Banks Are Safe – Our Habits Decide: Cybersecurity Lessons from Przemysław Skulski, Associate Professor at WUEB

Are we defenceless online? University experts say no. Polish banks follow strict standards, but outcomes depend on our daily choices: what we click, how we log in, and how we pay. 

The core question 

The Radio Szczecin debate began with a simple prompt: is cyberspace already dangerous – and are we helpless? The reply is balanced. Attacks are more frequent and louder, yet the sector’s safeguards are robust. The weak link is often human behaviour. 

Safer than cash 

Prof. Przemysław Skulski (Wroclaw University of Economics and Business) notes we live fully digital lives and too easily forget basic security. Cash has an emergency role, but “a good bank is definitely safer.” System resilience matters; so do our habits. 

Dr Paweł Rajba (University of Wrocław) adds the technical frame: banks operate under tight regulation and invest heavily in security, so direct theft is hard. Criminals therefore target the human-device interface-phishing and social engineering – where a moment of routine can be nudged off course. These are organised, costly operations – not a “press one button to steal” scenario. 

Outages vs attacks: what users can (and can’t) see 

Can you tell an attack from a fault at first glance (as with recent BLIK issues)? In practice, no. Only log analysis improves certainty, and that takes time. Users should follow procedures instead: don’t force-repeat failed payments, wait for official messages, and watch account activity. 

The same applies to ATMs. “Spot the overlay” sounds sensible, but high-grade skimming may be invisible. Reduce risk: favour contactless cash withdrawals or BLIK, pick machines in branches or monitored places, cover the keypad, and keep reasonable transaction limits. 

Strong passwords, passphrases, and 2FA 

Password hygiene is non-negotiable. The biggest mistake is reusing the same password across services. Use a password manager to store and generate unique credentials. When you must create them yourself, prefer a passphrase-several unrelated words; length is strength. Don’t change passwords on a fixed schedule; change them after a breach or credible suspicion. 

Add multi-factor authentication everywhere you can. SMS codes or app prompts are standard; a physical U2F/FIDO key is an extra-strong option for critical accounts. Prof. Skulski also advises splitting funds (current ≠ savings) and setting transaction limits. You barely notice them day to day – but in an incident they act as a fuse. 

“Everything can be superbly secured, but if a criminal phones us and we hand over codes and passwords-nothing will help.” 

– prof. Przemysław Skulski

Hybrid warfare and the cost ledger 

The scale is growing, including in hybrid-warfare contexts. As Prof. Skulski stresses, losses are economy-wide – beyond banking to firms and citizens. We need two pillars in parallel: technology (standards, procedures, tools) and common sense (awareness of social engineering, vigilance, and consistent habits). 

Recommendations for society and business 

• For business, build password policies around passphrases and managers. Roll out 2FA “everywhere possible.” Train staff on social engineering and run incident playbooks. 
• For schools and universities, include cyber hygiene in core curricula. 
• For public bodies, use plain language in alerts and test notification systems for transactions and data leaks. 
• For all of us – Don’t click by habit. Don’t “forward” codes. Don’t bow to time pressure. 

Listen to the full interview on the Radio Szczecin website:: https://radioszczecin.pl/276,14696,hakerzy-atakuja-polskie-banki-i-instytucje-finan 

badania.uew.pl – because calm, expert voices cut through the noise. 

Author: Barbara Grzelczak