At the same time, cybercrime is increasing and estimates put Nigeria’s annual losses from cyber-related fraud at about $500 million.

Globally, the World Economic Forum in its Global Cybersecurity Outlook 2026 warned that the spread of artificial intelligence and ongoing geopolitical stresses are making cyber attacks faster, cheaper and harder to detect.

Everyday gadgets, smartphones, laptops and smart home devices, are now prime targets because they store financial details, private messages and identity information.

For many Nigerians who rely on these devices for payments, business and communication, a single breach can lead to drained accounts, stolen identities or leaked data. Understanding the risks and adopting simple habits can make a real difference.

Common Cyber Threats in 2026

Cyber threats have grown more complex over the past three years, largely driven by AI tools that help criminals automate attacks.

In Nigeria, phishing is the most common tactic. Fraudulent messages often come through WhatsApp, SMS or cloned banking apps, tricking users into revealing passwords, card details or one-time codes.

The Deloitte Nigeria Cybersecurity Outlook 2026 also highlighted a steady rise in phishing and ransomware cases, fuelled by increased online transactions and digital payments.

Malware and spyware continue to infect phones and laptops, stealing data or locking users out of their own files. Ransomware attacks, where victims are asked to pay to regain access, have also increased.

Public Wi-Fi networks in airports, cafés and busy commercial centres in cities like Lagos remain a weak point, as attackers can intercept unencrypted data.

Another issue is AI-powered scams. Deepfake voice notes and cloned identities are being used to impersonate relatives, company executives or bank officials. These tactics make fraud harder to spot and more convincing.

Basic Security Habits Every User Should Adopt

Strong digital hygiene blocks many of the most common attacks. Start with strong, unique passwords for each account. Avoid reusing the same password across platforms. A trusted password manager can help generate and store complex passwords securely.

Enable two-factor authentication (2FA) wherever possible. Authentication apps or hardware keys are safer than SMS codes, as text messages can be intercepted. Even if a password is exposed, 2FA adds another barrier.

Regular software updates are also critical. Updates fix known security flaws that criminals exploit. This is especially important for widely used Android devices and popular apps.

These steps are simple, cost little or nothing, and significantly reduce exposure to phishing, malware and account takeovers.

Securing Phones, Laptops and Smart Devices

Smartphones and laptops handle most online activity and should be prioritised. Download apps only from official app stores. Fake banking or payment apps often contain hidden malware. Most phones allow users to block installations from unknown sources, keep that setting on.

On laptops, install reputable antivirus software and ensure the firewall is enabled. Avoid clicking unknown email attachments or suspicious links.

Smart TVs, fitness bands and other Internet of Things devices can also be entry points for attackers. Change default passwords immediately after purchase. Disable features you do not use. If possible, connect smart devices to a separate Wi-Fi network from the one used for banking and work.

Review app permissions regularly. Limit access to your camera, microphone, location and contacts unless necessary. With mobile money widely used in Nigeria, restricting permissions can prevent spyware from harvesting sensitive details.

Safe Internet Use and Online Behaviour

Many cyber incidents happen because users unknowingly share sensitive information. Always double-check links before clicking. Look closely at website addresses and be wary of urgent requests for payment or confidential data.

On social media, adjust privacy settings to control who sees your posts. Avoid sharing real-time location updates or financial information.

When shopping or banking online, use secure websites with “https” and a padlock icon in the address bar. Avoid conducting financial transactions on public Wi-Fi. Use mobile data or a trusted virtual private network instead.

With AI-driven scams on the rise, confirm unusual financial requests through a separate channel. If someone calls claiming to be from your bank, hang up and dial the official customer care number.

What to Do If You Suspect a Hack

If you notice unusual logins, strange pop-ups or unexplained bank charges, act quickly. Change passwords immediately and enable 2FA on affected accounts. Disconnect the device from the internet to limit further access.

Run a full antivirus scan using updated software. For financial accounts, contact your bank or service provider without delay to block or freeze transactions.

Back up important data regularly and keep offline copies. This reduces the pressure to pay in case of a ransomware attack.

If sensitive personal data has been exposed, report the matter to the appropriate authorities such as the Economic and Financial Crimes Commission or the National Information Technology Development Agency. Early reporting can help contain wider damage.

Cybersecurity in 2026 is about consistent habits, not one-off actions. Strong passwords, regular updates, two-factor authentication and cautious online behaviour remain the first line of defence.

With Nigeria’s digital economy growing fast, personal vigilance will be key. Threats will evolve, but practical, everyday precautions can keep your devices, money and data safer in an increasingly connected world.

The call comes as part of activities marking the 2025 National Cyber Security Awareness Month.

With technology now part of everyday life, including mobile banking and social communication, among others, NITDA says awareness and personal discipline are essential in preventing cyber incidents that target unsuspecting users. 

