Data Security Must Become a Habit, Cybersecurity Experts Advise

11 February marks the 22nd Safer Internet Day in many countries worldwide to raise awareness about the benefits and dangers of the Internet. As AI tools evolve, both opportunities and threats increase, so developing critical thinking and new habits is essential. This is particularly relevant for Lithuanians. According to the State Data Agency, 90.4% of households had Internet access at home in 2024 (92.7% in urban areas, 85.3% in rural areas), which is 1.8% more than last year and 8.3% more than in 2020.

Do Lithuanians use preventive measures to protect themselves and organisations from attacks and their potential consequences? Security experts point out that successful cyber-attacks can lead to financial losses, reputational damage, and business disruption.

The weakest link is the human factor

During the 2024 student summer internship, the third-year student of the Bachelor‘s study programme Information Systems and Cyber Security at VU Kaunas Faculty Yehor Poliarskyi and the lecturer of the Institute of Social Sciences and Applied Informatics Assist. dr Renata Danielienė researched the cyber vulnerabilities of working-age internet users and their possible prevention. The study analysed common threats such as ransomware, data theft, malware, and fraud and their consequences. Various studies have shown that cybercriminals exploit vulnerabilities in information systems and the human factor.

Based on the findings, a survey was created, and more than 200 participants were interviewed. The survey revealed that many individuals have only a moderate understanding of cyber threats, a lack of skills in Internet security practices, a limited understanding of AI threats, and, therefore, a training gap. Based on the survey results, technological threat prevention recommendations have been developed.

The most effective trap is social engineering

According to statistics, the Internet is mainly used in Lithuania for information search, communication, and banking. 64.4% of the country's population orders goods or services online. Scammers are familiar with this area, publishing misleading advertisements on various communication channels, especially social networks, and promoting tempting offers such as significant discounts, lucrative investments, and gift vouchers. This is an attempt to lure potential victims. Emotions are manipulated through gullibility, greed, the need to identify with celebrities and authority figures, and the incentive to hurry up because of the limited offer duration.

Another form of fraud works similarly: various links are sent via emails, social networking apps, or SMS. Before clicking on a link to a tempting offer or opening an attachment from an unknown sender, you should stop and assess whether the offer is not too good to be true, whether the letter is definitely addressed to you, whether the sender is trustworthy, whether it does not ask for too much personal information, etc. Clicking on an unknown link usually leads to a website created by fraudsters – an electronic login form asking for login details, sometimes bank card details.

Deleting an app is not enough

The current situation is also reflected in the fact that a significant proportion of the country's population tried to remove or deleted (closed) their social networking or app accounts in 2024. According to the State Data Agency, 23.2% of such people were 16–24-year-olds, and 23.7% were 25–54-year-olds. In the older age group (55–74 years), 10.6% of people did so, but as many as 37.6% faced difficulties and technical barriers. However, if an app is suspected of being malicious, removing it is not enough.

“Unfortunately, deleting a malicious app is often not enough. It may have already installed add-ons and changed system settings. The device should be thoroughly scanned with a trusted antivirus application to ensure that there are no suspicious authorisations or apps. It is also worth changing your passwords and assessing whether personal data has been stolen,” the student Yehor Poliarskyi explains.

When is professional help needed?

The services of cyber security officers for individuals are also becoming more popular. They become relevant when the security of private data, finances, or privacy is threatened. This can include hacking into social media accounts, email or bank accounts, unusual logins, or money transfers. It is also worth consulting if you are experiencing blackmail, malware, signs of surveillance, or fake information posted online. Specialists can also help with prevention by advising you on how to protect your personal data, install the proper security measures, or resolve problems that have already occurred. This provides both virtual security and peace of mind in your day-to-day activities.

“Cyber-literacy is becoming one of the most important competencies not only in the labour market. It has been observed that those who are quicker to adopt new technologies find it easier to cope with both everyday challenges and the pursuit of productivity in their careers. Such staff have a clear advantage and give more credibility to modern institutions. Following basic security rules and taking preventive measures is a good idea to avoid needing additional services from cyber security professionals. And most importantly, it should become a habit,” says the cyber security specialist Assist. dr Renata Danielienė.

