Goce Arsovski: Should European citizens today feel safe online?

Klaudia Kloc: Nobody is 100% safe online, but by adhering to basic rules of work hygiene and safety, citizens should feel relatively secure online, especially considering the recent initiatives by the European Union to promote cybersecurity. However, one should always remember that the online landscape is ever-evolving. The pandemic and war in Ukraine have introduced new threats, including massive disinformation that we still don't know how to deal with efficiently in terms of both regulations and practice.

G: What are some ways to protect oneself from online threats that anyone can employ?

K: Education. To be able to protect yourself, one needs to understand the threats and grasp the basic security measures that can be taken.

Turn on 2FA if possible, for all your apps; it will protect you when your password is stolen. Black hat hacker who steals your password won’t be able to login into your account without access to your authentication app or other second factor like for example text message. Keep your device updated, as updates can contain critical patches for vulnerabilities. Read emails carefully and double-check the sender's authenticity. Never download an attachment if you are unsure about the email's legitimacy. Don't believe or share information if you are uncertain about the source. I could go on and on.

What is the most common threat from which data is being stolen/manipulated in Europe, and in your country?

After the Russian invasion of Ukraine, one of the most significant threats and challenges facing European citizens, especially polish, is disinformation and pro-Russian hacker attacks aimed at stealing information and causing disruptions.

The use of social media bots, propaganda news sites disseminating fake news represents one of the most common techniques employed to manipulate public opinion. Sending misleading messages on Telegram or WhatsApp groups is a social engineering technique that works surprisingly well. When the Russian invasion of Ukraine escalated in 2022, there were a lot of people sending messages claiming that 'their uncle/cousin/neighbour' worked for the government/military or other public institutions and had top-secret information about the war.

The same happened with COVID. People were panicking because someone was sharing the same false information about lockdowns. It's easier to believe something when it's your Facebook friend's cousin saying it, right? Be careful when you read this kind of information; you never know who the source is.

Apart from that, we still have to deal with thieves who use various social techniques to steal money from citizens. They send phishing emails, with fake invoices or manipulate users into sending their BLIK code via messenger to steal their money. So how does phishing work? Let's say you receive an email that looks like it's from a well-known online shopping website that you've used before. The email might have their logo and a message saying something like, "Your recent purchase is ready for payment. Click here to view and pay your invoice." When you click on the link, it takes you to a website that looks just like the real shopping website. It even shows a fake invoice with an amount you supposedly owe. The email might seem urgent, and it might say that if you don't pay right away, there could be consequences.

But here's the trick: it's all fake. The website is not the real one, and the invoice is made up. If you enter your credit card information or BLIK code to pay the invoice, the cybercriminals running the scam can steal your credit card details or the code, and use them for their own gain.

This is a never-ending story; sadly, thieves are becoming more and more creative and finding new ways to deceive people.

How would you describe Europeans’ attitude towards privacy and personal data protection vs. your countries’ attitude?

The EU introduced stricter privacy regulations, such as GDPR, which were also adopted in Poland.

However, during the pandemic, many European countries introduced solutions to track the spread of the virus, and a lot of sensitive user data, including healthcare information, was gathered. These solutions were usually implemented quickly, often without proper security measures and lacking a legal basis (as in the case of France, for example).

Information gathered can be used for both beneficial but also harmful purposes, the pandemic is over, but elements of surveillance still persist. In Poland, the problem with privacy is even more significant. Recently, the PEGA Committee published a report related to the use of PEGASUS, surveillance software, used by the Polish government to spy on journalists and activists. The conclusion was that uncontrolled surveillance is a problem in Poland, posing a threat not only to privacy but also to democratic elections.

Are EU institutions safe from cyber-attacks? How about your country's institutions?

No institutions are safe from cyber-attacks.

Is the business sector following the latest trends in cyber-security? Are private companies investing in security?

Yes, once again, the pandemic has helped spread security awareness across the business sector. While companies were already obligated to introduce security measures due to regulatory compliance, the increase in cybersecurity attacks observed during the pandemic prompted executives to invest more in tools and security teams. Additionally, technology is becoming increasingly complex, making it harder to secure.

At Vidoc Security Lab, we conduct research on the security of web applications, and from our experience, many of the vulnerabilities introduced by companies in their software could be easily prevented with the right monitoring in place. However, due to the complexity of the system, it's challenging to keep track of every component of the web app. We send over 140 security reports to the biggest tech companies in the world. Their responses indicate a growing awareness of the importance of security.

Are parents, teachers, and school children sufficiently aware of the cyber landscape? Are they informed enough to protect their data?

The rapidly evolving nature of technology and the internet makes it challenging for parents and teachers to keep up with the latest cybersecurity threats and best practices. This knowledge gap can leave children exposed to risks.

Furthermore, the Polish standard curriculum lacks basic information about the latest cybersecurity threats. There is no dedicated time in Polish schools to teach children even the fundamentals of online safety.

How would you describe the trend in recent years in terms of digital safety & privacy for the CSOs in your country?

NGOs in Poland have indeed become increasingly aware of cybersecurity importance, especially as they found themselves relying more on technology during the pandemic. However, it's crucial to acknowledge that many of these organizations face significant challenges in introducing proper security measures due to financial constraints and time limitations.

The COVID-19 pandemic accelerated the digital transformation of NGOs, pushing them to adopt online platforms for fundraising, communication, and program management. While this shift allowed for greater outreach, it also exposed them to a range of cybersecurity risks, from phishing attempts to data breaches. The situation became even more complex with the influx of Ukrainian NGOs relocating their headquarters to Poland in the wake of the Russian invasion of Ukraine. These organizations, already under immense political pressure from Russia, faced heightened cyber threats and disinformation campaigns. Protecting their data and operations from cyberattacks became a matter of utmost importance.

What would be your message to our readers – what should they avoid & be especially careful about?

Humans are the weakest link, so be careful about the kind of information you share online because nothing is 100% safe.

Don't click on any links, and don't open attachments if you don't know the sender of the email.

And let's not forget about disinformation – there is a rule that journalists follow when they write articles and gather news: always verify information in at least three different sources to ensure you don't spread misinformation.

I recommend that every citizen follows this rule when they share something or comment on social media. I know it's extremely hard nowadays when it's challenging to do so because even well-known portals sometimes make mistakes and share fake news, but there are some tools that can help you identify misinformation. Check out organizations in your country that fight against disinformation; they usually share tips that work best in your area.

You can follow Klaudia Kloc on Twitter or LinkedIn.

💡 If you're interested in boosting your own or your organization's cybersecurity awareness, enroll today in our free, self-paced Digital Safety & Security course: