Forem: Christian Ohwofasa

Smartphones: The Biggest Security Threat in Your Pocket

Christian Ohwofasa — Wed, 15 Oct 2025 17:17:28 +0000

Three months ago, I watched my friend Sarah frantically call her bank from a coffee shop. Someone had just drained ₦980,000 from her account. The culprit? She'd checked her balance while connected to the shop's free Wi-Fi. No suspicious emails, no phishing links just a routine login that cost her months of savings.

Sarah's story isn't unique. Our phones have become digital Swiss Army knives we use them for everything from mobile banking to storing our vaccination records. But that convenience comes with a price most of us don't realize we're paying.

The Coffee Shop Trap

Here's what most people don't know about public Wi-Fi: it's essentially a public highway where anyone can watch the traffic. When you connect to that free network at the airport or your local café, you're potentially broadcasting your data to anyone with basic hacking tools.

Think about what you do on public Wi-Fi. Checking your bank account. Logging into work email. Shopping online. Each of these activities sends information through networks that, in many cases, have less security than a screen door.

The worst part? You won't know you've been compromised. There's no flashing warning, no alarm bells. Hackers can intercept your data silently, collecting passwords and credit card numbers while you sip your coffee and scroll through Instagram.

I learned this the hard way earlier this year during a trip. I'd connected to what looked like the venue's official Wi-Fi it even had a professional-sounding name. Seemed legitimate enough. A few days later, my bank called about suspicious charges. Turns out I'd connected to a fake network set up by someone sitting nearby with a laptop.

The Apps That Bite Back

Remember when we used to worry about downloading viruses on our computers? Now we voluntarily install potential threats dozens of times a year, and we call them apps.

Earlier this year, researchers found a flashlight app that was harvesting users' contact lists, location data, and browsing history. A flashlight app. It had over 50 million downloads before anyone noticed. People just saw "needs access to your camera" and tapped "Accept" without thinking twice.

But it gets worse. Even legitimate apps can become security nightmares. Take that fitness tracker you use it knows where you run, when your house is empty, and what time you leave each morning. That meditation app? It has access to your microphone. Your photo editing tool? Full access to every picture on your device.

The problem isn't always malicious intent. Sometimes it's careless developers who don't properly secure the data they collect. Your information sits on their servers, waiting for the inevitable breach that exposes everything to whoever wants it.

I've got a friend who works in app development. He once told me, off the record, that most small app companies have "security practices that would make your skin crawl." These aren't evil people they're just stretched thin, focused on features and user growth rather than the boring work of protecting data.

The Permission Problem

Pop quiz: Do you actually read those permission requests before tapping "Allow"?

Yeah, me neither. At least, I didn't use to.

These permission prompts feel like speed bumps, annoying obstacles between us and whatever we're trying to do. So we grant access to everything. Camera, microphone, location, contacts, photos. Sure, sure, whatever. Just let me use the app.

But here's what's really happening. That weather app that wants your precise location? It doesn't need to know your exact coordinates to tell you it's raining. That game is requesting access to your contacts? There's no legitimate reason for that. These aren't bugs or mistakes; they're features designed to collect as much data as possible.

Your phone knows things about you that your closest friends don't. It knows who you text at 2 AM. Where were you last Thursday afternoon? What you search for when you can't sleep. Every app you've given permissions to has access to pieces of this puzzle.

So What Can You Actually Do?

I'm not going to pretend there's a perfect solution here. Using a smartphone in 2025 means accepting some level of risk. But you can tilt the odds in your favour.

Stop trusting public Wi-Fi. Just stop. If you absolutely must use it, don't access anything that requires a password. Better yet, use your phone's data connection or invest in a VPN service. Yes, it costs money, maybe ₦2,000 to ₦5,000 monthly for a decent one. But that's nothing compared to losing ₦500,000 from your account.

Audit your apps once a month. Go through your phone and delete anything you haven't used in thirty days. Check the permissions on the apps you keep. Does your calculator need access to your camera? Does that old game from 2019 need to know your location? Revoke these permissions. The app will ask again if it actually needs them.

Read the reviews, but read them right. Before downloading something new, sort the reviews by most recent and look for patterns. If multiple people mention crashes, aggressive permissions requests, or unexpected charges, believe them.

Update everything. Those software updates you keep postponing? They're not just adding emojis. They're patching security holes that hackers already know about. Enable automatic updates and let your phone handle it while you sleep.

