Doing business in Nigeria is hard enough, but the ever-increasing activities of cybercriminals and the ripple effects they have on businesses are making an already terrible situation worse.
Nigeria is a low-trust society. What this means is that we are generally untrusting as a people. We manage to get along cautiously, until the advent of ‘419’ and the unabated threats from internet fraudsters and other criminal elements, making it more difficult for Nigerians to trust the system.
One currency any business owner cannot afford to run out of is trust, and in Nigeria, we are running fast out of it. For new and established businesses in Nigeria, building trust is a continuous struggle. This struggle is made more difficult in recent times by the activities of internet fraudsters ‘yahoo boys.’ It is increasingly difficult or impossible to close any international deal once your company is identified as Nigerian. Even within the country, people find it difficult to do business with Nigerian companies. The tag that every internet-based company is ‘Yahoo-yahoo’ has further increased the distrust and slow penetration of many internet-based payment systems. This level of distrust has affected the success of several business models that worked perfectly in other climes; one example is Airbnb.
Top eCommerce companies in Nigeria have struggled to address this trust issues but to no avail. For instance, the ‘pay on delivery’ initiative championed by Jumia and Konga to tackle the distrust many Nigerians showed towards making online payments, has since been abandoned due to criminals taking advantage of the system. With various high profile financial restrictions from international financial platforms such as PayPal and American Express, Nigerian businesses are experiencing more difficulty getting paid by foreign companies for their services. Nigerian freelancers on platforms like Fiverr are bearing the brunt more than others.
Businesses Beware!!! Increasing threats
All up until now, the techniques fraudsters use have been mainly unsophisticated romance and Nigerian prince scams, targeted at individual victims. The latest scam, Business Email Compromise, is a shift to a more sophisticated and organized attack directly, impacting businesses. The recent arrests of 14 persons and the naming of 80 defendants charged with defrauding victims of up to $10 million, as reported by Quartz Africa shed more spotlight on the new cyber fraud threat called Business Email Compromise (BEC). According to the FBI Assistant Director in charge of the case, Paul Delacourt, “fraudsters use hacked email accounts to convince businesses to make payments that are either bogus or similar to actual payments owed legitimate companies. As part of the scam, fraudsters learn about key personnel responsible for the payments in companies as well as the protocols necessary to perform wire transfers in various companies and then target businesses that regularly perform wire transfers.”
Protect your Business
How do businesses protect themselves from this threat? The nature of this recent scam requires that businesses make it a priority to run an effective IT department, which can effect measures such as updating software and adding two-factor authentication on company accounts. According to Crowdstrike’s 2018 report, in many BEC cases, Office 365 and Google Suites were compromised because two-factor authentication was not enabled. Other steps should include adding administrative control to filter out certain types of emails, reveal where such mails are coming from as well as educating employees on how to prevent possible exposure to the company via their off-work online activities. Since the goal of such attacks is financial, companies should set a requirement for multiple persons to sign off before large transactions are made.
These recommendations no matter how effective are only defensive. Moreover, they are only done on an individual company basis. There is a need for government at all levels to take effective action and give more holistic blow to this growing threat. If a bad national reputation or the increasing harassment of Nigerians abroad are not enough reasons, the annual loss of over N127 billion to internet fraud, according to the minister of communication, should be of major concern.
We like to see agencies like the Economic and Financial Crimes Commission (EFCC) do more. They should carry out more coordinated interagency investigations that do more than make individual arrests to bringing down the networks and other criminal gangs involved. The Nigerian government should invest more in technologies that will assist in building a more efficient national cybersecurity system, capable of supplying various agencies with requisite data and cyber-surveillance necessary for swift action on complaints of cyber fraud.
Cyberfraud remains a huge threat to Nigerians and Nigerian businesses. We continue to risk our reputation if this goes on unabated. Our businesses will continue to face problems in international markets, in terms of payments and breaking into new markets and regions. Also, the risks inherent in not putting countermeasures in places especially for local businesses can be devastating and sometimes fatal. The approach to cubbing the menace has to be both preventive and punitive.
Anselem Kadiri is an entrepreneur by day and a writer by night. Follow him on Twitter @anselem_kadiri