17 JULY 2024 – WINDHOEK

In today’s digital era, the risk of cyber-attacks is a significant concern as bad actors aim to exploit vulnerabilities present in our online interactions. There are several ways in which individuals can inadvertently become targets for these threats, whether through negligence, lack of knowledge, or simply by oversight.

Cybercriminals utilise a variety of tactics to target individuals, with common techniques that are consistently used. It is crucial to be aware of these methods in order to safeguard yourself and your organisation.

This article delves into techniques that make individuals vulnerable to cyber-attacks and provides practical advice on how to enhance personal protection in a constantly evolving interconnected world. Let us explore the most common ways people are targeted and how they can secure their personal information.

1. Phishing Scams

Phishing scams are a common way for people to get hacked, so it is important to prioritise security measures and stay vigilant. Look out for warning signs such as suspicious links, unexpected attachments, requests for confidential information, and urgent language in messages. Always verify sender addresses, domains, message typos, and urgent requests before taking any action.

Vishing involves fraudulent phone calls or voicemails from seemingly reputable companies in an attempt to obtain personal information. Never give out personal or banking details over the phone unless you initiated the call, and always contact your service provider to verify the request or report any suspicious calls. Remember, your bank will never ask for your passwords or pins over the phone.

Smishing refers to phishing attacks through text messages. These messages may lead you to a phishing website or download harmful software onto your device. Always verify any suspicious texts with your service provider before clicking on any links. For example, be wary of texts claiming to be about a delayed delivery with a link to track it. Stay cautious and always verify the legitimacy of any messages before taking any action.

 

2. Weak Passwords

Protect yourself from cybercriminals by using strong, unique passwords for each account and enabling multi-factor authentication. Cybercriminals can crack weak passwords in a matter of minutes or seconds, giving them access to valuable personal information and financial assets. Do not fall victim to these malicious actions – take proactive steps to safeguard your online accounts.

3. Social Engineering

Not all attacks require advanced technology or complex software to be successful. Sometimes, hackers can exploit simple deception to trick individuals. This is the concept behind social engineering, which involves using deception and psychological manipulation. To protect yourself, remain vigilant, question the identity of individuals, and approach any requests for money or personal information with caution. Additionally, refrain from sharing too much personal information on social media and always ensure your security and privacy settings are enabled on all platforms.

4. Outdated Software

Failing to update your systems leaves them vulnerable to cybercriminals who can exploit security weaknesses to steal data or introduce malware. It is essential for organisations to regularly apply critical security patches to all systems and applications. Follow your workplace’s update installation policy and enable automatic updates on your personal devices to ensure you are always protected from potential security threats.

In conclusion, it is crucial for individuals to stay informed and vigilant about the common ways in which they can become targets of cyber threats. By taking proactive measures such as updating passwords regularly, being cautious of phishing emails, and securing personal information online, individuals can significantly reduce the risk of falling victim to cyber-attacks. It is important for everyone to priorities their online security in order to protect themselves and their personal information in an increasingly digital world.

ENDS

Issued By:

Ms. Cornelia Shipindo
Manager: Cyber Security
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na

25 JUNE 2024 – WINDHOEK

In today’s interconnected world, digital literacy is a fundamental skill required in all areas of life. As an Authority, we recognise the transformative power of digital literacy. It extends beyond basic technology use to include critical navigation, evaluation, and creation of information on digital platforms.

Digital literacy encompasses various competencies: using digital devices like computers, smartphones, and tablets; navigating the internet; utilising software applications; and engaging with social media platforms. It also involves critical thinking to assess online information, understand privacy and security concerns, and use digital tools ethically and responsibly.

Digital literacy empowers individuals by providing tools to access information, communicate effectively, and participate in the digital economy. In Namibia, enhancing digital literacy can bridge gaps in education, employment, and social inclusion. For students, it opens doors to educational resources and online learning. For job seekers, it means access to job portals, online applications, and remote work opportunities.

The global economy is increasingly digital, and Namibia must keep pace to remain competitive. Digital literacy is crucial for entrepreneurs and small business owners to market products online, manage e-commerce platforms, and leverage digital tools for growth. For the broader workforce, digital skills are now a prerequisite for many jobs, from basic computer literacy to advanced technical skills in fields like cybersecurity, data analysis, and digital marketing.

Digital literacy also plays a vital role in governance and civic participation. With the rise of e-government services, digitally literate citizens can access public services more efficiently, participate in online consultations, and engage with government initiatives. This improves transparency, accountability, and fosters a more inclusive and participatory democracy.

