By Ibukun Emiola, News Agency of Nigeria (NAN)
On June 15, 2023, Nigerians were informed that the official Twitter X account of Abike Dabiri-Erewa, Chairperson for the Nigerians in Diaspora Commission (NiDCOM), had been hacked once again by unscrupulous elements to spread falsehood and fake news in the name of Abike Dabiri-Erewa, and advised the public to ignore any messages coming from the Twitter handle @Abike Dabiri-Erewa until normalcy is restored.
Nigerians may readily relate to Dabiri-Erewa’s scenario, especially female professionals who have been victims of online security breaches or have had their fair share of attempts by cybercrime perpetrators.
According to a report by a cybersecurity firm, Surfshark, the incidence of data breaches in Nigeria increased by 64 per cent in Q1 of 2023.
The report further showed that Nigeria recorded 82,000 cases of data breaches between January and March 2023, a slight increase from the 50,000 cases reported in Q4 2022.
According to the survey, Nigeria ranked 32 globally among countries that had experienced scores of data breaches. One could say that Nigerians are familiar with security breaches on the internet, as many people live their whole lives on social media platforms and have horrible testaments to share, while only a few people are taking security precautions.
Oreoluwa Alao, an agriculturist and writer, says she encountered a security breach attempt on her email account shortly after she lost her device.
“My phone was stolen and I didn’t have access to check my email, but some days after I could check, I realized that some people tried to log in to my email. I think because of the strong security password, they couldn’t access my email; of course, I received so many messages that were Google security alerts that even after I changed my password to a stronger one, I kept getting the emails,” Alao said.
While Alao was fortunate that her email account was not breached, some professionals were not, this led the victims to a slew of problems which include psychological, emotional and financial problems.
A survey on data privacy conducted in June 2023 revealed that out of 60 women professionals between the ages of 25 and 50 in two local government areas; Ibadan North and Lagelu in Ibadan the capital of Oyo State, 45 per cent of the respondents who use the internet were unaware of data privacy, while one per cent had no idea what the phrase ‘data privacy’ meant.
According to Cloudflare, data privacy is the ability of an individual to determine when, how, and to what extent such a person shares personal information with others, including name, location, contact information, or online or real-world behaviour.
Figure 1: The local government areas of respondents and age distributions
In Figure 1 many respondents to the survey are from the urban centre, Ibadan North Local Government area, while those from the rural areas are few, from Lagelu Local Government area.
A significant figure from the survey of female professionals indicates that Nigerians must always be conscious of data privacy to reduce incidents of security breaches.
Speaking on the impacts of lack of awareness on data privacy, Oluwaleke Oni, a data analyst and IT expert said lack of awareness on data privacy among female professionals can result in several significant impacts, such as privacy breaches and data security risks.
According to Oni, when people, including female professionals, are uninformed of data privacy best practices, they may inadvertently reveal sensitive information online or become victims of fraud, phishing attempts or data breaches.
Oni said this can lead to the compromise of personal and professional data, potentially causing financial loss, reputational damage, or identity theft.
He added further that professional repercussions of data privacy incidents could have professional consequences for female experts.
“Employers may also be hesitant to entrust sensitive data or projects to individuals who do not prioritize data privacy,’’ he said.
Several respondents to the survey who were victims at one point in time stated that they reported the incident but nothing was done about it. One of them wrote “I made a police report on the fraud (of almost N500,000 / US$ 637.28 in 2014/2015), which was reportedly investigated for some months, but to no avail,” said the respondent.
“It shook me mentally, psychologically, and even emotionally because my integrity was also at stake. It’s all gone now, I got it sorted and over with, and have moved on shortly afterward, long ago. BUT LESSONS LEARNT FOR LIFE!!!”
Another respondent said, “My account was changed to Chinese writing without my consent. I didn’t do anything, I don’t know what to do,” she said.
Some of them said that in addition to security breaches, they were bombarded with unsolicited adverts as a result of their internet activity.
However, 37 per cent of respondents said they didn’t read about data privacy policies on Facebook and YouTube before or after installing the app. Only ten per cent of respondents have had their Facebook or YouTube accounts hacked or cloned.
Figure 2: Age distributions according to respondents’ social media preference
In figure 2, Facebook, Whatsapp and Instagram are the most commonly used social media platforms among female professionals between ages 25 and 50.
According to the survey, respondents’ motivations for using these social media platforms varied, and recorded statements comprising of options including; Celebration, Present mood, Nothing personal or private, Business, Events, Awareness creation, Opinions, Advertisement, Messages, Pictures, Memorabilia, Documentary, Birthday, Global issues, among others.
Jesutofunmi Robison, a Master’s student at the University of Ibadan, also said that her Instagram account was hacked at one point. “The sad thing was that it was linked to my Facebook, so the challenge affected my Facebook too.
“Before the hacker could access my information, I did the two-factor verification which helped me to get my account back. I read online on how to get my account back and I did a stronger password with the two-factor verification and my account has been fine,” she said.
The data analyst said there were possibilities of gender-based targeting and discrimination.
Oni warned that a lack of awareness about data privacy can leave female professionals more vulnerable to targeted attacks and online harassment.
He stated that inadequate protection of personal information may make it easier for malicious actors to gather data and engage in cyber stalking, doxxing, or other forms of online abuse.
“This can have a negative impact on the mental health and overall well-being of female professionals.
“Unequal Participation and Empowerment: Data privacy concerns can disproportionately affect female professionals’ participation in certain sectors or roles that involve handling sensitive data.
“Fears around privacy and security may discourage women from pursuing careers in technology, data science, or cybersecurity, leading to an underrepresentation of women in these fields. This lack of representation further exacerbates gender inequality in the technology sector,” Oni said.
