Maximizing return on information technology investment – six tips to make it real.

The objective of making any worth while investment is to maximize returns from it. Every Accountant and Financier will not hesitate to tell you this, yet you see people making heavy investment in information technology today than ever without really getting the best out of it. Have you ever sat down to take stock of the returns you have made from your investment in IT? If you have, what was your finding? Enough of those questions you may be saying within your mind and you are right. I am not here to bother you with questions but to proffer solution. Hence, the next six paragraphs that follow give valuable tips on how to maximize returns from your investment in IT. One paragraph for each point. Read with rapt attention.

Alignment of Business Strategies with IT infrastructure objectives: as obvious as this may sound, many people still go ahead investing heavy amount of money on IT without taking time to find out if the strategy of the organization is in line with the objective of the IT product. They become so much in a hurry to purchase that new piece of gadget just because the marketer has created some sense of urgency- which is the essence of sales. Take time to analyse your business objective and see if it can be met by the features of the new IT product you want to buy. For instance, if one of your business objectives is to secure your online customers information, does the new IT product you are about to buy have features that can support the transfer of encrypted data through a Secure Socket Layer (SSL) i.e, through a secured medium.

Investing in quality IT products the first time: if the strategy of the business and the objective of the IT product you intend to buy are properly analysed, you will not find it difficult to make the right investment decision. Often time, investing in high and right quality might be expensive, but will save money if it meets and surpasses the need of the business.

Training of staff in the use of IT infrastructure: arguably, your assets are as good as the quality of staff operating it. You may deploy the highest and the most appropriate IT solution, but if your staff members cannot utilize it, you have just wasted your money and time as this will not add any value to your business.

Outsourcing of certain IT project: upon analysis of the above three points, if it is discovered that the business in question lacks what it takes to maximize returns from It, then outsourceit.

Customer Education: in most cases, the potential of IT products are unlocked by the customers through appropriate use. In this case, it becomes the duty and responsibility of the organization to educate its customers. After all, customers are the kings. If you don’t certify them, someone else will.

Constant upgrade: in this our jet age, things quickly become outdated if not upgraded. Fail to upgrade and see yourself closing shop. The good news here is that majority of the IT upgrade are software based. It could be by simply upgrading the drivers (software responsible for normal operation of hardwares).

Oops! What a rigorous process you maybe saying to yourself. I want to assure you that this is not as difficult as it sounds. Just do it and see yourself smiling all the time because you did.

Mobile phone gun – an emerging security threat in Nigeria

You can imagine the shock I had when I saw the headline on AIT – “MOBILE PHONE GUN NOW IN CIRCULATION IN NIGERIA”. I immediately thought of how to spread the news to as many Nigerians as Possible. This swung me into action and I came up with this article to let you know that such danger now exist and give you tips on how to distinguish between normal phone and Gun-phone. Below are some of the features of the SATANIC mobile phone that you and other Security Agents in Nigeria have to look out for.

FEATURES.

At first sight it looks like a regular cell phone — same size, same shape, same overall appearance. But beneath the digital face lies a .22-caliber pistol, a phone gun capable of firing four rounds in quick succession with a touch of the otherwise standard keypad. Only when you have one in your hand do you realize that they are heavier

The guns are loaded by twisting the phone in half. The .22-caliber rounds fit into the top of the phone under the screen. The lower half, under the keyboard, holds the firing pins. The bullets fire through the antenna by pressing the keypad from numbers FIVE TO EIGHT.

A sample picture here will make you get the picture clearly.

Deadly Weapon in disguise
Deadly Weapon in disguise

Taking a closer look will reveal to you that there is a sophisticated machine inside with holes that allows the bullet to pass through.

SECURITY MEASURES AND IMPLICATIONS

 Interpol sent out a warning to law enforcement agencies around the world. I am not too sure whether the Security Agents in Nigeria acted immediately on the warning signal sent out by Interpol. My advice to innocent Citizens of Nigeria is to be suspicious of every device that looks like a mobile phone in possession of any body that looks suspicious to them. Be ready to run as far as possible in case of emergencies.

For the Security Agents, get the device that can detect this deadly mobile phone. This detective equipment should not only be used at the borders but at strategic points (commercial areas especially the banking areas). It was reported that this gun was first discovered in NIGERIA in CALABAR the capital city of Cross-River state. It is yet to get to Lagos, Abuja, Ogun and other major cities as at the time of this writing.

The Security implication is that the already deplorable security situation in Nigeria will be worsened. This is owing to the fact that Nigerians just like every other people in world always embrace the negative use of technologies. That means; more killings, robbery, kidnapping and what have you. It also means more challenge ahead for the security outfits.

