Urgent Measures Needed on Identity Theft in Namibia

Namibians are known for their trusting nature but this can have detrimental consequences when securing personal information in cyberspace.

Cyber security is about measures taken by individuals or organisations for protection against unauthorised access or cyberspace attacks.

Access to personal information is an entry point for many attackers. This includes email addresses, phone numbers, home addresses and ID numbers.

Everyone, from individuals to large institutions, risks falling victim to data theft.

A notable example, which could be linked to information theft, is the case of the National Petroleum Corporation of Namibia, where N$2,2 million was transferred to a wrong account because of a fraudulent email request from someone posing as a supplier.

The money was never recovered. This incident required the perpetrators to have detailed knowledge of the transactions and email addresses of involved parties, presumably obtained through unauthorised access to information.

Similar incidents have occurred where individuals, including ministers, have lost money to individuals impersonating bank employees.

These examples should serve as an urgent reminder to us all to be more vigilant in protecting our personal information.

‘THE BIG EASY’

The ease with which information can be accessed and misused in Namibia is alarming. It underlines the urgent need for data protection and privacy education.

Data is no longer just a byproduct of our digital lives; it is a valuable commodity that drives innovation and economic growth.

However, the potential for abusing personal information through unauthorised access can lead to privacy infringements and significant financial losses for organisations and individuals.

The threat of our personal information being targeted is not a matter of if, but when.

We must educate ourselves and our institutions about the risks and preventive measures.

The methods used are diverse and ever evolving, ranging from sophisticated hacking operations to simple cases of obtaining an individual’s identification number, residential address, and recent purchase history, whereabouts, etc.

Criminals often monitor homeowners’ activities to plan their crimes. Similarly, hackers monitor online activities, such as social media updates, to gather information.

In addition, personal information can be accessed without an owner’s authorisation via hardcopy documents stored in unsecured spaces, such as CVs and supporting documentation submitted for job applications.

The type of mobile phone you use can also determine the security of your data: Some applications may leak your data to unauthorised entities.
Even seemingly insignificant items, such as discarded ATM receipts, can provide enough data to defraud someone if combined with other information.

Dubious internet links for employment opportunities and announcements of winnings shared in WhatsApp groups are traps for collecting unauthorised information.

INNOVATION NEEDED

In Namibia, the management of identification information makes most people susceptible to identity theft.

Organisations frequently require hardcopy job applications, with personal information printed on CVs and attached certified documents.

These applications are often dropped in unsecured boxes with no data protection guarantee.

During a consultation with an insurance provider, I was asked to write my identity information, address, and income in a book containing similar information from other clients.

This book was kept in an unlocked drawer, raising severe security concerns. The staff member seemed oblivious to my concerns and ignorant about security risks.

An innovative approach to ensuring institutions guard personal information is needed.

Employees working for institutions with access to personal data can become interest points in collecting information on clients through accessing their devices.

Government institutions publishing individuals’ names and personal information in newspapers further exposes people to risk.

The ease of unauthorised access to personal information underlines the urgent need for stricter regulations and enforcement.

Publicising vital information or sharing biometric data with third parties could also lead to serious privacy breaches.

With technological advances in the finance sector also reaching Namibia, we must update our data protection and privacy legislation.

The potential for data leaks is an important concern as many access points to personal information exist.
The urgency of implementing stricter regulations and enforcement cannot be overstated.

Organisations and individuals should also be cautious about publishing location information on social media platforms without authorisation from individuals: It can be used to track their movements and identify vulnerabilities and attacks when they are away from home or the office.

ROBUST MEASURES

There is a need for robust data protection and privacy laws on a national level, and self-regulation from the public. Anyone who can use a digital device connected to the internet needs to be made aware of the dangers of identity theft.

Organisations also need to avoid requesting ID numbers unless they can guarantee data protection from their institution.

Importantly, organisations should have a higher IT personnel-to-staff ratio plus, dedicated departments working on cyber security.
As individuals, we hold the key to our data protection.

While technological advancements are crucial for economic growth and innovation, they also bring security concerns.

We have a collective responsibility to be vigilant and innovative in safeguarding our data, those of our colleagues, friends and family members.

– Menare Royal Mabakeng is a PhD candidate and lecturer in the department of land and spatial sciences at the Namibia University of Science and Technology. The views expressed here are her own.