Staying safe online does not require a technical background, expensive software, or hours of effort. The vast majority of successful cyber attacks exploit simple, preventable mistakes. The best defence is a series of small habits that become automatic.
Pause before you click
The single most impactful habit you can build — costs nothing but two seconds of attention. Before clicking any link in an email, text message, social media post, or messaging app, ask yourself: was I expecting this? Does this make sense? If you have any doubt, do not click. Navigate to the website yourself by typing the address into your browser.
Lock your devices every time you step away
Lock your phone, laptop, and computer every time you step away — even for a minute. On Windows: Windows + L. On Mac: Command + Control + Q. On your phone: press the power button once. This prevents anyone nearby from accessing your accounts while your back is turned.
Keep software updated
Software updates close security vulnerabilities that have been discovered since the last version. When a vulnerability becomes public, attackers begin exploiting it immediately. Enable automatic updates for your phone, laptop, and all apps.
Use a unique password for every account
If you reuse passwords and one account is breached, attackers immediately test your stolen credentials on hundreds of other services. Use Bitwarden (completely free) to generate and store a different strong password for every account. You only need to remember one master password.
Enable two-factor authentication
Even if someone steals your password, 2FA means they still cannot access your account without a second verification step only you can provide. Enable it on your email, banking apps, Apple ID or Google account, and social media profiles today. It takes two minutes.
Check who actually sent that email
Before clicking any link or following any instruction in an email, take three seconds to verify who actually sent it. Tap or hover on the sender name to reveal the real email address behind it. A scammer can name their address “Your Bank Security Team” while the actual address is completely unrelated.
Be careful what you share online
Account recovery questions often ask for your mother’s maiden name, your first pet’s name, or your childhood street — all commonly available on social media. Be thoughtful about what personal details you make public.
Use mobile data for sensitive tasks
When you need to check your bank or log into any important account away from home, switch off Wi-Fi and use your mobile data connection. Mobile data is encrypted. Most public Wi-Fi is not. The habit takes one second.
Back up your important files
Ransomware encrypts everything on your device and demands payment for the decryption key. The complete defence is having a recent backup that exists independently of your device. Set up automatic backups through iCloud, Google Drive, or an external hard drive.
Listen to your instincts
If something about an email makes you uneasy — an unusual tone, a domain name that is almost right, a request that does not add up — trust that feeling rather than overriding it. Scammers create urgency specifically to make you act before your instinct registers. Slow down. Verify before you act.
Your daily security checklist
- Pause and think before clicking any link
- Lock your devices every time you step away
- Install software updates promptly — enable automatic updates
- Use unique passwords for every account via a password manager
- Enable 2FA on email, bank, and social media
- Always check who actually sent an email before acting on it
- Be thoughtful about personal information you share publicly
- Use mobile data for sensitive tasks when away from home
- Back up important data automatically and regularly
- Trust your instincts when something feels wrong
None of these habits requires technical knowledge. Start with two or three today and add more as they become automatic. Within a few weeks, your online security will be dramatically stronger.