FINANCIAL IDENTITY THEFT – DEFENDING YOURSELF

Financial identity theft is what all and sundry needs to be aware of. “Oh my God! How could this happen to me? All my life savings is gone in a twinkle of an eye, am dead…..” was the faint yelling I heard coming out of the office of the manager of a local here in Nigeria. It happened that a woman in Port-Harcourt the Capital City of Rivers State of Nigeria lost a whooping N96 Million to fraudsters that have stolen her online banking identity.  Through the help of non-repudiation, the bank was able to exempt themselves from the whole blame as the woman ignorantly gave out her online information to hackers (men in the middle).                                                                                                                                      It is not my portion; I reject it, back to sender, Holy Ghost fire. I guess are some of the phrases that are probably coming out of your mouth. Well, this Article is written in an attempt to help you identify some of the new tricks and advanced Trojans that hackers have employed and possible ways of countering them.

The first and nastiest of the financial Trojans is “SINOWAL TROJAN”. This is the most active in the financial/banking malwares out there. SINOWAL belongs to a category of Trojan that changes continuously and are updated to steal credentials from financial institutions and High Net-Worth individuals. A variant of this malware is capable of modifying data on the fly. For instance, if the user is making a transfer on a bank Web page, the malware can alter the data of the intended recipient of the transfer. This is possible by the underlying malicious code running between the Web page, i.e. he user will be seeing the right input the/she is making while the actual data of the recipient will be different. This smoothly brings us to the next member of the Trojan family to discuss.

“TROJAN.SILENTBANKER”. This was named by a security company Symantec. This variant of Trojan can capture online banking transactions considered to be well protected by “two-factor” or “multiple-factor” authentication controls, i.e, combination of different authentication methods (it can be Biometric plus password). During the banking or other financial transaction, Trojan.Silent will change the user’s bank account details over to the hacker’s account, all while mimicking what the user would expect to see from a real banking transaction.

“MAN IN THE MIDDLE” or “MAN IN THE BROWSERS”. This Trojan is responsible for illegally transferring money from its victims’ bank account, steal a copy of the bank Web page that displays its victim’s account balances that exists prior to the cash transfer. The victim will always be fooled as far as he/she  checks his/her account balance online. Imagine what will eventually happen when the victim finally hit the bank. Am sure we both agree it will be horrible.

“PHISHING, PHARMING, SPOOFING AND SPAM MESSAGE ” These are social engineering tools employed by hackers to fool their victims into initiating an action that eventually allows them (trojans) to infect/ infiltrate a computer. Though, there are other ways of infiltrating a computer, the above social engineering tools are non-technical way of fooling individuals to unwittingly supplying their confidential information- often leading them to a fake Website or web page. The simple countermeasure against this is to add official e-mail addresses of your financial institutions. Also, try not to click on any link in the body of message. Always copy the link and paste it on the browser. Hope that rule is simple enough to obey.

“PHONY PHONE CALL” is another weapon that these NEGATIVELY SMART GUYS employ. Before now, they use to call their victims, but now, they place their phone number on fake site with official banner of your bank, demanding that you should call for important information. When you eventually call, you will be told that the security of your personal information has been compromised. They will immediately quote one non-existing personal data asking you to confirm it. PLEASE DO NOT FALL PRAY AT THIS POINT. At this point, many people have no choice but to defenselessly give out their personal online banking details. OH! TOO BAD. Please do not be in a hurry. Go the physical office of your bank to confirm. On the advanced side, if you are tech-savvy, use WHOIS and other web tools to find out the true owner of the website claiming to be the official website of your bank. Though, some fraudsters engage the service of privacy Security Company.

One question to ask at this point is: IS THERE NO HOPE FOR THE VICTIMISED AND POTENTIAL VICTIMS? On first look at the prevalence rate of identity theft and other cyber crime, one will think that there is no amount of education capable of protecting online resource users from the activities of these scamsters. However, the best we can all do at this point is to install a STRONG ANTI-MALWARE/ ANTI-VIRUS product on your computer. HEY, D’ONT FORGET TO ALWAYS UPDATE IT. Very important. At the time of this writing, some Nigerian banks have taken the bold step of sending confirmation data to user’s mobile phone, along with a code that must be entered to validate the transaction. Though, this is not without its drawback- Telecom companies.

Oh, less I forget, for those that have already contacted VIRUS/MALWARE, here is a tip for you (though advanced)

  • Disable the system restore before getting rid of the Virus to ensure that the system doesn’t inadvertently back up a copy of the Trojan software.
  • Make sure all virus definition are updated on the antivirus software.
  • Delete the value from the registry
  • Remove and discharge the RAM module

To combat the negative effect of KEYLOGGER software, here is a tip for entering your password. Never enter your personal information serially- especially PASSWORD. What I mean is to enter them alternately. Trust me, this helps a lot in fighting key-loggers software. For instance, if your password is COMPUTER (hey, don’t even try to hack me with – just kidding), type TER, use the left directional arrow on your keyboard to move to the left and type PU, do same and type COM. That way, the key logger would log TERPUCOM. Though, this is in its simplest form. 

WOW! I have no doubt in me that for you to have come this far means that you enjoyed the invaluable tips provided in this article. The only price you have to pay for this is; TAKE ACTION. Find the necessary motivation to implement all you have learnt thus far and keep learning.