Key Government’ Agencies’ websites are ‘NOT SECURE’  …use with caution!

Registrar General’s Department  http://rgd.gov.gh

Government and its agencies should ensure that connections to their websites are secured to make it safer to use.

Best standard practice in the world should be that websites that serves as the online-front for a government’s agency will take the most basic step in securing its webpages.

My survey rather revealed something contrary to the high expectation of our own government’s webpages.  Ghana government’s agencies such as NITA responsible to ensure that all these websites are fully secured have either not seen it or are less concern about its implication to government’s business and integrity.

We must not take it for granted in our quest to go further digitally; that lapses such as the one this survey reveals can hinder our progress.

Google’s attempt to help website owners and users alike to be aware of unencrypted websites, has enables its Chrome Browser to label such websites “Not secure”

Like the usual behavior of all of us when it comes to security matters pertaining to our new found cyber life, we are less concerned. We are wowed by the experiences that we discover everyday online, than think about how to secure our digital image and integrity.

Governments and their agencies which are repository for vital information and its dissemination and data storage have no option than to ensure that at least the basic steps are taken to protect their online fronts or portals.

The other side of website security has to do with those who visit them and in the case of Ghana government’s agencies’ website, it is the citizens mainly.

See Also:  Are banks preparing  for the digital banking revolution? (1)

This simple survey is to alert the agency responsible for Governments websites to do the needful and to equally caution the citizenry to use the unsecured websites with a lot of caution.

HTTP vrs HTTPS  

So having the website connection on HTTPS simply means that it uses Secure Socket Layer, which is a standard security measure which ensures that connection between your browser and the website’s server is encrypted. Encryption here means secured from interruption of any kind.

So “NOT SECURE” government website or page only says your interaction with me is not private as you may think.  You can’t wholly believe what you’re seeing and whatever you share or submit can be intercepted.

It must however be made clear that the site being labelled as “ NOT SECURE” means that your connection to the website or some cases the particular page is not safe. But not to say the site can infect your device with some malware.

During the survey my team discovered that some of the websites are partially secured. For example when you visit the Registrar Generals Department’ website, it tells you it’s not secured, but some links leads to secure portals. That is to say some links to some pages have the HTTPS prefix. This maybe because the agency thinks that some sensitive information or data needs to be secured here.

 

The Concern

Why is it still important that for even basic information look up pages, the connection should still be over HTTPS?

The concept of HTTP and HTTPS has been likened to sharing a secret with a friend. Now while doing that you can use plain languages that anyone who can listen will eavesdrop your conversation. But you can equally share the same secret in a strange language or sign that even the one eavesdropping can’t make sense of it. So you see you want your online interaction  with the government’s agency’ website to be private as much as possible.

See Also:  Global growth plateaus as economic risks materialize

Why the Ghanaian citizen must be worried?

The great concern with regards to not having an HTTPS protected connection with a page is that it exposes your browsing session to hackers. And depending on the interest of the hacker they can monitor, intercept and change the information you obtain or submit.

These hackers can be people on the same network as you or even your   own Internet Service Provider (ISP). For example, I rogue tech worker from your ISP can intercept your card details on a government’s agency’s website.

HTTPS protocol has the ability to protect numbers you submit during transactions online. For example when you are required to submit passwords, PINs or even bank card numbers online.

Even though online, the privacy of the citizenry should be a primary concern of the government. Because the majority of the Ghanaian population has no insight into the online issues on privacy, they are not bent on forcing government to ensure all their web pages are connecting via HTTPS. But here is the danger, when browsing on an unsecure Gov’t’s website; all your activities can be monitored live. Your pattern of browsing can also easily be tracked.

A “NOT SECURE” Government or its agency’s webpage poses a great integrity issue; in that a very concerned citizen will doubt if the information obtained is wholly true.  This is because it’s a lot easier for someone to insert a line or two of a sentence and that will misconstrue the whole information for the reader. So it is safer for every government agency to ensure that their webpages are protected.

With the era of fake content everywhere now, a government’s priority should include assuring citizens that information on their webpages are accurate. And one of the easiest ways of doing this is to get every page secured.

Recommendation

The agency responsible for Ghana’s cyberspace and activities should take it upon itself to advice Government and its agencies about the need to fully secure their websites or online portals.

Leave a Reply

Please Login to comment
  Subscribe  
Notify of