FIJ
The Secure Socket Layer (SSL) of the National Salaries, Incomes and Wages Commission (NSIWC) website has expired.
FIJ found on Friday that the website’s SSL certificate expired 64 days before it discovered it. The NSIWC is the federal government agency responsible for all matters relating to wages and salaries of workers in the public sector.
This expired certificate makes users of the NSIWC website vulnerable to attacks from hackers who might want to steal their information. Its absence also increases the risk of hackers intercepting information the website receives from users.
This is dangerous as hackers could alter information on wages found on the website and use it to spread misinformation to the public.
The volatile state of the website also makes the data bank managed by the NSIWC, according to part II of its establishing act, vulnerable to cyberattacks as prescribed in its Decree 99 of 1993.
The act mandates the NSIWC to: Establish and run a data bank or other information centre relating to data on wages and prices or any other variable and for that purpose to collaborate with data collection agencies to design and develop an adequate information system.
This failure on NSIWC’s part violates the guidelines of the National Information Technology Development Agency (NITDA) which requires government institutions to continually maintain secure websites.
FIJ has reported in the past how government agencies failed to renew the security of their websites after they expired.
On September 6, FIJ alerted the public to how the Office of the Accountant-General of the Federation (OAGF) had failed to renew its SSL certificate. The OAGF had left the website unsecured for 461 days.
FIJ also reported how the official website of the Nigeria Police Force (NPF) was also unsafe for visitors in July.
THIS STORY FIRST APPEARED IN FIJ