The Nigeria Police Force’s web portal dedicated to reporting cybercrime is unsafe and violates the guidelines stipulated by the National Information Technology Development Agency (NITDA for government websites, FIJ can report.
When FIJ checked on Saturday, there was no sign of security encryption on the website’s Uniform Resource Locator (URL).
This can be confirmed by the conspicuous absence of the Secure Socket Layer (SSL) in the URL. That is, the portal’s link only has the Hypertext Transfer Protocol (HTTP); it doesn’t have the ‘S’.
By implication, information submitted, sent or received through this website is not encrypted. Nigerians who use the website may be giving away their personal information to phishers and cybercriminals.
Anyone trying to gain access to the portal will get a prompt from their website browser warning them of potential cyber attacks if they have safety features enabled.
READ ALSO: VIDEO: IBD Dende Threatens to Kill Customs Officer for Seizing His Smuggled Goods
Cloudflare, which provides security services to about 20 percent of internet users, recommends that a website enables the SSL to prevent just anyone from reading server requests and the corresponding responses on a webpage.
But beyond Cloudflare or Google’s recommendation, Section 7.2 of the NITDA Standard and Guidelines for Government Websites mandates all government websites to use technologies like the SSL to encrypt information wherever necessary.
Inactive Phone Numbers and e-mails on the NCS Website Violate NITDA Guidelines
In its guideline documents, NITDA specifically recommends the use of the SSL to ensure that government websites are protected from cybercriminals at all times.
“Government Institutions shall: i. ii. iii. Commit to a continuous process of maintaining the security of Web Servers to ensure continued security. Use authentication and cryptographic technologies as appropriate to protect certain types of sensitive data with differing access privileges. It is recommended that SSL be used for any cryptographic implementation,” the guidelines read.
All attempts to reach the cybercrime unit of the NPF on Saturday proved abortive. FIJ called the designated phone number three times, but none of these calls was answered.
Subscribe
Be the first to receive special investigative reports and features in your inbox.