getting the shorter end of the stick. Nearly 60% of African teenagers are not connected to the grid as compared to 4% in Europe. Women and girls are also 12% less likely to be online.

Use of technology has proved to be useful by allowing dissemination of information that might have otherwise been cumbersome to get. A lot of businesses now thrive online allowing families to eke a living and reducing the unemployment rate. We live in a global village where we have the choice of getting the best from various parts of the world to improve our livelihoods.

Some of the common negative effects that digitization comes with are cyberbullying, sexual exploitation, addiction, and some of the newer trends such as The Dark Web that stream inappropriate videos and use of Cryptocurrencies. Young people may unwillingly give out information on their social media platforms as well as when downloading games that are used by unscrupulous marketers.

Children are far too young to be able to gauge the effects of their online actions to know which are harmful and what is advantageous. Consuming online content with a bit of emotional intelligence will ensure that maximized. However, not all impacts if digitalization on children’s well being is universally agreed upon. The challenges need to be addressed by both parents and policymakers alike so that measures are put in place to safeguard their well-being.

Eveminet has developed a Digital Literacy & Intelligence curriculum for Teens and Pre-Teens where we aim to develop an all rounded Digital Citizen.


The quest for development of a sound digital economy has been on the upswing in the past decade. Businesses can no longer rely on traditional physical locations, newspapers or organized events to connect with their customers. A proper online presence is essential for any business. A typical genesis of a digital ID is a website with most asking the visitors to provide personal details like name and email addresses for feedback. Some might even ask for a phone number.

While this might seem like an honest business-related request, there are people who exist solely for the purpose of exploiting this need to connect to the online arena. The use of social networking sites like Facebook, Instagram, LinkedIn and personal to express oneself as well as share experiences have taken away the hustle of having to meet someone physically in order to know what they are about. The allure to divulge personal details is very high, especially with ‘live’ features that allow one to stream their activities online. Some of these ‘live’ sessions give away location and time the person was recording.

Social engineering is the art of mimicking a person’s online persona and impersonating them. In the 90s, one had to follow people physically and sometimes actually interact with them to know what they are about. The advanced ones of the time made calls using persuasive and flattering and persuasive language to get information. The popularity of social media has taken away so many loopholes as people are willingly creating personal profiles, accompanied by photos that show their lifestyles to the online community. A simple password hack can give a stranger to your online community where they can tarnish your reputation, or solicit money, among other things.

Gathering digital data is not that hard or time-consuming as compared to the previous methods. Studying individual digital footprints provides insights on what a person likes and how they would react on certain issues. Outright criminals have a tendency of monitoring how online stores bill their clients. They in turn hack data banks, gain access to confidential financial information that they use without the owner’s permission. Once the long arm of the law catches up with these activities, the unsuspecting victim is left to take the blame. On one hand, they might copy the ID of an online user and use it. On the other, they might get the credit details and rack up a bill that the owner only notices when they get the statement.

Social engineering is not just an adult problem. Children and young adults are the most vulnerable. At a time when self-identity issues creep in and the need for self-validation is high. A lot of what is posted online is not reflective of what one is going through. Rather it is a life desired. Social engineers ply on such factors to gain trust. A simple invitation to chat with an online companion turns into a highly crafted interview where over time, the victim gives up information on passwords or sensitive knowledge that can be used against them.

Others might send a link via email or an item to download. Use of catchy titles or compelling messages such as medical appeals, emergency or donations to funds that seem to be a worthy cause is quite common. If sent to an organization, this can spell doom to some of the company’s sensitive data. In late 2017, media personality Njambi Koikai who is battling thoracic endometriosis was holding an online fundraiser. An imposter attempted to ride on her predicament by posting a parallel message but offered a different mode of assistance that channeled funds away from her. Another scenario involved a number of social media personalities having people create pseudo accounts where they copy the online personalities but with sinister motives. The main targets for such are people who wield a lot of influence.

The world is increasingly becoming a global village. Many people will want to benefit from the success of others without using proper means. It is paramount that people take measures in protecting themselves from social engineering. There are steps one can take but the reality of personal responsibility in cyber attacks cannot be ignored. A lot of digital intelligence needs to be exercised.


The Kenyan General Election of 2017 highlighted some major shortcomings of the ICT sector in comparison to other countries. The overturned elections led to a call to have servers opened to authenticate the results of the presidential election. This led to a protracted court battle that saw the alleged host country where the servers were located dilly dally on complying with the court order. A number of ‘ICT experts” weighed in the issue to no avail.

