On 1 April 2019, the Federal Government under the Ministry of Health phased replaced the old ‘Yellow Card’ with a new electronic card which they issue to people who have been vaccinated. But on August 31, 2019 thousands of data were leaked! What can the Government learn from this?

The yellow card is an important document which is given to a person after getting a vaccine against yellow fever disease. In its stead, a new electronic yellow card would be issued for people who have been vaccinated.

The new e-Yellow card is also expected to stop the racketeering in fake yellow cards which are issued at point of airports and borders. The yellow card is also meant to forestall the problems of payment to collect the card without getting the vaccination.

The World Health Organisation (WHO) recommends vaccination against yellow fever for all international travelers, nine months of age and older before they come to Nigeria as there is evidence of persistent or periodic yellow fever virus transmission there.

The New System

The new implementation begun when the Ministry of Health said that all registration for getting the Yellow Card would be exclusively online. While this was a great movement in the light of digital sustainability and ease, the Ministry failed to see the critical aspect of securing its citizens.

Here’s an overview on how to get the card using the new system:

The new yellow fever card costs N2000 and will need to be paid online via credit or Debit Card Payment.

STEP BY STEP

• STEP 1:Visit http://www.yellowcardnigeria.com
• STEP 2: click on Register
• STEP 3: Fill in your personal information and click on submit button.
• STEP 4: Click on Payment button, generate your Remita Retrival Receipt (RRR) code and pay the sum of N2,000 online (or go to the bank).
• STEP 5: Take the payment receipt along with your international passport to any Port Health Services Office to get vaccinated and obtain the yellow card.

The Looming Problem

According to Business Day, “a visit to the website on Saturday showed that when a user input their passport number on the ‘Check card Number’ page, rather than take the user to the login page, it opens directly to the data page where the user’s information has been stored. When you increment the number one by one, you are taking to different private information of other users on the website.”

While the Ministry has not yet responded to situation which could (or has) potentially seen millions of private information belonging to travelers fall into the wrong hands, we take a look at the implications of this event.

Implications Observed

1. Loss or compromise of Travelers data. In this infamous Yellow Card data breach, which most likely occurred between late August 2019- and July, personally identifiable information belonging to around least 200,000 Nigerians is believed to have been accessed by cyber-thieves. The scale and consequences of the Yellow Card security faux pas is enough to scare any individual into dealing with sensitive information correctly.
2. Loss of money. The majority of cyber attacks concentrate on the insides of an agency’s wallet. It is forecast that by 2021, cyber-crime damages will cost the world $6 billion.While that is a fact that has begun happening, the current breach will likely cost the Ministry of Health huge junks in fixing.
3. Hurt of Reputation. Most downturns for firms and organizations are usually caused by data breaches and cyber attacks that could have been prevented. According to 90% of CEOs, striving to rebuild commercial trust among stakeholders after a breach is one of the most difficult tasks to achieve for any company?—?regardless of their revenue. Now, with this qualm that has blown to the ways of the Ministry of Health’s Yellow Card website, you can be sure that no Nigerian would feel safe to put their Debit Cards details on their website.
4. Risk of Physical Data loss. Over 70% of businesses involved in a major incident either do not reopen or fail within three years of an incident occurring. Remembering to keep the infrastructure of the Yellow Card website safe at all times to avoid loss of data is something that should have been the mind of the Nigerian authorities, unfortunately we know how the story turned out.

What the Nigerian Government should Learn!

With technology being fundamental to many businesses, it should hardly be seen as a surprise that cyber attacks pose significant threats. The above worst-case scenarios are to encourage businesses, and active participants in the digital economy, to implement protective measures that allow them to comply with data protection regulations. Although there is no “silver bullet” that can protect your business from cyber-crime, putting in place adequate security measures is essential for stability and continuity.

According to Glyn Moody of ARS Technica?—?Extremely personal information will be leaked with terrible consequences for some people. The only question is when. This is an essential thought, the Government should plan for the future, information accessed by hackers now could be used to harm the profile of well meaning innocent individuals in years times considering that hackers will take time to analyze the information gotten from their raids (breach success).

Data breaches can expose personal information, financial information such as credit card numbers from individuals and corporate secrets, their software codes, customers and even intellectual property.

Once the attack has been stopped and eliminated, the next step is to investigate it and assess the damage it has caused to the organization. Knowing how the attack happened is needed to prevent future attackers from the same tactics and succeeding. Also, it’s important to investigate the affected systems so that any malware possibly left by the attacker can be detected.

