For those of us who have been around computers for decades (I used my first computer in 1976!) there are some things users do to stay secure digitally speaking that seem obvious. But, those things are not necessarily obvious to new users or even those who have been using computers for a while but nobody has mentioned before. So, here are some tips:
**1\. Keep your system and software updated**
Updates fix security vulnerabilities that hackers find and exploit. So, make sure your computer is set to update its operating system automatically. Similarly, antivirus software, web browsers, and all your applications should be regularly checked for updates. Sometimes they do this automatically, but not always. It’s also worth checking your hardware, like printers and routers, for updates to the built-in software that runs those.
**2a Use a strong password**
It’s important to use strong passwords ones that cannot be easily guessed or generated by software. There are huge lists of hacked passwords on the internet and software can easily run through simple passwords and find the weak ones.
**2b Use a password manager**
A good password manager such as 1password or KeePass, can help you generate strong passwords and manage them securely.
**2c Don’t use the same password more than once**
Don’t use the same password on different sites, if one site is compromised, then your password on those other sites will be compromised too.
**2d Use two-factor authentication**
Also, enable two-factor authentication (2FA) or multi-factor authentication (MFA) on your important accounts (email, banking, social media). This involves adding a step so that a hacker needs access to your password **and** your phone or other device to get the second part of your login. Some banks send you a hardware key to allow you to login.
**3\. Be wary of phishing attacks, online scams, and dodgy phone calls
**
Never click a link in an email or open an unknown attachment even if you think you know who it came from. There are lots of ways fake emails, websites, online messages, and even phone callers will try to trick you into entering login and other details into a dodgy site. Be more than cautious of anyone asking or trying to persuade you into giving out a password, PIN, date of birth or other details. Don’t be suckered by con artists and social engineering where someone contacts you and claims to be from Microsoft, Amazon, Google, or IT support etc. Nobody from any company will call you to help with your computer, _ever_.
**4\. Install & maintain security software**
Windows and other operating systems often have inbuilt antivirus and firewalls, make sure they’re running and kept up to date. There’s generally no need to install a third-party antivirus on Windows computers and it will be set to keep itself updated by default.
**5\. Backup your important data regularly**
Keep a copy of your documents, photos, and other files on an external drive or in cloud storage (Google Drive, OneDrive, Dropbox, iCloud). This means you don’t lose your data if your computer is stolen or fails, or you get snagged by ransomware. Better still, use two external drives and keep one in a different room from your computer and one in a different building, if you can **and** used cloud storage too.
**Bonus tip: Be cautious on public Wi-Fi**
Hackers can sometimes intercept your computer or logins if you’re connecting to an unsecured network in a hotel, cafe, or other site. If you’re out and about, use a VPN, like ExpressVPN, to hide your connection. It’s best to avoid logging into banking or sensitive accounts on public Wi-Fi unless you really have to. Even then, there’s always the option of using your phone as a personal hotspot instead of connecting to public Wi-Fi, but remember that will use up your phone data.
_**Glossary**_
**Antivirus Software** – A program designed to detect, prevent, and remove malicious software (malware) from a computer.
**Authentication** – The process of verifying a user’s identity before granting access to a system or account.
**Backup** – A copy of important files stored separately (e.g., on an external drive or in cloud storage) to prevent data loss.
**Baiting** – Offering something tempting (e.g., a free USB drive infected with malware) to lure victims into compromising security.
**Browser** – A software application (e.g., Firefox, Chrome, Edge) used to access and navigate the internet.
**Cloud Storage** – Online storage services (e.g., Google Drive, Dropbox, OneDrive) that allow users to save and access files from any internet-connected device.
**Encryption** – A security measure that scrambles data so that only authorized users can read it.
**Firewall** – A security system that monitors and controls incoming and outgoing network traffic to block threats.
**Hacker** – More properly, a cracker. A person who attempts to gain unauthorized access to systems or data, often for malicious purposes.
**Hardware** – The physical components of a computer (e.g., motherboard, processor, memory, hard drive).
**Malware** – Malicious software designed to harm or exploit a computer, including viruses, spyware, and ransomware.
**Multi-Factor Authentication (MFA)** – A security method requiring multiple verification steps (e.g., password + phone code) to access an account.
**Operating System (OS)** – The software that manages a computer’s hardware and software (e.g., Windows, macOS, Linux).
**Password Manager** – A tool that securely stores and generates strong passwords for different accounts.
**Phishing** – A cyberattack where hackers send fake emails or messages to trick users into revealing sensitive information.
**PIN (Personal Identification Number)** – A short numeric code used for security (e.g., banking or unlocking devices).
**Pretexting** – Creating a fabricated scenario (e.g., pretending to be IT support) to trick a victim into providing information.
**Public Wi-Fi** – Wireless internet networks in public places (e.g., cafes, airports, hotels) that can be insecure.
**Ransomware** – A type of malware that locks or encrypts a user’s files and demands payment to restore access.
**Router/Modem** – A hardware device that connects a local network (home or office) to the internet.
**Scareware** – Displaying fake security alerts to trick users into downloading malicious software.
**Social engineering** – We used to call this a con, or confidence trick. It’s a manipulation technique that exploits human psychology to trick people into revealing confidential information or taking harmful actions.
**Software** – Programs and operating systems that run on a computer.
**Spam** – Unwanted or unsolicited messages, usually advertising or scams, often sent in bulk via email.
**Spyware** – Malicious software that secretly gathers information about a user’s activities.
**Tailgating (Piggybacking)** – Physically following an authorized person into a secure area without proper credentials.
**Two-factor Authentication (2FA)** – A security feature that requires two forms of verification before logging in (e.g., password + SMS code).
**Virtual Private Network (VPN)** – A service that encrypts internet traffic and hides a user’s location to improve privacy and security.
**Vulnerability** – A weakness in software or hardware that can be exploited by attackers.
**Windows Defender** – Microsoft’s built-in security tool that protects against viruses and malware.
**Wi-Fi** – A wireless network that allows devices to connect to the internet.