Use two-factor authentication everywhere it's available. I know, it's annoying. It adds extra steps. But it's the digital equivalent of having both a lock and a deadbolt. The few extra seconds are worth it.

Consider what you're installing. Before downloading an app, ask yourself: Do I really need this? What's it offering that I can't get through a web browser? Who made it? If you can't answer these questions satisfactorily, skip them.

The Uncomfortable Truth

Here's what nobody wants to admit: our phones probably won't get more secure anytime soon. If anything, they'll become more vulnerable as we use them for increasingly sensitive tasks. Digital IDs, medical records, and cryptocurrency, we're putting more eggs in a basket that was never designed to be Fort Knox.

The companies making our phones and apps face a fundamental conflict. Better security often means worse user experience. More friction. More steps between people and what they want to do. And in a market where apps live or die based on convenience, security usually loses.

That doesn't mean we're helpless, though. The people who suffer the worst security breaches aren't usually the ones who take basic precautions. They're the ones who think "it won't happen to me" right up until it does.

Your phone isn't going away. The risks aren't going away. But with some awareness and minimal effort, you can make yourself a much harder target. And in cybersecurity, being a harder target than the next person is often enough.

Just ask Sarah. After that coffee shop incident, she enabled two-factor authentication on everything, started using a VPN, and now treats public Wi-Fi like the security risk it is. Has it made her life slightly less convenient? Sure. But she's slept a lot better knowing her banking app isn't broadcasting to everyone in the restaurant.

Your phone is the most personal device you own. It knows you better than anyone. Maybe it's time to start treating it and its security like it matters.

The Human Element: Why Employees Are Still the Weakest Link in Cybersecurity

Christian Ohwofasa — Wed, 08 Oct 2025 06:56:15 +0000

Organizations are increasingly investing in advanced security tools, such as firewalls, encryption, intrusion detection systems, and artificial intelligence, to identify threats at an early stage. Despite these measures, human behavior remains a significant vulnerability, even within technologically advanced organizations.

Employees frequently constitute the weakest link in cybersecurity, not due to negligence or insufficient skill, but because inherent aspects of human behavior introduce vulnerabilities that technology alone cannot fully mitigate. Acknowledging these factors is critical for developing more robust and resilient security systems.

The Psychology of Vulnerability

Individuals naturally exhibit trust, collaboration, and rapid response. While these traits facilitate effective teamwork and goal achievement, they also increase susceptibility to risk, particularly as digital scams can be executed with minimal effort.

Phishing emails, for example, may appear to originate from senior management or the chief executive officer and often convey a sense of urgency, prompting immediate action. In such scenarios, recipients may trust the message due to its familiar appearance and authoritative source. Even individuals who have received cybersecurity training can be deceived when emotional responses are triggered.

Managing multiple passwords, tools, and messages at work can be mentally exhausting, increasing the likelihood of mistakes. Fatigue or stress often leads employees to prioritize convenience over secure practices.

The Numbers Tell the Story

A majority of cyber incidents are caused by human error. Experts concur that techniques such as phishing, the use of weak passwords, and inadvertent data sharing constitute the primary methods by which attackers gain unauthorized access.

Cybercriminals exploit human emotions such as fear, curiosity, and greed. For instance, they may send emails threatening account closure unless immediate action is taken or promising rewards to encourage recipients to click on malicious links.

Institutions with robust security measures, such as banks, hospitals, and government agencies, remain vulnerable to breaches. These organizations depend on individuals making sound decisions, and even the most advanced systems can fail if personnel are distracted or rushed.

The Insider Threat

Although external hackers receive significant attention, insider threats can be equally damaging. Insider threats are generally classified into two categories: deliberate and accidental.

A deliberate insider threat occurs when an employee intentionally misuses access privileges to inflict damage or exfiltrate data, often motivated by dissatisfaction or resentment. In contrast, accidental insider threats occur when well-intentioned staff members make poor security decisions, such as sharing passwords, sending files to unintended recipients, or using personal devices for work-related tasks.

The prevalence of remote work has exacerbated the challenge of managing insider threats. Many employees now operate from home networks that lack the security controls present in office environments. Weak Wi-Fi passwords or unsecured devices can provide attackers with straightforward access. Consequently, organizations must secure numerous remote workstations rather than a single centralized office.