During the assessment, information that should be dug up includes:

• What was the attack vector?
• Was the attack based on social-engineering tactics or through user accounts?
• How sensitive is the breached data?
• What is the type of that data affected?
• Does the data contain high-risk information?
• Was the data encrypted and can it be restored (did the company backup their data)?

After taking the first steps in recovering from a data breach, a security audit is needed to assess the organization’s current security systems and to help with preparation for future recovery plans.

After an attack and taking all the appropriate steps for recovery, the importance of preparing for the next attack can’t be stressed enough. After being attacked once, the possibilities that you will be attacked again are substantial; it’s possible that the same attacker or group of attackers will try it again since they’ve already succeeded, or other groups will use the same or similar methods.

The security audit and internal investigation are valuable. The information uncovered will help guide you toward your future recovery plan and any vulnerabilities that may be lurking. The new recovery plan may include new privacy policies, security training for all employees, enforcing agreed policies with third-party businesses and more. But one thing every organization needs to do is work on educating their employees in some of the finer points of cyber-security since, as we mentioned, human error is one of the most frequent reasons a data breach occurs.

Featured image – Nigerian Yellow Card (Sahara Reporters)

I receive newsletters from James Clear weekly. This week’s edition is too compelling not to amplify his thought. He said:

“Optimists win in the long-run because their miscalculation of how long it will take or how likely it is to succeed motivates them to give it a try.

If you knew how hard it would be and how long it would take in the beginning then you might not try in the first place.

You can’t guarantee success, but you can guarantee failure: never try.”

Pessimists are good at one thing, on the contrary, they “know” exactly how long and what probability of success lies in any adventure. Because of “their knowledge”, they are deprived of ever attempting anything. Invariably, denied also of the likelihood of ever achieving anything. Be an optimist, you have more to gain than being otherwise. 

Examining the habit of an optimist

In James Clear quote above, 3 things exemplify an optimist

1. They believe they can achieve the impossible in a short period

They may not necessarily achieve it in that short period and in fact, they rarely do. Yet, they still maintain the momentum. As James noted, “If you knew how hard it would be and how long it would take in the beginning then you might not try in the first place.” There is beauty in not having complete knowledge of the process but your eyes must be focused on the end that you envisioned. This is the habit of an optimist.

2. They are not sure about the future but they still try

While all gaze is fixated on the end, optimists are still skeptical about the outcome. Except that their skepticism is not enough to push them back from attempting the impossible. Be an optimist.

3. They know that doing nothing guarantees failure

Here’s how they think, if I do this, what assurance of success do I have? say 15%.

If I do not do this, what assurance of success do I have? Guaranteed failure!

That’s it for them. They had rather attempt a 15% possibility of success towards a thing dear to them than accept a 100% guaranteed failure for not attempting. Be an optimist.

Given the choice between being an optimist and a pessimist, I urge you to go for the former. The reward from the former is more compelling.

Side note: A pessimist is generally not liked in most settings. While everyone is suggesting how to make something work, a pessimist will be proliferating the “gospel of how it cannot work”. This makes everyone naturally repel working with a pessimist.

And remember:

We grow by people. People are our reason for success. And if these people repel you, success by natural cause repels you. It’s an endless loop that ends in failure. Optimism is still your best bet.

Our vehicle nearly hit an elderly woman sweeping the flyover bridge at Akwata Junction, Enugu-Onitsha expressway, Awka in Anambra State. The woman seemed oblivious to her near demise. She was more interested in doing her job than keeping her life safe. She staggered to where her dustpan was, picked it up and went back to pack what she gathered together.

Some months ago, I witnessed a similar incident along Enugu-Port Harcourt expressway (on top of New Haven Bridge), but this time it was a construction worker marking areas to be dug on the road. His own case would have been worse because two trucks came for him. But for his quick movement out of the road, he would have been added to the number of accident victims.

I don’t understand why most Nigerian employers don’t consider the safety of their workers when assigning them duties. For instance these road workers I mentioned here were sent to work on highways but there were not safety measures taken to protect them. They were left to wine and dine with fate. Of course, if anything happens to them, they will be replaced immediately.

Apart from being knocked down, the presence of these road workers during rush hour can increase the magnitude of traffic gridlock. This usually happens when one side of the road is blocked completely and the side used by all the vehicles isn’t in good condition. Or when cars have to wait for some heavy equipment vehicles to finish their works before the road will be opened again (maybe for some minutes before it is blocked again).