The Ministry of ICT under Joe Mucheru then attempted to introduce a bill to regulate the industry and set a code of conduct. The aim of the bill is to create a licensing body for the IT industry, not only to certify ‘experts’ but also play a watchdog role. The idea is to emulate the Law Society of Kenya for Lawyers. The bill has been met with resistance from industry players who claim that this will glorify degrees over experience. Only time will tell if this Bill will ever become Law.

The New Year that is 2018 is definitely bound to bring changes. Events in Europe might push the ICT sector to form this body to regulate its members and also come up with policies that will strengthen Kenya’s position in the global digital marketplace. The European Data Protection Regulation is set to come into full effect on May 25, 2018. EU member states seek to benefit from this directive that dictates how data collected from EU residents is collected, processed and distributed.

The new Law has four key components:


It applies to data controllers, or organizations that collect data, process it (users on behalf of others e.g cloud service providers) and data subjects, who are EU residents. It also extends to organizations outside the EU who use or process personal data from EU residents.


The set of rules pertains to all EU member states, with each state setting up an independent Supervisory Authority to hear complaints, set up administrative structures and implement the policy to the letter. A Data Board will also be in place to supervise all Supervisory Authorities and enhance the working relationship among the states.


Liability in the wake of a data breach will be highlighted to ensure a lot of care is taken when handling information. Retention time for personal data and contact information of data controllers and protection officers will also be clearly documented. The data controller should be able to demonstrate compliance of processing activities that aim to protect privacy.


All handling of data should follow the law by covering basics of human rights such as seeking consent from subject before use, protecting their interests and performance of tasks that are in the interest of the public

The Kenyan ICT sector is yet to gain some structure. When the deadline lapses a lot of organizations will miss out on businesses with the EU because of non compliance. European countries will identify a compliance officer, who is expected to be proficient in managing IT processes, data security and cyber attacks. Kenyan practitioners need to be able to address policy issues within their companies to be able maintain such relationships. All is not lost as there are already qualified individuals to advice on ICT policy and cyber security compliance on the global scene.

The lack of privacy experts is bound to be a major talking point as the May deadline approaches. The EU Digital Single Market Strategy aims to enhance Europe’s position as a digital economy. Kenya, the hub of sub-Saharan business needs to respond in kind. The E-Privacy regulation will mostly affect e-commerce platforms that are on the fast uptake in Kenya. Jumia, Masoko, Kilimall or any other company dealing with any form of online communication need to take note

A Guide to Copyright in Kenya

The Kenya Copyright Board stipulates an introduction and basic guidelines copyright and related rights in Kenya. Intellectual Property This law peotects and promotes creations of the mind, there are two brances of intelectual property:

1. Industrial Property – Trademarks,Patents, Industrial desighns, Utility models, Service marks,Layout Designs.

2. Copyright – It relates to literary, artistic and musical works like Books, Computer Programs, music,Films, Photographs, art and sculptures among otherthings.

Copyright – Haki miliki,rights granted by law to authors of literary works. Copyright covers:

1. Literery

2. Musical

3. Audio – Visual

4. Artistic works

5. Sound recordings

6. Broadcasts The rights under copyright protection offers a righs ownerst to Economic rights, Relatedrights and moral rights.

Kenya is a member of the World Trade Organisation (WTO) the treaty includes Trade related Aspects of Intellectual Property Agreement that define international standards. Infringment of copyright occurs if a person other thanthe author or someone authorised by him, does any of the folowing acts: sale or hire of work.

The criminal action entails the right holder may choose to pursue criminal action against the infringer. The criminal sanctions include:

1. Maximum fines of up to Kshs 800,000/=

2. maximum custodial sentence of up to 10 years

3. Both fines and custodial sentences – Criminal and civil actions are non-exclusive and many proceed concurently. The Digital copyright Act has incoporated the provisions of the two WIPO inerntet trities; The WIPO Copyright Treaty (WCT) and the WIPO peformances and Phonograms Treaty (WPPT). There treaties address issues that arose with the use of copyright works in the digital environment.

The act makes it an offence to circumvent any technical measures designed to protect copyright works or remove any rights management information.

For further information contact the executive Director Kenya Copyright Board on email:

Digital Distruption

Technology as we know it is at a tipping point we are in the Fourth Industrial Revolution. The only guarantee is that change is and will always be a constant factor in growth and innovation. Many people who strive to be ahead of the game are constantly having to come to terms with digital disruptions as developers, thinkers and the ever curious continue to push the envelope in an attempt to out-do each other.

An everyday activity like walking into a retail space to shop for your daily needs or having an experiential time frame before buying a machine is being replaced by augmented reality – AI. The use of digital layering of information to imitate locations, sound and feel desired ideas is revolutionising the workspace. Smart devices like the Apple HomePod, Amazon Echo and Google Home will soon eliminate the need to a computer desktop as their voice command features get better with time. A direct casualty will of course be web browsers as the devices will be able to support dialogue based internet experiences.