In Lithuania, after the Cyber Security Law (CSL) changes came into force last October, 1500-2000 companies in the country included in the Register of Important Entities were obliged to appoint a cyber security specialist within 12 months. As AI technology improves and the geopolitical situation remains unchanged, the importance of such workers will only increase. Although the salaries for such positions are well above the national average, there is a shortage of specialists, according to Assist. Dr Renata Danielienė, a lecturer of the Bachelor’s study programme Information Systems and Cyber Security at VU Kaunas Faculty, says most of today's students are employed before they are even halfway through their studies.

What to do to avoid the need for such professional services

It is worth following basic security rules and taking preventive measures to avoid cyber security breaches. The third-year student of the Bachelor’s study programme Information Systems and Cyber Security at VU Kaunas Faculty Yehor Poliarskyi and the lecturer of the Institute of Social Sciences and Applied Informatics Assist. dr Renata Danielienė share tips for building new habits.

Use strong passwords

Create strong and unique passwords using a combination of upper- and lower-case letters, numbers, and symbols. Avoid using easily guessed information, such as your name, date of birth, or your pet's name (inappropriate passwords include 123456, Pug2023, computer2, etc.). Use different passwords for different accounts: if cyber criminals break into one account, other accounts that use the same password are also at risk. Password Manager can help you create, store, and manage strong, unique passwords for your accounts. This makes it easier to manage your accounts without remembering them all. It is recommended that you update your passwords every few months. This helps reduce the risk of unauthorised access, even if the password has been disclosed without your knowledge. It is not recommended to write down your passwords or store them in easily accessible files on your computer (e.g., TXT). Also, never share your passwords with anyone, not even friends or family. When setting password recovery security questions, choose ones that would be difficult for others to guess. Avoid using publicly available information. Please be particularly careful if you receive a request to change your password by clicking on the link via email. You should change your passwords by opening the website or information system yourself rather than clicking on links in messages or emails.

Enable two-factor authentication

This adds an extra layer of security, requiring confirmation by text message, email, or an authentication app. Two-factor authentification (2FA) is a security mechanism that requires two different elements (e.g., in addition to a password you know, a code sent to your phone) to authenticate your identity when you log into your account. This makes it much harder for hackers to gain access, even if they have your password. As long as the system you are using has multi-factor authentication, it is recommended that you use this feature to reduce the chances of your account being hacked—Prioritise 2FA for the most sensitive accounts, such as banking, email, and social media. If the system allows you to choose a second authentication method, select the one that is the most convenient to you, such as a code sent via text message or an authentification app. Be prepared to restore your account – if you lose access to your phone or the 2FA method, make sure you have a backup plan to restore your account, such as setting up backup passcodes or restoring email addresses.

Update your software

It is essential to make sure the apps installed on your devices are up to date. Do not ignore system and application updates. Regularly update your operating system, browsers, and apps to protect against known vulnerabilities. Sometimes, updates are not automatically installed but can be scheduled for installation. Reminders in the operating systems of computers, smart devices such as phones, smart TVs, and wearables often annoy users. They are not considered a serious threat, but those who ignore updates must know that they make devices more vulnerable to hacking under certain conditions. Automatic updates are usually set for computers but not necessarily for apps or browser plug-ins installed on smart devices. In this case, prioritise the most critical security updates for your operating system and applications.

Use a trusted anti-virus programme

Choose safe and reliable security tools that can detect and eliminate threats.

Be careful with links and attachments

Do not open obscure emails or links, especially from unfamiliar sources. Watch out for unexpected pop-ups, as they may invite you to visit fraudulent websites and link to malware. It is recommended that you do not enter personal or log-in data on websites that do not have HTTPS at the start of the address. Report suspicious websites: if you come across a suspicious or malicious website, report it to your IT department or official organisations such as https://safebrowsing.google.com/safebrowsing/report_phish/?hl=lt; www.svarusinternetas.lt.

Protect your privacy online. Do not share too much personal information on social networks or public platforms.

Use a VPN on public networks

If you use public Wi-Fi networks, avoid accessing confidential information or financial transactions, as they may not be secure. Consider using a VPN for additional protection. A VPN helps encrypt your data and protect you from potential attacks.

Regularly review your account security settings. Make sure your privacy and security settings meet your needs.

These simple steps can help you avoid many cyber threats and protect your data and privacy.