I don’t even believe that these workers relax to do their jobs well in this sort of condition. For instance, you may see the part of road swept by someone looking like no work has been done there. I think the fear of being hit by cars makes them want to do their job as fast as they could so that they leave.

Well, I believe that the employers of these workers should consider the following as some of the ways they can make their workers’ job easier and safer:

• Time of Work: A lot of people suggest that these workers perform their duties in the night. I used to have this view but the state of security in the country has changed that. I wouldn’t advocate that someone comes out late in the evening or night to work on our roads when thieves and other hoodlums are at loose. To even start with, which light will they use to work?

What I suggest is that they come out very early in the morning to do their jobs. If they start of around 5am, when traffic is still very sparse, I believe they will be able to get most work done before 8am, which is when the morning rush hour starts.

As far as I know Nigerian roads, traffic is never sparse again until around 11pm, by which time it becomes unsafe again on our roads. So, it is best to do early in the morning.

• Use of Modern Equipment: You may not believe it when I tell you that our road sweepers use short brooms made from palm fronds to carry out their duties. Can you just close your eyes and imagine how many kilometres one sweeper can cover in a day with a short broom (especially those ones that have gone shorter from long duration of use)?

You see, we keep deceiving ourselves. It is something like this that makes my mother say that someone is busy tickling himself. How does it sound that people are being paid to sweep and keep the major roads clean and that they are using short brooms to achieve that? To some people, it sounds funny. But to me, it sounds embarrassing.

The employers of these people should please procure some decent equipment that they should use to make their work easier and more efficient. These people aren’t sweeping compounds nor streets, they are sweeping highways.

• Use of Road Sign: Sometimes these workers are sent into the road without road signs to notify motorists of their presence. This was the reason those two trucks nearly crushed the construction worker I mentioned earlier. Employers should ensure that they provide these workers with signs that tell motorists of their presence. Any worker that failed to use his or hers should be surcharged.
• Safety Gear: I think these people manage to get just the yellow or orange jumpsuit for their workers and leave them to ‘manage’ with that. Other safety equipment seems to be luxury. Helmets, goggles, gloves, facemasks and the rest are not part of what I see these people wear to work. For their helmets, they tie scarf; for their facemask, they use handkerchief; I see some of them with worn out gloves, on one palm only; as for the goggles, either they use their personal sunglasses or they leave their eyes to enjoy dusts and grits.
• Supervision: These workers need to be supervised to ensure that their works were well carried out. Most of them, especially the sweepers, don’t do their work well (even though I’m suspecting the short broom to be the culprit).

I know that developed countries use better electronic machines to sweep their streets and roads. But in Nigeria, we still use manual ones. It is fine because it ensures more job creation, to some extent. But, there is a need to make this work easier and safer for those performing it by giving them much needed equipment and providing safety measures that will protect them.

The English Commercial and Arbitration Court in London, has granted Nigeria leave to file an appeal against the award of $9.6 billion against the Federal Government of Nigeria, in favor of Process and Industrial Developments (P&ID). The Attorney General of the Federation and Minister of Justice, Mr. Abubakar Malami, said.

Few days ago,  it was announced that Nigeria had lost about $9.6 billion to an Irish firm simply because we couldn’t keep our own part of an agreement ,if really it was an agreement . It’s difficult to blame a specific individual  for this because when and how this contract was signed is shrouded in mystery. A few suggests it was signed at the time the late President Musa Yar’adua was in coma . Whoever signed it! Anyway, I don’t believe in ghosts.

He also disclosed that the court also ordered Nigeria to pay a security sum of $200 million for the court to grant a stay of execution of the ruling pending the judgement of the appeal.

“Stay of execution has been granted subject to payment of $200 million security payment to the court pending the determination of the appeal for the leave to appeal which has been granted by the commercial court.

“Application for leave to appeal against the award and enforcement of the award is granted.” He said

P&ID was awarded $9.6 billion in damages following a failed Gas Supply Agreement contract it had with Federal Ministry of Petroleum Resources.

The Federal Government of Nigeria launched an investigation into the contract and discovered massive fraud by representatives of P&ID in Nigeria. Upon the discovery, the Economic and Financial Crime Commission (EFCC) filed charges against the culprits which they pleaded guilty to.

The guilty plea and subsequent sentences provided a ground for Nigeria to challenge the outcome of the first hearing. Nigeria is desperately trying to mitigate the consequences   the ruling will impact.

With P&ID assets in Nigeria nationalized, legal experts believe that Nigeria has a better chance to turn things round. The recent development in London has given hope to such belief.