Cyber security in Malawi


At the end of last month, the Malawi Communications Regulatory Authority (MACRA) in conjunction with the Common Market for Eastern and Southern Africa carried out a cyber-security workshop – presided over, by no less than the Vice President of the country.

The stated aim was to raise awareness of the need for security in the face of the fast growing electronic transactions market brought about by increased usage of internet services and smartphones. I hope to see a clearer commitment by policy makers in government and private enterprise towards ensuring the protection of their own corporate information, and that of their clients. But forgive me for not holding my breath.

Whilst fully admitting that I did not attend this workshop, which may well have focused on solutions to the concerns outlined below – it would be appropriate to start to look at this area in a structured way. It all comes down to basics, and on this, Malawi is not even at the starting line in the race towards the secure digital age.


Firstly legislation. Malawi currently still does not have an approved country ICT policy – despite it being in draft form for over 10 years. Much talk has been made on policies such as the ICT4D initiative, but it is not yet in the public domain. These would form a sound foundation to develop the necessary regulatory and legal framework to keep cybercrime in check, and would focus ongoing government investment in areas such as capacity building and enforcement.

Building on the above – let me outline a few basic issues.

Firstly, licensing. In 2013, the World Economic Forum ranked Malawi on position 89 out of 148 countries with regard to intellectual property protection. Battles are fought daily by media artists in the video and music industry to protect their products. Currently Microsoft Corporation estimates that over 90 percent of office software in country is pirated.


I know of a number of banks, enterprises and especially government parastatals, many retaining confidential client data, who are currently using pirated software. Yet, many of these organisations have highly paid IT professionals whose responsibility is the protection of their IT infrastructure and data.

A simple fact – no matter how expensive your anti virus and protection software is – running these on pirated software leaves you vulnerable to cyber security attacks. The EULA on your expensive security solution clearly states that it cannot be guaranteed to work if run in conjunction with pirated software. Yet I often get clients who – once they find out the real cost of applications especially Office – disappear and re-appear with a pirated version loaded on their machines.

Secondly, anti virus protection. I am constantly stunned by organisations making millions every week, if not daily – who place all their trust in free or cheap anti virus solutions. And of course, the desperate phone call from their IT Managers asking for an urgent renewal usually with one or two days left, or when their licence has expired! With some clients, sadly, this is a regular annual occurrence.

Thirdly, best practice policy. How many companies ensure they have a password policy that requires users to change their passwords regularly? What policy do they have on the use of external media such as flash drives to protect confidential client and corporate data? What is their disaster recovery policy? It is better not to ask, sometimes.

Finally, as space does not allow me to cover all the points, how many companies have a legal and clearly defined User IT Policy that clearly spells out what users can do on their corporate infrastructure? How is instant messaging usage controlled – which allows users to send documents, videos and data almost instantly with a couple of clicks.

How do they stop the rampant access to pirated software, music and videos and pornography – most of which require accessing high risk websites, and most of which carry with them a malicious payload?

These questions need to be asked by policy makers of their IT professionals – yesterday is not too early.

Facebook Notice for EU! You need to login to view and post FB Comments!
Show More

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker