Blog

To WhatsApp or Not – Please Telegram me a Signal

The announcement of changes to the WhatsApp Terms of Service caused a rush to register on alternative platforms like Telegram and Signal...

Announcing changes to the WhatsApp Terms of Service resulted in people rushing to register on alternative platforms such as Telegram and Signal, while not-yet-quitting the popular chat service.

I do wonder though, how many actually made time to read the changed Terms of Service, as well as the Terms of Services for Telegram and/or Signal?

In trying to settle some nerves, a quick privacy lesson and my answer to some of the concerns and issues.

It is quite a costly exercise to establish, maintain and run chat services such as WhatsApp, Signal and Telegram. These services are provided to you for FREE, and as we all know, free services in cyber space means you are in fact, the commodity. In this specific case, the price you pay is your digital profile. In other words, your habits, and preferences, such as which pages you access while on Facebook, which contacts do you spent the most time with, how often do you contact specific groups, what times during the day are you most active, the screen size used, keywords used, search terms used, etc. This profile provides Facebook with the ability to direct ads that will catch your attention. Targeted advertising means you are more likely to spend your time and money and the more accurate your profile, the more money for them.

Profiling has been around for some time, and frankly your profile (or parts thereof) is already available to the social giants if you’re using services such as Gmail, Google, Facebook, Instagram, etc. It is not pure coincidence if searching for flights on example Google, you will start receiving flight ads on Facebook.

Sharing of Information

No, your chats with your mom and your lover is safe, and WhatsApp will not be sharing the details thereof on Facebook. (Although for the latter I don’t think WhatsApp is the ideal choice).

WhatsApp states that nothing you share, including messages and photos will be shared on Facebook or on WhatsApp, unless by your choice and doing. This means that what you share on Facebook will stay on Facebook, and what you communicate on WhatsApp, will stay on WhatsApp. Facebook obtained WhatsApp in 2014 and is in the process of integrating WhatsApp to Facebook as a substitute for Facebook Messenger, and therefor (in part) the updated Terms of Service.

Access to Information

No, WhatsApp does not have access to your bank details or your hidden Bitcoin account, or your other applications, unless shared by you. The only reference to bank information is if the WhatsApp payment functionality is used, a service which are not currently available in South Africa.

WhatsApp do have access to your mobile number and your contact list, which you gave permission to when registering for the service. Geolocation information is required if you want to use functionalities such as dropping a pin or sharing a live location. So, again, you most probably already agreed to providing such type of information.

Alternatives

If you are convinced that big brother is watching and want to make a run, there are a range of alternative platforms available. However, please study their Terms of Services, usability, functionality, security, and their history of breaches and how it was handled. Each come with pros and cons. For example, Telegram that allow basically anyone to access public groups, is also utilized by criminal entities to distribute illegal content and goods. Access to such groups and content are easy, and with no parental control in place, parents may have to be concerned.

Signal and Telegram are not the only ones though, one can also consider Seecrypt and Threema.

Business & Compliance

Compliance to privacy regulations such as POPIA and GDPR, means businesses have to ensure that PII (personal identifiable information), that are captured, processed and communicated when using a chat services adheres to the specific regulations.

Business accounts that utilize WhatsApp to communicate with clients and partners, must be aware that WhatsApp has access to the complete contact list (whether the contact uses WhatsApp or not). This raises a red flag in terms of complying to privacy regulations.

Conclusion

In conclusion, don’t rush off without realizing the impact. By blindly installing additional applications will only extend your risk exposure, as your information is now shared with yet another service. Most people are used to using WhatsApp and will continue using it, as their current digital profile is already shared. A potential move means that your network also has to move. A quick calculation of the people and groups (from school to local neighborhood’s) in your network with whom you communicate via WhatsApp, will make you realize the extent of this. (I’m also not convinced Granny is up to learning and moving to a new chat service that easily, so most will be forced to keep on using WhatsApp if they want part of any inheritance)

Business owners, however, needs to incorporate a chat service that does ensure their compliance with POPIA, and GDPR, amongst others.

For any questions, concerns or assistance, feel free to Signal the CSI team.

Certificate in Cyber Security

Course Details

This practical, hands-on course focuses on establishing a foundation in Cyber Security by introducing candidates to cyber-crime, attack methods, and managing cyber risks.

Mode of Offering: The course is presented via facilitated    e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for individuals embarking on a career in Cyber Security or performing security functions.

Requirements

Applicants should have a Matric certificate or equivalent qualification with suitable IT knowledge, Internet access, and a PC or laptop on which applications can be installed and services accessed.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

Applications are accepted throughout the year, with course starting dates in February, May, and August.

Course Overview:
Cyber-crime‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎
  • Introduction to cyber-crime
  • Cyber-attack methods (e.g., ransomware, sextortion, email fraud)
  • Cyber criminology (actors behind the attacks, criminal networks, state-sponsored entities, etc.)
  • Tracing the online trail
  • Dark web (criminal forums)
  • Case studies of attacks in SA & Global.
  • Crime-as-a-Service
  • Internet of (Criminal) Things.
Practical Cryptography
  • Introduction to cryptography.
  • Encryption and Decryption.
  • Hash functions
  • Blockchain
  • Virtual Currencies
  • Digital signatures
  • Digital certificates
  • Cryptographic Protocols (SSL, SSH, etc.)
Course Overview:
Cyber Governance, Risk & Compliance
  • Overview of cyber governance, risk, and compliance
  • POPIA & GDPR
  • Data Privacy
  • Policies in action
  • NIST, ISO27001
  • Controls
  • Planning for contingencies
  • Developing the security program
  • Risk analysis and management
Cyber Intelligence‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎
  • Introduction to Cyber Intelligence
  • Attack Tools
  • Attack process
  • Reconnaissance and Footprinting
  • OSINT services and tools
  • Threat and vulnerability feeds and assessments

Cyber Investigations

Course Details

This course is suitable for investigators and investigation teams within the corporate environment and public sectors who are required to track online trails or utilise tools to solve online crimes. It is also intended for professionals and investigative journalists involved in investigations such as fraud, espionage, data theft, and cyber vetting.

