It started with a link. One click. That’s all it took. On a cool Friday morning in April 2025, a procurement officer at a leading Ugandan NGO, let’s call her Susan, received a WhatsApp message from an unknown number. The message read: “Hi Susan, I saw this on Twitter about your organization. Thought you should see it.” (link attached) The link preview showed the NGO’s logo with the caption, “Shocking scandal involving NGO procurement manager leaks online.” Her heart raced. Susan clicked. Nothing loaded. “Maybe it’s my MTN data,” she thought. She brushed it off. But unknown to her, that…

It never starts with a bang. Cyber fraud does not arrive at your doorstep with sirens. It whispers in the background. A delayed payroll here, a customer complaint there, a donor asking awkward questions about leaked contracts. By the time executives pay attention, the damage is entrenched. Cyber risk is a slow bleed, and the organizations that dismiss it as an IT issue end up paying the highest, most invisible bills. The illusion of savings Boards and their executive management love to postpone “non-core” investments. Cybersecurity tops that list. “We’ve never been hacked. Let’s deal with it next year.” That…

Why do banks demand a board resolution to reactivate an account they themselves marked “dormant” simply because you did not transact? Why design hurdles that punish a customer for inactivity instead of rewarding them for loyalty? I see this as a paradox of modern banking. Banks preach financial inclusion while erecting barriers to access. They claim to protect you from fraud, yet what they protect is their bureaucracy. A dormant account is not a risk; it is an untapped opportunity. In modern banking, smart banks treat dormancy as a trigger for engagement, not punishment. They call, they nudge, and they…

Imagine this. You are a director of a mid-sized company. One morning, the security guard calls you in a panic: “Sir, thieves broke in, but they did not touch the furniture or computers. They opened the safe.” You rush to the office. The steel safe stands wide open. But strangely, bundles of cash are untouched. Instead, the robbers carried away files, employee contracts, customer details, supplier bank accounts, and even board minutes. That is the modern burglary. No crowbars, no gunfire, no missing shillings. Yet, the loss is catastrophic. Competitors now know your customer lists. Fraudsters will exploit payroll records.…

Across Uganda and the wider region, businesses, banks, NGOs, and even government agencies are losing billions of shillings every year to digital fraud, ransomware, and phishing. The attacks are becoming more sophisticated, yet too many leaders still dismiss cybersecurity as an IT problem. The truth is, cybersecurity is no longer about computers; it’s about continuity. If your systems fail, your business stalls. If your data is stolen, your reputation collapses. If your board cannot explain its cyber risk strategy, regulators, investors, and clients will not forgive you. At the Institute of Forensics & ICT Security (IFIS), the technical training arm…

Boardrooms are where the future of organizations is shaped. Yet too often, meetings end with thick minutes and thin outcomes. Discussions get lost in reflection, debates are silenced in the name of harmony, and resolutions rarely make it into action. To transform meetings into engines of execution, boards need discipline. That is where the 3D Framework (Decide, Debate, and Do) comes in. First D — Decide: End with resolution, not reflection Boards that fail in crises do not lack information; they lack decisions. Every agenda item must close with a clear outcome: approve, reject, or defer with conditions. The role…