In healthcare, digital literacy can significantly enhance patient care and health outcomes. Telemedicine, electronic health records, and online health resources require both healthcare providers and patients to be digitally literate. During the COVID-19 pandemic, digital tools enabled remote consultations, online health monitoring, and the dissemination of crucial health information, underscoring the need for digital literacy in managing public health crises.

Despite its importance, several challenges hinder the widespread adoption of digital literacy in Namibia:

Limited Access to Technology

Many Namibians, particularly in rural areas, lack access to digital devices and reliable internet connections. This digital divide exacerbates existing inequalities and limits opportunities for those without access to technology.

Lack of Training and Education

Many schools and communities lack the resources or qualified instructors to teach digital literacy effectively, leaving individuals without the skills needed to navigate the digital world.

Cultural and Language Barriers

Cultural and language differences can also pose barriers. Digital content is often available in dominant languages, excluding those who speak indigenous languages. Additionally, cultural attitudes towards technology can influence how individuals perceive and use digital tools.

To address these challenges and enhance digital literacy in Namibia, a multi-faceted approach is needed:

Infrastructure Development

Expanding digital infrastructure is fundamental. Efforts must be made to provide affordable and reliable internet access across the country, particularly in underserved rural areas. Public-private partnerships can play a significant role in this endeavour.

Education Integration

Integrating digital literacy into the national education curriculum from primary school through to higher education is crucial. Schools should be equipped with the necessary technology, and teachers should receive training to teach digital skills effectively. Community centres and libraries can also serve as hubs for digital literacy training.

Support for Vulnerable Groups

Special attention should be given to vulnerable and marginalised groups to ensure inclusivity in digital literacy initiatives. This includes designing tailored programmes for older adults, providing assistive technologies and support for people with disabilities, and addressing gender disparities in digital access and literacy.

Collaboration with Stakeholders

Enhancing digital literacy requires collaboration between various stakeholders, including government, private sector, civil society, and international partners. By working together, these stakeholders can pool resources, share expertise, and develop comprehensive programmes that address various aspects of digital literacy.

Digital literacy is a cornerstone of modern society, and its importance cannot be overstated. For Namibia to thrive in the digital age, we must prioritise developing digital literacy skills across all sectors of society. By addressing the challenges and implementing strategic initiatives, we can empower our citizens, enhance economic opportunities, improve governance, and advance healthcare. As we move forward, let us commit to creating an inclusive digital future where every Namibian has the skills and knowledge to participate fully in the digital world.

As an Authority, we are dedicated to promoting digital literacy and bridging the digital divide. Together, we can embrace the digital future and ensure that every Namibian is equipped to navigate and thrive in the digital age.

ENDS

Issued By:

Hilya Mhani

Manager: Consumer Relations and Advocacy

Tel: +264 61 222 666

Email: Stakeholdercomms@cran.na

19 JUNE 2024

In today’s digital age, maintaining security and privacy is more important than ever. With the constant threat of cyber-attacks and data breaches, it is essential for individuals within organisations to play their part in keeping information safe. While technology can help to a certain extent, human error is still a major factor in many security breaches. That is why following proper security protocols and being aware of potential threats is crucial in ensuring the safety of everyone involved.

Here are five simple actions you can take to play your part.

1. Following Policy
Policies are created to ensure the security of all individuals affiliated with an organisation. They serve as rules to reduce expensive errors and recognise potential threats to systems, data, and individuals. Adhering to policies is a simple and important step that all employees, regardless of their position, can take to protect the organisation.

2. Locking Workstations
No matter the employee’s position or location, it is crucial to always lock workstations and devices when they are not being used. This quick and easy step helps safeguard the access given to you and prevents unauthorised use of your logged on profile. Furthermore, it is important to use strong, unique passwords on all devices and never share them with others.

3. Keeping a Clean Workspace
Do not underestimate the significance of keeping a clean and organised workspace. While it may not appear to be a security concern, a cluttered desk can result in errors like misplacing ID keys or important documents. Maintain an organised workspace and securely store any items containing confidential information.

4. Avoiding USB Devices
Cybercriminals often opt for simplicity by distributing malicious software on USB drives in easily accessible locations. Another tactic is mailing infected drives to organisations, hoping someone will unwittingly plug them in and infect their computer. To safeguard against these attacks, only use authorised USB devices or those that you personally own, including charging cables.

5. Reporting Incidents
An incident is defined as any suspicious or abnormal occurrence. For instance, stumbling upon a USB drive out of the blue is considered an incident that requires immediate reporting. Why the rush? Delaying the reporting of an incident can escalate the potential damage. Reporting promptly enables organizations to swiftly assess the situation and minimize any potential harm.

