KAMPALA, UGANDA – The Uganda Communications Commission (UCC) is urging the public to exercise extreme caution when using public Wi-Fi hotspots, highlighting them as significant security risks, especially for sensitive online activities. This warning comes as the nation implements new cybersecurity guidelines for telecommunications operators, driven by the escalating global cost of cyberattacks, estimated at $10 trillion annually.
The UCC’s message to the public was a key takeaway from its 5th Annual CEO Cybersecurity Breakfast, held Thursday, July 3, 2025, at UCC House-Bugolobi. The event brought together telecom executives to discuss bolstering national digital security under the theme, “The CEO’s Strategic Edge: Bridging Past Wins with Future Cyber Visions.”
Related posts
UCC Executive Director George William Nyombi Thembo emphasized that while network providers are implementing stricter security, individual user behavior remains a critical vulnerability. Thembo advised against engaging in critical activities on public Wi-Fi. “Never go into a digital space on your phone to do something very critical in a hotspot,” Thembo stated. “If you have a video which is very important, again, it’s not advisable, but don’t engage in financial services, for example, on a hotspot, because hotspots are not secure.”
Public Wi-Fi networks, Thembo explained, are often where hackers “will be putting their probes to enter into your phone, take away your passwords and take away your phone.” This can effectively turn a user’s device into a “zombie,” controlled remotely by malicious actors. Thembo also noted that individuals are responsible for securing their personal devices and information, as approximately 80% of attacks come from physical presence or sharing details, as opposed to direct network attacks.
New Guidelines for Telecom Operators
The expanded focus on individual responsibility complements the UCC’s new Minimum Cyber Security Guidelines, which now apply to all licensed telecom operators. These comprehensive standards address crucial aspects like the skills of personnel, required infrastructure, critical systems, and internal controls. The guidelines seek to lay out the whole ecosystem of cybersecurity, including what minimum system requirements and minimum infrastructure are needed.
Thembo stated that “as we get connected more and more, the risk that there is in this connection is security.” The commission highlighted the increasing value of data, noting that “data is the next currency, even more than currency itself.” With the ubiquity of mobile technology, “the phone is becoming a wallet,” making the security of these digital assets paramount in an increasingly interconnected world. Thembo pointed out that organizations’ digital resources also need robust protection in this environment.
The new guidelines mandate that operators employ trained and certified personnel, acknowledging that “our resilience in the cybersecurity space is as strong as the people we have, and it’s as weak as the people we have.” Thembo explained that staff are considered the biggest critical risk, yet also the highest protectors of systems.
Collaboration and Economic Impact
Thembo also stressed the vital importance of collaboration among industry players. “Working alone in a connected environment will be the most stupid thing to do,” he asserted. The interconnected nature of global networks means that “what happens in the US, a threat that happens in a particular organization, can be a threat by a press of a button to threaten systems in Uganda,” making all nations vulnerable. Thembo urged CEOs to share information on “near misses” with colleagues to enhance collective security, emphasizing that working in silos is ineffective against modern cyber threats.
The staggering global cost of cybercrime — estimated at $10 trillion annually — underscores the urgency of these measures for Uganda. This figure, significantly larger than the entire economy of any African nation, Thembo said, illustrates the severe financial repercussions that can result from breaches, including denial-of-service attacks, ransomware, and various forms of digital fraud. He highlighted that if banking or health systems were brought down, the financial losses would be immense, in addition to the direct money fraudulently taken by hackers.
Thembo indicated that these minimum security standards will eventually extend beyond telecom operators to include other media, such as television and radio organizations, ensuring they also have these minimum standards for securing people’s data and ensuring their resilience. This broader initiative aligns with Uganda’s National Cyber Security Vision and the recently launched National Development Plan IV, signaling a concerted effort to fortify the nation’s digital future against evolving threats. The annual CEO Cybersecurity Breakfast continues to be a vital platform for fostering knowledge exchange, strategic insights, and collaborative approaches to enhance cybersecurity resilience across Uganda’s burgeoning telecommunications sector.
