Back to Resources

10 Simple Steps to Protect Yourself Online in 2025

Cybercrime in the UK is rising year on year, and you don't need to be a large business to be a target — in fact, individuals and small businesses are often easier targets precisely because they assume they're too small to bother with. The good news is that the basics go a long way, and none of the steps below require any technical expertise.

1. Use Strong, Unique Passwords — and a Password Manager

Using the same password on multiple sites is one of the biggest risks most people carry. When one site is breached (and they are, regularly), attackers try those same credentials everywhere else — a technique called credential stuffing.

The solution: use a password manager like Bitwarden (free), 1Password or the one built into your browser. It generates and stores unique, complex passwords for every site so you don't have to remember them. You only need to remember one master password.

2. Turn On Two-Factor Authentication (2FA)

Even a strong password can be compromised. Two-factor authentication (2FA) adds a second step — usually a code sent to your phone or generated by an app — so even if someone has your password, they can't log in without your device.

Enable it on your email account first (it's the key to everything else), then your bank, Apple ID, Google account, and any other important services. Apps like Google Authenticator or Authy are more secure than SMS codes but either is vastly better than nothing.

Start with email Your email account is the master key — most password resets go through it. If an attacker gets into your email, they can reset every other password you have. Protect it first.

3. Keep Your Devices Updated

Software updates aren't just new features — the majority contain security patches that fix vulnerabilities attackers are actively exploiting. Running an outdated version of Windows, macOS, or your phone's OS means you're exposed to known, documented weaknesses.

Enable automatic updates on all your devices. Yes, updates can be inconvenient, but a compromised device is far more inconvenient.

4. Be Sceptical of Emails and Texts

Phishing remains the number one delivery method for malware and account theft. Attackers impersonate banks, HMRC, Royal Mail, BT, Microsoft, and countless others with increasingly convincing fake emails and texts.

Red flags to watch for:

When in doubt, don't click the link — go directly to the organisation's website by typing the address yourself, or call them on a number you find independently.

5. Use Antivirus Software

Windows Defender (built into Windows 10/11) is a solid baseline and you should make sure it's switched on. For an additional layer, Malwarebytes (free version for manual scans) is a good complement that catches things Defender sometimes misses.

On Mac, the built-in security is strong but not infallible — Malwarebytes for Mac is also free and worth running occasionally.

6. Back Up Your Data

Ransomware — malware that encrypts your files and demands payment for the key — can wipe out years of photos, documents and business data. The only guaranteed protection is a backup that attackers can't reach.

Follow the 3-2-1 rule: 3 copies of your data, on 2 different types of storage, with 1 copy off-site (e.g. cloud). At minimum, set up automatic backups to OneDrive, Google Drive, or an external hard drive — ideally both.

Test your backups A backup you've never tested is a backup you don't actually have. Periodically restore a file from your backup to confirm it actually works.

7. Secure Your Home WIFI

Make sure your home WIFI is protected with a WPA2 or WPA3 password — the default password on many routers is printed on the back of the device. Change the router's admin password from the default too (it's usually something like "admin/admin" which attackers know).

If you have visitors regularly, set up a separate guest network so they can get online without being on the same network as your main devices.

8. Check What's Signed Into Your Accounts

Most major accounts (Google, Apple, Microsoft, Facebook) let you see all the devices currently logged in. Have a look — you might find old phones, tablets, or unknown devices still have access. Remove anything you don't recognise or no longer use.

9. Be Careful What You Share Online

Attackers use information from social media to craft convincing phishing attempts and answer security questions. Avoid posting things like your full date of birth, home address, phone number, or answers to common security questions (mother's maiden name, pet names, schools attended). Review your social media privacy settings and limit who can see your posts.

10. Know What to Do If Something Goes Wrong

Act fast if you suspect you've been compromised:

  1. Change your passwords immediately, starting with email
  2. Enable 2FA if you haven't already
  3. Check your bank and card statements for unauthorised transactions
  4. Report fraud to Action Fraud (actionfraud.police.uk / 0300 123 2040)
  5. If it's a work device, tell your IT support team immediately

Need help securing your devices or network?

We help homes and businesses in Hyde and across Tameside get their security in order — from antivirus setup to business-grade solutions. Get in touch for a free chat.