Livinus: Okay. My name is Livinus Enoja. I’ve been a staff member of Seamfix since 2010.
I started out as a software developer in 2010, then I switched to systems administration and, of course, network administration.
Over time, security was added to my responsibilities. So since then, I’ve worked on several projects aside from managing the internal IT infrastructure for Seamfix, part of which was with MTN Nigeria, Airtel Nigeria, Globacom Nigeria, 9Mobile Nigeria, First Bank Nigeria, Nigeria Identity Management Commission, and several other Nigeria Government Agencies. My major responsibility was enterprise infrastructure and cybersecurity management for the various software solutions we provided. Altogether, I think I have over 11 years of experience already.
Livinus: Of course, before COVID, a lot of organizations never believed that employees could be efficient while working from their various homes. You know, eventually, the pandemic opened a lot of eyes. Organizations discovered they could save a lot of money, especially operational costs, just by allowing employees to work remotely from the comfort of their homes. But since then, I think, especially those of us in IT embraced it, and it’s been very okay. In fact, we have been more productive working from home. Especially if you’re working in a city like Lagos where traffic is a big problem, hehe…
Livinus: Well, I think it’s easier for me, to be frank with you because, while we were working at the office, I coped with a lot of lateness issues, but since we started working remotely, that got out of the way.
Sometimes some people might not feel too well, but because they don’t have to leave their homes, they will still be able to get the job done. Although I miss the human touch daily.
Livinus: Okay, the general issue when it comes to IT infrastructure managers, is actually being able to totally control what users do on the organization’s devices. Okay. Do you understand? It becomes difficult to tell people who work with their own devices or use the company’s devices not to use them for private purposes.
You take this part seriously because they are likely to lose critical data if devices are not well protected from malware and viruses, but when you don’t have a means of managing them, it is very difficult. We were able to solve this challenge by using a cloud-based active directory and security information and event management system. Anyways, we try our best to give proper orientation to them on the dos and don’ts of work devices.
Livinus: Exactly. And we actually do that compliance training periodically, every quarter.
Livinus: Yeah! Just once. I think it was in 2015. We were not yet very security strong company-wise. We were not focused on security that much. So what happened was that one of my colleagues set up a database that was used for staging and user acceptance tests. Apparently, the person exposed the default port, I mean the database default port, publicly. Before we knew it, hackers were able to log into that database and hijack the database by encrypting it.
Eventually, we realized they used ransomware, and they requested some amounts of bitcoin before they could release the database back to us.
Fortunately, we had a backup for the database, even though, we lost a few hours of data in the process.
Livinus: Sure, it’s only when you experience some things that you know their intrinsic value. It actually served as the wake-up call we needed as a company. Now we have a lot of certifications, we have ISO 27001, NDPR, and GDPR, and we renew them every year. So we are very strong on cybersecurity as a company now.
Livinus: Generally, security threats are very detrimental especially when it comes to business integrity. Imagine, for instance, you shop on Amazon. Suddenly you hear that Amazon just reported that their database was actually hijacked. Knowing that you probably had your card saved on the platform, you’d be scared.
As a business, you get to ensure that your customers’ data is not compromised. Because when such happens, your customers find alternatives, and you lose revenue. So that is how severe security implications can be.
Livinus: My advice to them is that whatever they are doing when it comes to infrastructure management, workstation management, or endpoint device management, they should make security paramount.
For instance, if they are setting up a server or workstation, they need to be sure that it is set up securely. They should try and think deeply to ensure that all the loopholes within the environment are blocked. For organizations that produce software solutions, standard secure coding practices must be adhered to.
Also, there’s nothing as important as a continuous review of your security posture. Sometimes you might think, yes, I am secure; I’ve done my due diligence and everything. But if you don’t actually do reviews periodically, you might just be doing yourself more harm than good.
If a third party is brought in to review your infrastructure security-wise, definitely the third party could discover things you overlooked or did not discover during in-house assessments. Some organizations go to the extent of deliberately paying hackers to attempt to hack them, and the hacker gets paid according to the number of vulnerabilities discovered and exploited successfully.
Continuous assessment of the security posture of an organization can never be overemphasized.
Livinus: Thank you very much. Thanks for having me.