Ghana lost GH¢23.3 million to cybercrime in 2024. In the first half of 2025 alone, another GH¢14.9 million vanished through fraud, blackmail, and unauthorised access, and the number of reported incidents nearly doubled over the same period in the previous year. Yet for most Ghanaians, the most dangerous vulnerability is not sophisticated malware or a state-sponsored attack. It is a weak, reused password.
That was among the core warnings delivered by Dr. Veronica Semenova and Dr. Romana Riyaz, cybersecurity researchers and faculty members at the University of the People, during a recent webinar on digital safety fundamentals titled “Cybersecurity Basics: Protecting Your Data in the Digital Age.”
Their message carries particular weight in Ghana. According to the Cyber Security Authority (CSA), online fraud accounted for 36 percent of all reported cyber incidents in Ghana in the first half of 2025, followed by cyberbullying at 25 percent, online blackmail at 14 percent, and unauthorised access at 12 percent. Mobile money transactions in Ghana exceeded GH¢570 billion in 2024, making the ecosystem a prime target for fraudsters who exploit weak authentication, social engineering, and SIM-swap attacks.
Dr. Semenova and Dr. Riyaz structured their webinar around the CIA Triad, the foundational framework that guides all serious cybersecurity practice. The three principles are Confidentiality, which ensures that information is accessible only to those who are authorised to see it; Integrity, which protects data from being altered or destroyed without permission; and Availability, which ensures that systems remain accessible to legitimate users when needed. Together, they said, these principles should underpin how individuals and organisations think about protecting their digital lives.
On the threat side, the webinar focused heavily on phishing attacks, which use deceptive emails or links to steal login credentials and personal information. In Ghana’s context, this threat is acute. Business email compromise, romance scams, payment diversion fraud, and employment and scholarship scams are among the most commonly reported forms of online fraud targeting Ghanaians. The researchers urged participants to scrutinise sender addresses carefully, avoid clicking links from unknown sources, and verify unusual requests through a separate communication channel before responding.
For password security, the webinar recommended a minimum of 12 to 16 characters per password, with a unique password for every account. The use of a password manager, they said, removes the burden of memorisation while dramatically reducing the risk of account takeovers. Enabling Two-Factor Authentication (2FA), where a second verification step is required beyond the password, was described as one of the single most effective steps any user can take. Free and widely available options include Google Authenticator and Microsoft Authenticator.
On device protection, the researchers stressed that the vast majority of successful attacks exploit known security gaps that software updates have already fixed. Delaying updates, they said, is effectively leaving a known door unlocked. Anti-malware software, device screen locks using a personal identification number (PIN) or biometric authentication, and avoiding sensitive transactions over public Wi-Fi rounded out their device protection guidance.
The researchers also highlighted data backups as a critical but underused defence, particularly against ransomware, a form of attack where criminals lock a victim’s files and demand payment to restore access. Ransomware attacks in Ghana have evolved from opportunistic crimes into targeted assaults on critical infrastructure, with small and medium-sized enterprises particularly vulnerable due to limited investment in security defences. Regular backups to both cloud storage and an external drive ensure that even a successful attack does not result in permanent data loss.
For Ghanaians building or improving their cybersecurity knowledge, free learning platforms such as Cybrary and Coursera offer structured beginner to intermediate courses. The Cyber Security Authority of Ghana also maintains an active advisory portal at csa.gov.gh with up-to-date threat alerts and guidance tailored to the local environment.
The researchers’ closing point was simple: strong cybersecurity is less about expensive tools and more about consistent daily habits. In a country where digital transactions are growing faster than digital literacy, that distinction may be the most important one of all.