The continued use of algorithms to determine the kind of content an individual gets on various search engines and platforms is starting to influence marketing and online behaviour. Blockchain Technology is promising to ease the cost and time to do business while maintaining accountability and security of the process. The biggest success seen has been the rise of crypto currency that many are projecting will replace the current financial systems.

The Internet of Things (IoT) demands that decisions of cyber space growth have to be data driven in order to get value and insight that guides sound business decisions. The momentum of replacing data storage on hard disk with cloud storage has been gaining momentum. The benefits of having unlimited storage data and ease in processing it have made data the new gold.

A lot of these innovation point out that the human factor in the digital workspace is being diminished but this is infinite. The health industry has been making strides on their own where efforts are put in place to avoid genetic disorders and improve overall health. Fitness products like Fit Bit are able to gauge human physical activity and detect body changes that can say, sense a heart attack before it happens. The Wellness Industry is making strides in an effort to ensure people live longer, healthier and perform at optimum levels thus increasing productivity.

Things will continue to change. Even some of the ‘revolutionary’ and ‘first of its kind’ advancements will be affected by the digital disruption. A basic service like Mpesa in Kenya that currently serves more than 30 million people might be replaced by WhatsApp money transfer. WhatsApp currently has 1.5 billion active users, and is part of FaceBook, a platform with nearly 16 billion users. A regular activity like parking once relied on a receipt to secure city parking space. Now that has been replaced by an App. Advanced countries identify empty parking spots on their devices. The rise of e-commerce has improved the shopping experience and left a lot of physical retail locations in disarray.

Anyone in business needs to develop digital literacy skills in order to adapt into the digital ecosystem seamlessly. The amount of resources channelled into digital innovation will only yield proper results if there is a proper policy put in place to measure growth and gauge outcome. The need for comprehensive cyber security protocols to be implemented is best done before unscrupulous cyber criminals take advantage of your hard work. Providing digital intelligence to organisation staff members will also ensure that the business is secure and able to stay ahead of the game by adapting to changes in a timely manner. 


Digital Inteligence

The phone has evolved from being a mere communication gadget to a necessity. Paying for utilities a while back required one to get a bill in the mail, then locate the nearest office where one would queue in order to pay for it. Sending money over long distances required that people do it via a bank or find a trusted acquaintance to hand deliver it. Buying items required one to go to a deport or designated business to do so.

All this has changed. The digital boom has seen the economy embrace an online presence in ways no one for saw. The revolutionary M-pesa has seen banks change how they relate to customers. E-commerce has seen many retail outlets innovate their business models. Social media sites have seen people connect from all over the world. Video streaming has affected how traditional broadcasters deliver content. The increase in internet speeds and wider coverage has allowed more people to be connected. For any business to thrive today, it has to adapt or perish.

These changes have disrupted the norm in ways that few could have foreseen. It is unfortunate that not all change is good. Being ‘digital’ means that people are spending more time online, an environment that remains largely unregulated and liberal. The effects of long time exposure have not been fully understood yet and data on the subject is scanty. However, there have been a few case studies done on children. Some of the research points to shocking effects of digital heroin on children. To mitigate the negative effects, users have to exercise some restraint and digital intelligence.

This is the art of understanding what the online community has to offer, the negative effects and how to be a digitally sound citizen. An adult with a cognizant mind is able to do so but not so for children. It is for this reason that grown ups, more so parents, be media mentors for children and teenagers.

Facebook launched Messanger for kids in early 2018, a move that was met with hostility from parents and child development experts. The social media giant that pulled the biggest bait and switch in history, the idea that the App will not feature any Ads or paid content seems calculating. The new platform that is targeting kids as young as 6 years old could just be a gateway to ensure ease of transition to Facebook once they come of age.

Research has indicated that social media as a whole as well as unmonitored unlimited screen time has negative effects such as addiction, cyber bullying, low self esteem, obscessive compulsive behavior, mood swings and many decreased social skills, among other things. For this reason, parents need to have the appropriate knowledge to enable them bring up good digital citizens.

Eveminet in partnership with Richmele International have a program on this called Savvy Kids Africa – Made in Africa for the world.

Contact Info

Suite 13, K.P Offices
Jakaya Kikwete Road, Kilimani
Nairobi Kenya

(+254) 733 392 827

Daily: 8:00 am - 5:00 pm
Saturday and Sunday: Closed

Copyright 2020 Eveminet Communications Limited ©  All Rights Reserved