Remember, people are a crucial part of cybersecurity defense. By following these simple actions and being vigilant in maintaining security and privacy, individuals can help protect themselves and their organisations from potential threats. Together, we can all play our part in maintaining a safe and secure digital environment.

ENDS

Issued By:
Ms. Cornelia Shipindo
Manager: Cyber Security
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na

18 JUNE 2024 – WINDHOEK

The International Telecommunications Union (ITU) defines Type Approval as a technical evaluation process to ensure that telecommunications equipment meets specific regulatory standards. In Namibia, this process is overseen by the Communications Regulatory Authority of Namibia (CRAN). CRAN is mandated to regulate telecommunications equipment intended for import into Namibia and ensure such equipment complies with Type Approval standards. Section 80 of the Communications Act (No. 8 of 2009) states that CRAN must prescribe reasonable technical standards for telecommunications equipment to prevent harm to electronic telecommunications networks, public health, and safety.

The current Type Approval Regulation, dated 21 August 2023, and published in Government Gazette No. 8180, requires the following entities to seek Type Approval Certificates:

• Manufacturers
• Importers
• Distributors
• Individuals

The purpose of Type Approval is to ensure that telecommunications equipment complies with Namibian and international standards to prevent radio interference and avoid health and safety hazards. Type Approval is issued for any telecommunications equipment that transmits, receives, or uses radio frequencies and is connected to any electronic communications network, such as cell phones, laptops, computers, radio communications equipment, and digital set-top boxes.

The processing time for Type Approval certification is 40 days as per the Type Approval Regulation. However, the Authority endeavors to issue the certificates within a reasonable time, depending on the volume of applications received.

In February 2023, CRAN and the Namibia Revenue Agency (NAMRA) signed a Memorandum of Understanding (MoU). This followed an agreement between CRAN and the Ministry of Finance: Directorate of Customs and Excise in 2016, aimed at harmonizing the implementation of laws governing the importation of telecommunications equipment into Namibia. The MoU establishes a framework for cooperation between the two parties in areas of common interest for effective and efficient performance of their respective mandates.

The MoU aims to:
•Promote cooperation and coordination regarding the importation of telecommunications equipment into Namibia.
•Collaborate on capacity-building initiatives.
•Establish a working committee to discuss and recommend solutions to challenges impacting the successful implementation of the Type Approval regulatory framework.

Anyone seeking Type Approval must submit a complete application, including all supporting documentation and payment of applicable fees, before importing the telecommunications equipment. Equipment will not be cleared by Customs without a Type Approval certificate. It is best to apply for type approval before importation to avoid delays and that the Authority will not carry any storage costs due to delays in obtaining necessary certifications.

The Type Approval process consists of the following methods:
•Standard Application process
•Simplified method
•Renewal method
•Temporary Importation method
•Reconsideration method

The regulations also specify telecommunications equipment exempt from Type Approval, such as laptops, servers, smart televisions, and tablets without SIM slots. A list of approved devices is available on the CRAN website.
Telecommunications equipment temporarily imported into Namibia for prototypes, testing, and trials, as described in Regulation 5 (3) (a, b) of the Regulations, does not require a Type Approval certificate. However, clients must apply for temporary importation.

It is crucial for all parties involved in the importation of telecommunications equipment to familiarise themselves with the Type Approval Regulations, obtain the necessary Type Approval documentation, or contact CRAN’s Type Approval Team for further assistance at ta@cran.na or 061 222 666.

Namibia’s Type Approval regulations align with international practices followed by ITU Region 1 regulators and standardisation processes prescribed by the ITU. Besides Namibia, South Africa and Botswana also implement Type Approval, and vendors and suppliers generally operate in these markets without issues.

  ENDS

Issued By:
Ms. Loide Nuutushi
Officer: Equipment Approval
The Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na

As Namibia joins the Fourth Industrial Revolution (4IR), the Information and Communication Technology (ICT) industry starts to have a significant impact on the country’s economy, promoting equality of opportunity, industrial development, economic growth, and poverty eradication. The Namibian government has put laws in place to encourage the growth of ICT due to its importance to economic development.

Through the Communications Regulatory Authority of Namibia (CRAN), the Ministry of Information and Communication Technology (MICT) oversees Namibia’s information technology, telecommunications, broadcasting, media, and postal sectors. CRAN was established in terms of Section 4 of the Communications Act
(No. 8 of 2009) (the Act) to regulate the communications industry in Namibia. The communication industry consists of, but is not limited to, telecommunications, broadcasting, and postal service providers.