The Training Paradox

Most organizations recognize that awareness is essential for preventing security incidents. However, traditional cybersecurity training frequently lacks long-term effectiveness. Many employees perceive annual training sessions as procedural requirements rather than meaningful learning opportunities. Advising employees to exercise caution seldom results in behavioral change. Meaningful improvement is achieved through continuous, engaging, and practical training. Organizations increasingly employ concise, scenario-based exercises that simulate real-world threats. These interactive modules help employees develop instincts applicable to actual security situations.

Security training must account for actual workplace practices. If security protocols are overly complex or impede productivity, employees may find ways to circumvent them. For instance, stringent password requirements can lead to password reuse, and slow virtual private networks (VPNs) may encourage the use of personal email for work purposes. Effective programs balance security with usability.

The Complexity Challenge

Contemporary cybersecurity involves complex technical concepts. Terminology such as zero-trust frameworks, encryption, and multi-factor authentication may be confusing for employees outside the information technology (IT) sector. As a result, many individuals assume that possessing advanced technology alone ensures security.

A false sense of security can be dangerous. Many breaches occur not due to weak systems, but because individuals are deceived into granting access. A single click on a malicious link or unverified download can compromise the entire network.

Overly complex security systems can cause frustration and fatigue, leading staff to bypass protocols. Simplifying processes and providing clear instructions help prevent errors and build user confidence.

Social Engineering and Human Trust

Social engineering attacks target individuals rather than technological systems. These attacks manipulate human behavior instead of exploiting technical vulnerabilities. For example, an attacker may impersonate an executive requesting password assistance from the information technology department. Through polite and assertive communication, the attacker may persuade staff to bypass established procedures.

Attackers may also build relationships on social media. As trust grows, they might ask for information that seems harmless but actually helps them gain access to company systems.

Such attacks succeed by exploiting positive human qualities such as kindness, helpfulness, respect, and trust. Although these traits are essential for collaboration, they can increase vulnerability in the absence of vigilance.

The Shadow IT Problem

Shadow IT refers to employees using tools, devices, or software that the IT department has not officially approved. This usually happens because people want to work more efficiently. For instance, a marketing team might utilize a free file-sharing service, or a salesperson might use their own laptop to quickly reach customers.

While employees may seek increased efficiency, the use of unapproved tools introduces concealed risks. If the information technology department is unaware of these tools, it cannot provide protection or monitoring. Data stored in such systems may also violate compliance requirements, thereby increasing organizational risk. The objective should be to offer secure and efficient tools that meet employee needs, reducing the incentive to seek alternatives.

A Human-Centered Approach

Although individuals are frequently considered the weakest link, this should not discourage efforts to improve security. Organizations should reevaluate their strategies and engage employees as active partners in safeguarding information.

Effective security begins with thoughtful design. Tools such as single sign-on and passwordless authentication reduce stress and encourage compliance. Multi-factor authentication enhances security without adding unnecessary complexity.

Leadership plays a critical role in cybersecurity. When senior management demonstrates genuine commitment to security, it establishes a positive organizational example. Open communication, recognition of effective security practices, and active participation in training foster a culture of informed vigilance.

A culture of openness is equally important. Employees must feel secure in reporting suspicious communications or personal errors without fear of blame or reprisal. Supportive environments transform mistakes into learning opportunities and enhance collective vigilance.

The Irreplaceable Human Advantage

Cybersecurity presents a notable paradox. While individuals may introduce risks, they also serve as the most effective defense when adequately trained and supported. Technology can detect numerous threats, but human observation often identifies subtle indicators that automated systems may overlook.

An attentive employee who notices an unusual phrase in an email can prevent the spread of phishing attempts. Similarly, a team member who reports anomalous login activity can avert more significant incidents. These individual actions, when replicated throughout an organization, have a substantial impact.

Cybersecurity is not just about firewalls or encryption. It is about cultivating awareness, responsibility, and confidence among people at every level of the company.

Conclusion

Human error remains a persistent factor in cybersecurity. Employees often manage multiple responsibilities, exhibit trust, and may become distracted. While these characteristics are inherent, improved system design, clear communication, and consistent support can transform them into organizational strengths.

The objective is not to eliminate the human element, but to integrate it effectively into security strategies. Security systems should accommodate actual human behavior rather than assume ideal compliance. Training programs must be consistent, realistic, and engaging to achieve lasting impact.

Organizations that combine effective technology with knowledgeable, engaged employees establish defenses that are both adaptive and robust. The most effective protection relies not only on technological solutions but also on individuals who understand their roles and consistently make informed decisions. Secure systems depend on individuals who exercise caution, question anomalies, and report concerns. The primary challenge in contemporary cybersecurity is to embed these behaviors as standard practices within the organizational culture.