Mode of Offering: The course is presented via facilitated    e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for investigation officers, cyber-crime investigators, investigative journalists, etc.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Although a formal IT qualification or certification is not required, some knowledge of computer systems would be beneficial. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

Applications are accepted throughout the year, with course starting dates in February, May, and August.

Course Overview:
  • Reconnaissance
  • Online services and tools
  • Metadata Encryption & Decryption
  • Digital signatures
  • Online investigations
  • Crime Scene Management
  • Documenting evidence
  • Investigation Process
  • Chain of Evidence
  • Protocols and emails
  • URLs & DNS information
  • Timelines
  • Decryption and deciphering
  • Virtual Currencies
  • Cyber criminology
  • Introduction to the attack process
  • Introduction to attack vectors
  • Social networks (i.e., attacks via Facebook, Twitter, etc.)
  • Dark and hidden web
  • Threat actors
  • Data Collection
  • Social Media
  • OSINT
  • HUMINT
  • SOCMINT

Cyber Intelligence

Course Details

The main objective is to equip delegates with the necessary competencies and practical skills to assist in compiling an intelligence-driven cyber security strategy to provide proactive solutions to a plethora of cyber threats.

Mode of Offering: The course is presented via facilitated        e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for persons responsible for the security function, CISOs, as well as Data Protection Officers.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Although a formal IT qualification or certification is not required, some knowledge of computer systems would be beneficial. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

Applications are accepted throughout the year, with course starting dates in February, May, and August.

Course Overview:
  • Cyber Security Environment
  • Cyber Landscape
  • Cyber Threats and Exploits
  • Cyber Actors and Criminology Aspects
  • Obtaining Data
  • Sources of Data
  • Collection Operations
  • Applications, Tools, and Services
  • Analysis of Cybercriminals’ Modus Operandi
  • Analysis Techniques (Data to Information)
  • Indicators of Compromise
  • Cyber Intelligence
  • Intelligence Platforms, Applications, and Services
  • Data – Information – Intelligence
  • Intelligence Strategy
  • Incident Management
  • Cyber Warfare
  • Political and Commercial
  • Developing an Intelligence-Driven Strategy
  • Strategic and Tactical Intelligence Function
  • Risk Management

Cyber Governance

Course Details

Establishing a security strategy and defining a suitable implementation plan focused on managing cyber risks in a volatile and dynamic environment requires a solid understanding of the threat space and frameworks. This course unpacks cyber governance and approaches to manage risk and adhere to compliance regulations.

Mode of Offering: The course is presented via facilitated    e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for Managers and C-Suites responsible for security, Board members, as well as prospective leaders in the Cyber Security space.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Although a formal IT qualification or certification is not required, some knowledge of computer systems would be beneficial. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

Applications are accepted throughout the year, with course starting dates in February, May, and August.

Course Overview:
  • Security Management Program
  • Cyber-crime
  • Threat Environment
  • Cyber Criminology
  • Regulations – GDPR, POPI, Electronic Act, PCI-DSS
  • Skills Frameworks
  • Cyber Awareness Programs
  • Risk management
  • Controls – Choice, Implementation, and Management
  • Security Frameworks and Models
  • Policies and Procedures
  • Data Protection
  • The road to ISO 27001 Compliance and Certification

IT and Cyber Security Program

Course Details

Our courses combine essentials from both industry and academia to provide valid, unique, practical content that is innovatively presented via facilitated e-learning.

The IT and Cyber Security Program is a practical course consisting of coursework, virtual classes, and practical cyber range exercises.

Mode of Offering: Learning will be conducted through a facilitated online format, utilising an e-learning platform to provide an interactive and engaging educational experience. Additionally, hands-on practical sessions and virtual labs will be conducted every Friday from 9:00 AM to 12:00 PM, offering participants the opportunity to apply theoretical knowledge in a real-world context. This blend of online facilitated learning and scheduled virtual sessions aims to create a comprehensive and dynamic learning environment, ensuring a well-rounded educational experience for participants.

Intended Audience:

This course is designed for school leavers, those on a gap year, graduates looking to add industry credentials, and individuals looking to make a career change.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R 31,350 all inclusive

Duration:

10-months

Intake:

24 February 2024

Course Overview:
IT Foundation for Cyber Security
  • IT Hardware Fundamentals
  • Network Fundamentals
  • Introduction to Operating Systems (Windows and Linux) 
  • Introduction to Cloud Computing (Office 365 and MS Azure) 
  • Protocols 
  • Technical Research and Writing
  • Algorithms and Problem Solving
  • File and Database Systems
  • Scripting
  • New Technologies: AI and Quantum Computing
  • Soft Skills
Certificate in Cyber Security
  • Cyber Security Fundamentals 
  • The Cybercrime Eco-System
  • Actors in Cyber Space – State and Non-State Actors
  • Cyber Incidents: Attacks, Breaches, and Espionage
  • Understanding Tactics, Techniques, and Procedures (TTPs) using the Mitre Attack Framework
  • Cryptography (Symmetric/Asymmetric/Hashes)
  • Secure Protocols
  • Reconnaissance and OSINT (Open-Source Intelligence)
  • Cyber Security Frameworks and Standards: Introduction to the NIST CS Framework and ISO 27000 Series
  • Cyber Risk Management, Cyber Governance, and the Implementation of Security Controls
Facilitated online course with virtual classes, and practical training and skills development on the cyber range platform.