The agency warned that while Nigeria’s digital economy grows, the risks grow with it, and citizens must adopt habits that make them less vulnerable to hackers and online fraud.

According to NITDA, simple habits can make a significant difference in keeping individuals safe online. These include using strong and unique passwords, enabling two-factor authentication, updating software regularly, and backing up important data. 

The agency also cautioned against opening links or attachments from unknown sources and advised people to think twice before sharing personal or financial details online.

This year’s theme, “Cyber Hygiene for a Safer Tomorrow,” reinforces the idea that cyber safety is not limited to individual behaviour. It is a shared responsibility that, when collectively observed, helps protect families, workplaces, and the wider digital community.

“Cyber hygiene is not only a personal responsibility but a collective effort. When individuals protect themselves, they also safeguard their families, workplaces, and the broader digital community,” the agency stated.

NITDA’s warning comes as more cyber incidents target both private citizens and organisations across Nigeria. The agency noted that strengthening cyber hygiene is indispensable in building a secure and resilient digital nation.

As part of its cyber safety campaign, NITDA urged Nigerians to “stay alert, click wisely, and stay safe online,” reminding everyone that cybersecurity starts with individual action.

The statement was signed by Mrs. Hadiza Umar, director of Corporate Communications and Media Relations at NITDA.

Cybersecurity Pro Tips:

• Face Scans and Fingerprints are Safer Than Passcodes: Use features like Face ID or fingerprint scans for your devices as much as possible. These are safer than passcodes and devices have good built-in protections for this sensitive information.
• Use Multi-Factor : Use multi-factor authentication (MFA) whenever possible. This gives an important extra layer of security that makes it harder for cybercriminals to access your accounts. If you can’t use something more secure like secure authenticator applications or physical hardware security keys, use your phone number — it’s safer than using nothing. If you use MFA for only one thing, use it for your email: that’s what attackers want the most.
• Think Before You Share Publicly: Think twice before sharing any information publicly –cybercriminals can use it to access your accounts or to convince someone that they’re you.
  • Think about those cute surveys on Facebook with questions about your first car, city you were born in: these are the same kinds of info cybercriminals can use to pretend they’re you and log into and take over your accounts.
• You Don’t Always Need (to keep) the App: Don’t feel pressured to download an app every time: you can often use the service’s website just as well. Apps collect much more data than websites, including your location, your contact list and other info you might not want to share. If you do download an app, think about deleting it when you’re done using it: you can always reinstall it next time you need it.

Beware of Apps You Get Outside of the Big-Name App Stores:

• Be On Your Guard for Unexpected Emails and Text Messages: Phishing continues to be one of the most effective tactics cybercriminals use to compromise consumers. If you get an unexpected email or text message, ignore it or at least don’t interact with it (don’t open attachments, don’t click on links). If you think it might be legitimate, reach out directly to who you think sent it and check with them.

• Question Urgency in Emails and Calls: Cybercriminals use urgency to get you to let your guard down and make bad decisions. If someone contacts you saying they’re from a trusted organization like the IRS, police or your bank and need you to take action quickly or something bad will happen, stop and question it. Go to the trusted source like the number on the back of your credit card to independently validate the request.

• Practice Good Password Security: Every account should have its own unique complex password. A strong password is at least 12 characters long with a mix of numbers, upper- and lower-case letters, and punctuation characters. Passwords should not be based on any personal information, and the best ones use a phrase rather than single words. If these passwords are too tough to juggle, try a password manager to stay organized.

• Keep Everything Updated and Run Security Tools. Make sure all your apps and devices are always fully updated.

Get Rid of End-of-Life Devices and Software:

Everything from operating systems to services to Wi-Fi routers “go stale” and must be replaced eventually. For example, it might surprise you, but your internet router is typically only supported with patches and updates for a few years after you get it. Attackers love out-of-date devices. When something is “out of support” it’s stale: get rid of it and replace it with something fresh.

• Back Up Your Data: While ransomware groups are mostly after businesses that can pay higher ransoms, they still go after people at home. It’s still important to have your data backed up so that you don’t have to consider paying a ransom.

Put Your Mind at Ease Regarding These Cybersecurity Concerns

Part of staying secure requires being able to filter out the noise and prioritize the security actions that matter. Here are things not to worry about. Focus your energy on real risks, not exaggerated threats.

• Public Wi-Fi is Safer Than You Think: Contrary to outdated advice, public Wi-Fi is generally safe due to encryption used by most websites and apps. Use it freely at airports or coffee shops, but avoid sensitive activities.
• Beware of Fearmongering Around New Tech Features: Not every new technology is as risky as it’s made out to be. For example, Apple’s NameDrop feature is generally safe and requires specific conditions to function. However, if you’re concerned, you can easily turn it off in settings.

Stop Stressing Over Public Chargers: The risk of “juice jacking” (data theft from public chargers) is extremely low. Don’t worry about using public phone chargers — just focus on real, more prevalent threats.