10 Simple Steps to Protect Yourself Online in 2025
Cybercrime in the UK is rising year on year, and you don't need to be a large business to be a target — in fact, individuals and small businesses are often easier targets precisely because they assume they're too small to bother with. The good news is that the basics go a long way, and none of the steps below require any technical expertise.
1. Use Strong, Unique Passwords — and a Password Manager
Using the same password on multiple sites is one of the biggest risks most people carry. When one site is breached (and they are, regularly), attackers try those same credentials everywhere else — a technique called credential stuffing.
The solution: use a password manager like Bitwarden (free), 1Password or the one built into your browser. It generates and stores unique, complex passwords for every site so you don't have to remember them. You only need to remember one master password.
2. Turn On Two-Factor Authentication (2FA)
Even a strong password can be compromised. Two-factor authentication (2FA) adds a second step — usually a code sent to your phone or generated by an app — so even if someone has your password, they can't log in without your device.
Enable it on your email account first (it's the key to everything else), then your bank, Apple ID, Google account, and any other important services. Apps like Google Authenticator or Authy are more secure than SMS codes but either is vastly better than nothing.
3. Keep Your Devices Updated
Software updates aren't just new features — the majority contain security patches that fix vulnerabilities attackers are actively exploiting. Running an outdated version of Windows, macOS, or your phone's OS means you're exposed to known, documented weaknesses.
Enable automatic updates on all your devices. Yes, updates can be inconvenient, but a compromised device is far more inconvenient.
4. Be Sceptical of Emails and Texts
Phishing remains the number one delivery method for malware and account theft. Attackers impersonate banks, HMRC, Royal Mail, BT, Microsoft, and countless others with increasingly convincing fake emails and texts.
Red flags to watch for:
- Urgency — "Act now or your account will be suspended"
- Unexpected attachments or links
- Requests for passwords, card numbers, or personal details
- Email addresses that don't quite match the organisation (e.g. support@micros0ft.com)
- Generic greetings like "Dear Customer" rather than your name
- Check your phishing knowledge with this Online Phishing quiz
When in doubt, don't click the link — go directly to the organisation's website by typing the address yourself, or call them on a number you find independently.
5. Use Antivirus Software
Windows Defender (built into Windows 10/11) is a solid baseline and you should make sure it's switched on. For an additional layer, Malwarebytes (free version for manual scans) is a good complement that catches things Defender sometimes misses.
On Mac, the built-in security is strong but not infallible — Malwarebytes for Mac is also free and worth running occasionally.
6. Back Up Your Data
Ransomware — malware that encrypts your files and demands payment for the key — can wipe out years of photos, documents and business data. The only guaranteed protection is a backup that attackers can't reach.
Follow the 3-2-1 rule: 3 copies of your data, on 2 different types of storage, with 1 copy off-site (e.g. cloud). At minimum, set up automatic backups to OneDrive, Google Drive, or an external hard drive — ideally both.
7. Secure Your Home WIFI
Make sure your home WIFI is protected with a WPA2 or WPA3 password — the default password on many routers is printed on the back of the device. Change the router's admin password from the default too (it's usually something like "admin/admin" which attackers know).
If you have visitors regularly, set up a separate guest network so they can get online without being on the same network as your main devices.
8. Check What's Signed Into Your Accounts
Most major accounts (Google, Apple, Microsoft, Facebook) let you see all the devices currently logged in. Have a look — you might find old phones, tablets, or unknown devices still have access. Remove anything you don't recognise or no longer use.
9. Be Careful What You Share Online
Attackers use information from social media to craft convincing phishing attempts and answer security questions. Avoid posting things like your full date of birth, home address, phone number, or answers to common security questions (mother's maiden name, pet names, schools attended). Review your social media privacy settings and limit who can see your posts.
10. Know What to Do If Something Goes Wrong
Act fast if you suspect you've been compromised:
- Change your passwords immediately, starting with email
- Enable 2FA if you haven't already
- Check your bank and card statements for unauthorised transactions
- Report fraud to Action Fraud (actionfraud.police.uk / 0300 123 2040)
- If it's a work device, tell your IT support team immediately
Need help securing your devices or network?
We help homes and businesses in Hyde and across Tameside get their security in order — from antivirus setup to business-grade solutions. Get in touch for a free chat.