As in many other countries, regulatory investigations are essential to the ICT industry in Namibia. CRAN often caries out these investigations to make sure that laws, rules, and industry standards are being followed and they serve several important purposes including:

❖ Monitoring Compliance: Regulatory investigations assist in keeping track of how well ICT businesses, service providers, and operators abide with the applicable rules and regulations. This guarantees that operators follow laws
that support ethical competition, consumer protection, and the effective operation of the industry.

❖ Consumer Protection: Investigations are frequently conducted to safeguard the interests of consumers. Regulatory agencies may look into complaints about billing disagreements, service quality, or other problems affecting ICT
users. They do their best to guarantee that customers get the services they paid for and that their rights are protected.

❖ Fair Competition: Investigations by CRAN are meant to restrict anticompetitive behavior in the ICT industry. CRAN may look into claims of unfair commercial practices like collusion among players in an industry or monopolistic activity. Fair competition encourages innovation and is advantageous for consumers.

❖Spectrum Management: Spectrum is a valuable and finite resource in the ICT industry, particularly in telecommunications. To ensure effective use and equal access for various service providers, CRAN may look into the distribution and exploitation of spectrum.

❖Policy Development: The results of regulatory investigations may be used to build or amend Namibia’s ICT laws and regulations. The information and insights gained from these studies may help policymakers respond to technological improvements and shifting market conditions.

❖Dispute Resolution: In disagreements between various ICT industry parties, CRAN frequently acts as the mediator or arbitrator. Investigative procedures can assist in resolving disputes and conflicts, so avoiding the need for expensive litigation.

❖Promoting Innovation: Regulatory investigations can provide a level playing field that fosters innovation and investment in the ICT Industry by enforcing rules and standards. Both the industry and customers gain from this.

❖Penalties and Enforcement: Enforcement actions and sanctions may result from regulatory investigations against operators that contravene the Act or its regulations. These fines may serve as deterrents and as incentives for conformity.

CRAN is required to conduct investigations into any behavior that violates section 122 of the Act in order to effectively regulate the ICT sector. According to Section 123 of the Act, CRAN is free to designate any of its employees as inspectors to carry out the Act’s powers. In addition, Section 124 enables CRAN to designate anyone with specialist knowledge in a given field as a special investigator to look into any violations of the Act or its regulations.
To execute the mandate of investigations, Section 125 of the Act outlines the powers and functions of an inspector appointed under the Act. Inspectors play a crucial role in ensuring compliance with the provisions of the Act, particularly in matters related to electronic communications, broadcasting, and postal services. Some of the key roles and responsibilities of an inspector are:

❖Investigation and Inspection: An inspector is authorized to investigate and inspect any books, telecommunication facility, any telecommunications equipment or any other object, to obtain any information required.

❖Gathering Evidence: Inspectors have the power to gather evidence related to potential violations of the Act. This may include collecting documents, interviewing witnesses, and conducting on-site inspections to establish facts related to alleged breaches.

❖Reporting: Inspectors are required to prepare and submit reports on their findings to CRAN. These reports may be used as the basis for further enforcement action.

❖Assisting in Regulatory Proceedings: Inspectors may be called upon to provide evidence or testify in regulatory proceedings, including hearings, investigations, or legal actions related to violations of the Act.

❖Securing Evidence: Inspectors may seize and secure evidence that is relevant to investigations, ensuring that it is preserved and can be used in regulatory or legal proceedings. This power to seize is set out in Section 126 of the Act.

❖Access to Premises and Information: Service providers are generally required to provide inspectors with access to their premises, equipment, and information necessary for conducting inspections and investigations. Inspectors, however, cannot enter premises used for dwellings to conduct an investigation.

❖Confidentiality: Inspectors are bound by confidentiality obligations regarding the information and evidence they gather during their investigations. They must handle sensitive information with care and in accordance with legal requirements.

❖Cooperation with Other Authorities: Inspectors may cooperate and share information with other law enforcement agencies or regulatory bodies when necessary to enforce compliance with the Act. Section 127 encourages co-operation as it directs that a CRAN Inspector while conducting investigations in terms of the Act, may request a police officer to accompany them.
It is important to note that the specific powers and procedures of inspectors may be further detailed in regulations or guidelines issued under the Act, and they are expected to carry out their duties with fairness and impartiality while upholding the law. Additionally, the exact roles and responsibilities of inspectors may evolve over time as regulations and industry practices change.

ENDS
Issued By:
Mr. Joel Shikoyeni
Officer: Investigations
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na