He further advised that having limited control over personal information due to a lack of awareness of data privacy practices, female professionals may unknowingly consent to share their personal information with third parties on social media platforms, or online related platforms.
According to Oni, this can result in a loss of control over their personal data, as it may be used for targeted advertising, sold to data brokers, or used for other purposes without their knowledge or consent.
Meanwhile, about 18 percent of respondents to the survey affirmed that they have been harassed or defrauded while using Facebook and YouTube.
These are professionals who have been on their jobs for three months to 22 years, with the majority using social media platforms such as Facebook, WhatsApp, and Instagram.
Figure 3: Respondents who have been harassed using social media platforms and their age distributions
In Figure 3 respondents in the survey who have not been harassed using social media are more than those who have been arrested.
David Afolayan, the Chief Executive Officer at GIS Konsult, Ibadan, said people need to be aware of their rights to privacy.
According to Afolayan, there are several international policies and laws in place to protect every individual in the digital space since organizations thrive on peoples’ data economies, that is where they make money, but if people are aware of their rights, they may request compensation for the divulge of their personal information.
He said all the application software that appeared to be free, exchanged peoples’ information in various ways. “If it is just that the information you put on the app was just shared, that is still ok, but applications have various algorithms that mine their behavioral activities.”
He added further “That is why if you go online and you search for a phone, you start to see adverts coming to you from various vendors on a phone, if you search for baby things; you start to see adverts on babies’ clothes, food, and the likes. What is happening?
“Just what you shared on your platform innocently has been turned into information that is actionable, which is exchanged with the vendors at a great cost and then they focus their adverts on you.”
Afolayan urged Nigerians to value data and seek to get value from it, which will influence their attitude towards data policy on every online platform they seek to engage.
“You should read the details of everything that is on any platform you engage in about the use of your data.
“And because of laws that control data usage, all the platforms have a place where you can switch off the recording of your information; where you can determine whom they share your information with, and where you can in a way control it.
“The more you ask for what belongs to you the more you force the hands of the digital giants to put in place measures to protect your rights.
“And the more you know the value of your information the more you can ask for a stake in what they are given,” Afolayan said.
He noted that taking pictures with a phone also captures the environment where it was taken, which is known as Geo-tagging, adding that in many incidents, this has given away the location of some celebrities in the entertainment industry, who were later attacked by marauders, leaving the celebrities perplexed as to how they became the targets.
Afolayan cautioned citizens to be careful of security not just of data privacy, but also of personal security while posting information online as there are cyber attackers who extract information for nefarious purposes.
He further stressed the need not to engage online scammers and “419 people” in such a way that people leave few digital prints, adding that many applications have targeted women, hence the need to be cautious.
According to the survey, many respondents had been using the internet for more than five years with no understanding of data privacy. 51 per cent of the respondents claimed that the government has not done enough to secure Nigerians in cyberspace, advocating for protection through policies, regulations, and awareness programmes as well as bringing cybercrime culprits to justice.
Figure 4: The percentage of respondents on efforts of the government on data privacy
In Figure 4, many respondents agreed the government was not doing enough to secure citizens in cyberspace.
The Head of Research for Nigeria Data Protection Commission, Dr Hammajam Adamu, said all Nigerians, inclusive of women, should be concerned about data privacy to prevent their data from being manipulated, abused, or used for wrong reasons.
He said from research and feedback, women are more likely to be visible online, particularly when using social media platforms, which reduces their ability to remain anonymous. Adamu said the impacts of lack of data privacy were that pictures could be exploited, and impersonation could occur, “so, women and professionals are advised to pay attention to that.”
“Yes, the government is doing enough and you will be surprised; four weeks ago, I was in London,” he said.
“I attended a global forum on privacy principles promoted by the United States Government. In that forum, we see that at this stage, the United Government is at this stage they are trying to come up with legislation that governs how transactions of personal data are being conducted.
“You will be surprised that just a week ago, President Bola Tinubu signed an act which is Nigeria Data Protection Act. So, you can see the seriousness, globally we have shown leadership and commitment.
“We have shown that privacy is important to us and we have also communicated to the global community that if you are a big business handling the personal data of Nigerians then you will also have to work with our laws; collect that data where consent is provided, where there is a clear purpose for it and where there is a governance framework where you are accountable for.
“So, we have shown to be very serious and every business is now aware of that, there could be penalties, institutions like banks, and telecoms, are called data controllers because they collect data in the conduct of their business and the provision of service to you as well as a customer’’
Adamu said the legislation has provided safeguards, “Like Mr President had said in his inauguration speech, the digital economy will form a cornerstone as part of what he intends to deliver to Nigerians in his effort to boost our economy.”
He added: “To show the seriousness of that, less than two weeks in office, the resident has signed that into law.
“But we have to acknowledge that a lot of effort has gone into that by the former minister, former president Buhari and the leadership of Nigeria Data Protection Bureau as it were then, in the person of Dr Vincent Olatunji,” he said.
Adamu noted that Nigeria now has mechanisms to bring perpetrators and organizations of various cybercrime to book through a breach reporting tool on the website of Nigeria Data Protection Commission, “and the legal complaint and enforcement team looks at the veracity and extent of the reported breach and to further investigate and bring to bear the provision of the law.”
“We also have candidates’ initiative the commission is coming up with; a reporting platform, investigations, and tools as well as building a huge capacity for nationwide enforcement,” Adamu said.
*This work was produced as a result of a grant provided by the Africa-China Reporting Project at the Wits Centre for Journalism at the University of the Witwatersrand, Johannesburg. The opinions held are of the author.
