Skip to content
All insights
securitypersonaladvice

Protecting yourself online — a no-nonsense guide

The internet isn't scary, but it does reward people who pay attention. Here are the practical steps that actually matter for staying safe online.

JW

Jason Webb

5 min read

You don't need to be a tech expert to stay safe online. You just need a handful of good habits and a healthy dose of scepticism. Most of the people I help after something has gone wrong weren't doing anything reckless — they just didn't know what to watch for.

Here's what actually matters.

Keep your software up to date

I know — updates are annoying. But most of the nasty infections I clean up were preventable. The fix existed months before the attack; it just hadn't been installed. Your operating system, your browser, and your apps all release security patches regularly. Turn on automatic updates and let them do their job.

This applies to your phone too. That "update available" notification isn't optional decoration.

Use strong, unique passwords

If your password for internet banking is the same one you use for that recipe website you signed up to in 2014, you have a problem. When that recipe site eventually gets breached (and they all do), your banking password ends up on a list that criminals buy for a few dollars.

A password manager solves this completely. It generates random, uncrackable passwords for every site and remembers them so you don't have to. You just need one good master password. Bitwarden is free and works on everything.

Turn on two-factor authentication

Two-factor authentication (2FA) means that even if someone steals your password, they can't get in without a second piece of proof — usually a code from an app on your phone. Turn it on for your email first, because your email is the master key to almost everything else. Then your banking, social media, and anything else that matters.

Use an authenticator app (like Microsoft Authenticator or Google Authenticator) rather than text messages. SMS codes can be intercepted; app codes can't.

Be careful what you click

Most attacks don't start with some genius hacker in a dark room. They start with someone clicking a link in a dodgy email. Before you click anything:

  • Check the sender. Does the email address actually match who it claims to be from?
  • Hover over links. On a computer, hover your mouse over a link before clicking — the real address shows up in the bottom corner of your browser.
  • Be suspicious of urgency. "Your account will be closed in 24 hours" is almost always a lie designed to make you panic and click.

When in doubt, don't click the link. Go directly to the website by typing the address yourself.

Use a secure WiFi connection

Public WiFi at cafes and airports is convenient, but it's also where your data is most exposed. Avoid doing anything sensitive — banking, shopping, logging into important accounts — on public networks. If you need to, use a VPN (Virtual Private Network) which encrypts your connection so nobody on the same network can snoop.

At home, make sure your WiFi has a proper password and that you've changed it from the default one printed on the router.

Back up your important files

Ransomware locks your files and demands payment. A hardware failure wipes everything. A stolen laptop takes it all with it. The fix for all three is the same: regular backups.

The easiest approach is the 3-2-1 rule: three copies of anything important, on two different types of storage, with one kept off-site (cloud storage counts). It sounds like a lot, but a cloud backup running in the background and an external hard drive you plug in once a month covers it.

Trust your instincts

If something feels off — an email that doesn't quite read right, a website that looks slightly wrong, a phone call asking for information they should already have — trust that feeling. Scammers rely on you overriding your own judgement because you don't want to seem rude or paranoid.

It's always okay to hang up, close the tab, or not reply. Legitimate organisations won't mind you verifying through their official channels.

None of this is complicated. It's just a matter of building a few small habits. And if something does go wrong, or you're not sure whether something is legit, give me a call. I'd much rather help you check a suspicious email than clean up after you've clicked on it.

Previous

Internet safety for families — a balanced approach

Next

What is phishing — and how to spot it before it catches you

Say hello

Ready to get started?

Pick a time that suits you. No obligation, no jargon, just a friendly conversation.