AI is Failing Nigerian Languages: 7 Critical Loopholes Developers Must Fix

Christian Ohwofasa — Fri, 12 Sep 2025 09:36:41 +0000

Why your AI system probably can't handle Yoruba, Igbo, or Hausa—and what you can do about it

Picture this: You've built an amazing AI translation system. It works flawlessly for English, Spanish, French—all the "major" languages. Then someone tries to translate a simple Yoruba greeting, and your system completely butchers it, changing "good morning" into something that could accidentally offend someone's grandmother.

If this sounds familiar, you're not alone. After analyzing multiple AI systems processing Nigerian languages—Yoruba, Hausa, and Igbo—I've identified seven critical loopholes that are systematically breaking AI for over 175 million speakers. Here's what every developer needs to know.

The Scale of the Problem

Nigerian languages aren't small, niche languages. We're talking about:

Yoruba: 18-20 million speakers
Hausa: 70+ million speakers
Igbo: 44 million speakers

Yet current AI systems achieve less than 30% accuracy in culturally appropriate translation for these languages, compared to over 85% for European languages. This isn't just a technical hiccup—it's a systematic exclusion of hundreds of millions of people from the digital economy.

The 7 Critical Loopholes

1. Tonal Processing Deficiency (TPD)

The Problem: AI systems treat tone markers as "optional decorations" rather than meaning-critical elements.

In Yoruba, changing the tone completely changes the word's meaning:

òkè (low-mid tone) = hill
oké (mid-high tone) = mountain
oke (no tone) = axe

Current AI Performance:

Yoruba tonal accuracy: 23.4% (humans: 97.8%)
Igbo tonal accuracy: 31.7% (humans: 96.2%)

Why It Happens: Transformer architectures treat tonal markers as diacritics, not integral parts of the word structure.

The Fix: Implement tone-aware embeddings:

class ToneAwareTransformer:
    def __init__(self):
        self.tone_embedding_layer = ToneEmbedding(dim=256)
        self.tone_attention_heads = MultiHeadToneAttention(heads=8)

    def forward(self, text_input, tone_input):
        text_embeddings = self.text_encoder(text_input)
        tone_embeddings = self.tone_embedding_layer(tone_input)
        return self.fuse_representations(text_embeddings, tone_embeddings)

2. Cultural Context Mapping Failure (CCMF)

The Problem: Direct translation without cultural understanding creates inappropriate or meaningless results.

Take the Yoruba word àṣẹ:

AI Translation: "so be it"
Actual Meaning: life force/power/blessing (deeply spiritual concept)

Impact: 92% of users report cultural insensitivity in AI translations

The Fix: Build cultural knowledge graphs:

cultural_context_map = {
    "yoruba": {
        "spiritual_concepts": {
            "àṣẹ": {
                "literal": "so be it",
                "cultural": "divine life force and blessing",
                "usage_context": "spiritual, religious, ceremonial"
            }
        }
    }
}

3. Morphological Complexity Handling Insufficiency (MCHI)

The Problem: AI systems can't handle complex word formation patterns in African languages.

Igbo example: agụghịla breaks down as:

a- (perfective marker)
gụ (read)
-ghị (negative)
-la (perfective marker)
Meaning: "has not read yet"

Current AI Performance: 91% error rate in grammatical role assignment for agglutinative forms.

The Fix: Implement morphological-aware tokenization:

def segment_igbo_word(word):
    prefixes = ["a-", "e-", "o-"]  # perfective, subjunctive, etc.
    suffixes = ["-la", "-rị", "-ghị"]  # various grammatical markers

    segments = []
    # Process morphological boundaries instead of arbitrary subwords
    return morphological_parse(word, prefixes, suffixes)

4. Dialectal Variation Blindness (DVB)

The Problem: AI systems default to "standard" variants that may not reflect actual usage.

Same concept in different Igbo dialects:

Onitsha: ọ́ na-eje ahịa
Nnewi: ọ́ na-aga ahịa
Owerri: ọ́ na-ejé ọ́hịa

AI Performance by Dialect:

Onitsha: 23% accuracy
Nnewi: 8% accuracy
Owerri: 12% accuracy

5. Training Data Contamination and Bias (TDCB)

The Problem: Training datasets are polluted with incorrect translations and biased samples.

