You Don't Need to Be an Expert to Stay Safe Online
A lot of cybersecurity advice sounds complicated — firewalls, zero-day exploits, end-to-end encryption. But the reality is that most people who get hacked, infected, or scammed online fall victim to basic, well-understood threats. And the defences against those threats are equally simple.
This guide covers what you genuinely need to know to protect yourself online — no technical background required.
Understanding the Main Threats
Before you can defend yourself, it helps to know what you're defending against:
- Malware: Software designed to damage, spy on, or take control of your device. Includes viruses, ransomware, trojans, spyware, and adware.
- Phishing: Fake emails, texts, or websites that impersonate trusted organisations to trick you into handing over passwords, credit card numbers, or personal details.
- Ransomware: A type of malware that encrypts your files and demands payment to restore access.
- Data breaches: When a company you've signed up with has its database stolen — your account credentials may end up being sold or published online.
- Social engineering: Manipulating people psychologically to make them reveal information or take actions they shouldn't. Often more effective than technical attacks.
The Five Most Important Security Habits
1. Use Strong, Unique Passwords for Every Account
Using the same password across multiple sites means a single breach can expose all your accounts. A password manager (like Bitwarden, free and open-source) generates and stores complex passwords so you don't have to remember them. You only need one strong master password.
2. Enable Two-Factor Authentication (2FA)
Two-factor authentication means that logging in requires both your password and a second verification step — usually a code sent to your phone or generated by an app. Even if someone steals your password, they can't log in without that second factor. Enable 2FA on your email, banking, and social media accounts first.
3. Keep Everything Updated
Software updates often include security patches that fix known vulnerabilities. Attackers actively exploit devices running outdated software. Enable automatic updates for your operating system, apps, and browsers. This single habit eliminates a large class of attacks.
4. Think Before You Click
Phishing attacks succeed because they're convincing. Before clicking a link in any email or message, ask yourself: Was I expecting this? Does the sender's address look right? Is there urgency or a threat designed to rush me? When in doubt, navigate directly to the website rather than clicking the link.
5. Back Up Your Data
Ransomware and hardware failure can both wipe out your files instantly. The 3-2-1 backup rule is a reliable guide: keep 3 copies of your data, on 2 different storage types, with 1 copy stored offsite (or in the cloud). Even a simple monthly backup to an external drive provides significant protection.
What to Do If You Think You've Been Hacked
- Stay calm — panicking leads to mistakes
- Change your passwords immediately, starting with your email account (since it controls password resets for everything else)
- Enable 2FA if you haven't already
- Scan your device with a reputable tool like Malwarebytes
- Check for unauthorised activity — review recent logins, transactions, and sent emails
- Alert relevant parties — your bank, email provider, or employer if work accounts are affected
Common Myths About Cybersecurity
| Myth | Reality |
|---|---|
| "I'm not important enough to be targeted" | Most attacks are automated and indiscriminate — everyone is a target |
| "Macs don't get viruses" | macOS can and does get malware — it's just less common than Windows |
| "A VPN makes me completely anonymous" | VPNs improve privacy but don't make you untraceable |
| "I'd know if I was infected" | Modern malware is designed to be invisible — symptoms aren't always obvious |
Where to Go From Here
Cybersecurity is a habit, not a one-time fix. Start with the five habits above — they cover the majority of real-world threats. As you get comfortable, explore the other guides on this site for deeper dives into specific topics like adware removal, spam filtering, and protecting your privacy online.
The goal isn't to be unhackable — it's to be a harder target than the next person.