Expert tasks NIMC on NIN self- service application security
THE National Identity Management Commission ( NIMC) has been urged to improve on the layer of security around its self- service app for National Identification Number ( NIN).
According to a telecoms/ technology expert, Kehinde Aluko, the self- service application on the surface would appear a welcome development, if it were for any other commercial service.
However, he said that given the intricacy of citizens’ data held in the NIMC database, the need for data security as well as the undeniable requirements to ensure that enrollees or citizens do not engage in rampant and uncontrolled or authorised modifications of such data, the NIMC self- service application may do more harm than good to national security.
Aluko said implementing a self- service application for identity record modifications by NIMC poses several challenges related to data privacy, data integrity, and even national security.
According to him, in terms of data privacy, if the app is not properly secured, it could become a target for unauthorized access, leading to potential exposure of personal information. He said weak authentication mechanisms could allow unauthorised users to modify or access sensitive personal data, thereby violating privacy regulations adding that inadequate control over data sharing and display functionalities may inadvertently expose personal information to unauthorised parties.
He posited that if adequate measures are not deployed, users might accidentally alter or delete critical information, leading to data integrity issues, adding that without comprehensive logging and auditing capabilities, it becomes difficult to trace who made what changes, complicating data integrity verification and accountability.
The technology expert said malicious actors could exploit vulnerabilities to alter data for fraudulent purposes, impacting the integrity of the information.
Aluko pointed out that the application could be exploited for identity theft, creating fake identities or taking over existing ones, which can be used for criminal activities, including threats to national security. He said vulnerabilities in the application could be exploited by foreign adversaries to gather intelligence or conduct influence operations, which could spell doom for the country.
According to him, if identity modification allows changes to roles or access levels, unauthorised users might gain access to sensitive or classified systems, posing a threat to national security. He added that the ease of modifying identity attributes might embolden insiders to engage in espionage or sabotage by temporarily assuming different identities or roles.
Mitigating the risks associated with a self- service identity modification application requires a comprehensive approach. Aluko said this includes implementing robust authentication and authorisation mechanisms, including multi- factor authentication ( MFA); ensuring compliance with data protection regulations through regular audits and assessments; developing stringent access controls and monitoring systems to prevent unauthorised access and modifications; creating detailed audit logs to track all user actions for accountability and traceability; employing data encryption both at rest and in transit to protect sensitive information; regularly updating and patching the application to address security vulnerabilities and conducting user education and awareness programs to minimise accidental data modifications.