Finally, cyber security is an important part of national security. Essential infrastructures, such as energy, transport, and communication, depend on the functioning of the Internet and digital technologies, therefore it is necessary to ensure that these systems are protected from cyber-attacks, since they can have a significant negative impact on society and national security. Cyber security vulnerabilities can be taken advantage of to spread misleading or false information that can arouse distrust of authorities or even society.
In the below interview, we explore this topic with the Risk Managing Expert Justina Tamulevičiūtė, who answers basic questions about the importance of cyber security in Lithuania.
Justina, can you name the main threats to the security of personal data that exist online?
Cyber attackers have various methods to steal your personal data. A very popular method is phishing: a social engineering attack which seeks to obtain sensitive information about you by impersonating a trusted institution or person. Hackers frequently try to obtain your personal data, login information or infect your device this way. If you want to protect yourself from phishing, always stay cautious when opening e-mails from unknown senders, never click on links or attachments. Phishing text messages, where the sender tries to impersonate your bank, courier or recruiter, are also popular.
Also, be careful with those messages that you receive in social media even from the people you know. If the message urges you to click on an intriguing link, is not similar to the content that the person you know is usually sharing, try texting them to see if they have caught a virus.
People usually share their data on social media, applications, and other platforms very easily, without researching what the data will be used for. People rarely read Data Policies or application access lists. That’s why a lot of businesses have excessive amounts of user data, and sometimes people share this information publicly. Even if you have hidden your personal information on social media, you must remember that not all websites are safe, and even the most famous and trusted businesses may have security vulnerabilities or experience a cyber-attack. In this case your personal data may also become accessible to hackers and be used against you to get financial advantage for themselves.
Is it true that people in Lithuania and all over the world use extremely simple passwords to protect their data?
Absolutely. According to some analyses, the most popular password in Lithuania last year was ‘admin‘, followed by ‘123456789’ and ‘123456’. It would take less than a second to crack each of these passwords. The NordPass outlines how to create safe passwords.
It is also known that people tend to re-use the same password for different accounts, sometimes adding a simple password variation (a number or symbol at the end of the password, capitalizing the first letter, and so on). Tricks like these are easily solved by hackers, so it won’t be any harder for them to crack your password.
It is essential to remember that even if you think that your created account is unimportant, that you don’t have a lot of sensitive information there, it is necessary to ensure its safety and not to use the same password that you are using for other platforms.
Why is it important to change passwords regularly? How can you create a safe and complicated password?
Hackers know a lot of ways to find out your password. One of them is to use previously leaked information. If your data has been previously affected by a cyber-attack and your e-mail and the password used in the account has become accessible to the hackers, they can try to login to other platforms by using the same login data. That is why it is very necessary to regularly change passwords and not to use the same password for several different accounts. Avoid using the variations of the same password.
You can check whether your account has been affected by a known data leak in Have I Been Pwned. It lets you search across multiple data breaches to see if your email address or phone number has been compromised.
Computer programs used by hackers can also try to find out your password by using popular variations, words, phrases. Therefore, a safe password has to be long, composed of random numbers, letters and symbols. Also, even if you are using a complicated and unique password, it is still highly recommended to use multi-factor authentication. This way, even if someone guesses your password correctly, they still wouldn’t be able to login to your account unless they have a second factor.
Since it is very difficult or almost impossible to remember a lot of unique passwords, we recommend using tools for that purpose, for example, a trustworthy password repository. It will always help to create unique and complex passwords and to keep them safely and comfortably.
Are Lithuanian residents often exposed to cyber-attacks? Is there a noticeable spread of disinformation regarding the data safety?
According to NCSC, the number of cyber-attacks in Lithuania has not changed drastically during the last years, you can find more information in National Cybersecurity Status Report. However, it is likely that the scale of the attacks is significantly higher and the exact number is unknown, since most people do not report the incidents they experience.
Usually, the main aim of cyber attackers is to gain financial benefits.
How can cyber-attacks be related to disinformation and how can we counter them?
Disinformation in the digital space is closely related to cyber safety, since a lot of people today read news online. Disinformation might be directed against cyber security facts, experts, in order to mislead the public and reduce people’s security.
Social engineering attacks, like phishing, are based on disinformation, the purpose of which is to deceive the public and to create a moment of urgency and importance. Disinformation is also used in the context of cyber-attacks, in order to mislead the victims and deceive the security specialists. For example, if you hear the news that your bank was exposed to a data leak, it will prompt you to click on a link in a message received from your bank without thinking, enter personal data and download malware.
If a cyber-attack has indeed occurred, culprits may seek to spread misinformation about the attack itself, its severity, and the perpetrators. This can be aimed at causing panic, blaming innocent parties, and hindering the smooth analysis of a cyber-attack.
Finally, can you recommend special tools or programs that would help guarantee a safer browsing experience and personal data protection?
Use unique and complex passwords for all your devices and accounts. Use a trustworthy password repository to generate them and to safely keep them. In this Cybernews article you can find the best-rated password managers.
If possible, use a multi-factor (MFA) authentication.
Always update the operation system of the applications and devices that you are using to the newest version. This way, you will be sure that it doesn’t have any known safety breaches.
Do not use unprotected public hotspots (Wi-Fi), and if you cannot avoid it, use VPN (virtual private network) service.
Stay vigilant and protect yourself from phishing attacks: do not open unknown links or attachments received from unknown senders and even from known senders if the message sounds suspicious.
Use a trustworthy anti-virus program in your devices.
Pay attention to what data about you is collected by the applications you are using and do not share excess data if they are not necessary to the operation of the application.
It is also recommended to always check the news about cyber incidents and newest safety practices. This way, you will be sure that you have familiarized yourself with the attacks that are currently popular and that you will be able to prepare yourself for them.
Background illustration: Kenstocker