Data Quality Issues:

Web crawl data: 34.7% contamination rate
Incorrect annotations: 32.8% of samples
English-Pidgin mixing: Creates syntactic confusion

The Fix: Implement rigorous data validation:

def validate_training_sample(source_text, target_text, language):
    contamination_score = detect_language_mixing(source_text, target_text)
    cultural_appropriateness = assess_cultural_context(target_text, language)
    linguistic_accuracy = validate_grammar(target_text, language)

    return contamination_score < 0.1 and cultural_appropriateness > 0.8

6. Architectural Constraint Mismatch (ACM)

The Problem: Transformer architectures are optimized for English-like languages.

Performance Comparison:
| Component | European Languages | Nigerian Languages | Efficiency |
|-----------|-------------------|-------------------|------------|
| Attention Mechanism | 89.3% | 34.7% | 0.39 |
| Positional Encoding | 91.7% | 28.2% | 0.31 |
| Tokenization | 94.2% | 41.8% | 0.44 |

Why This Happens:

Bidirectional attention doesn't work well for VSO (Verb-Subject-Object) languages
Absolute positional encoding breaks agglutinative morphology
BPE tokenization destroys morphological boundaries

7. Evaluation Metric Inadequacy (EMI)

The Problem: Standard metrics (BLEU, ROUGE) miss cultural nuances completely.

Reality Check:

BLEU score: 0.67 (looks good!)
Cultural appropriateness: 0.23 (actually terrible)
Tonal accuracy: 0.19 (completely broken)

What Developers Can Do Right Now

Immediate Actions (This Week)

Audit Your Systems: Test with the examples above
Implement Tone Detection: Add tone-aware preprocessing
Community Feedback: Connect with native speakers for validation
Bias Detection: Scan training data for contamination

Short-term Improvements (Next 3-6 Months)

Cultural Context Engine: Build knowledge graphs for cultural concepts
Multi-dialectal Support: Train separate models for major dialects
Better Evaluation: Use cultural appropriateness scores alongside BLEU
Data Quality Pipeline: Implement validation with native speaker verification

Long-term Architecture Changes

class AfricanLanguageAI:
    def __init__(self):
        self.tone_processor = ToneAwareProcessor()
        self.cultural_context_engine = CulturalContextEngine()
        self.morphological_analyzer = AdvancedMorphologyHandler()
        self.dialectal_adapter = DialectalVariationProcessor()

    def process_text(self, input_text, language_code, dialect=None):
        # Comprehensive processing pipeline
        tonal_features = self.tone_processor.extract(input_text)
        morphological_structure = self.morphological_analyzer.parse(input_text)
        cultural_context = self.cultural_context_engine.infer(input_text)

        return self.generate_culturally_aware_response(
            tonal_features, morphological_structure, cultural_context
        )

The Bigger Picture: Why This Matters

This isn't just about better translations. When AI systems fail indigenous languages, they:

Exclude millions from digital services: Healthcare, education, government services
Accelerate language death: Young people abandon languages that "don't work" with technology
Perpetuate inequality: Create a two-tier internet where only major languages get good AI support
Waste economic potential: Nigeria's tech industry could export African language technologies globally

Success Stories: Progress Is Possible

Recent developments show hope:

Nigeria launched its first multilingual LLM in 2024
The African Next Voices dataset ($2.2M Gates Foundation funding) is improving training data
Community-driven projects like IgboAPI are showing what's possible with proper linguistic input

Call to Action for Developers

The AI community needs to shift from "one-size-fits-all" to culturally aware, linguistically informed development. This requires:

Investment: Companies must prioritize indigenous language AI
Collaboration: Partner with linguists and native communities
Education: Learn about linguistic diversity in AI/ML curricula
Policy: Advocate for inclusive AI standards

Get Started Today

Want to contribute? Here are concrete steps:

Test Your Systems: Use the examples in this article
Join the Community: Connect with African NLP researchers
Contribute Data: Help with quality dataset creation
Share Knowledge: Write about your experiences and solutions

The future of AI must be inclusive. The technical solutions exist—we just need the will to implement them. The 175+ million speakers of Nigerian languages are waiting.

Have you encountered similar issues with indigenous languages in your AI systems? Share your experiences in the comments below.

Resources for Further Learning:

African NLP Workshop proceedings
MasakhaneNLP community
African Language Technology Initiative
Mozilla Common Voice Nigerian languages datasets

Tags: #AI #MachineLearning #NLP #IndigenousLanguages #NigerianTech #Inclusion #CulturalAI