Ethical Cyber Academy

Protecting Everyone in the Digital Age

Back to Blog
5 Essential Cybersecurity Tips That Actually Work
Security Tips

5 Essential Cybersecurity Tips That Actually Work

2 October 2025Dan Rowling

After years in law enforcement and cybersecurity, I've seen what actually works and what's just security theatre. Here are five practical tips that don't require a computer science degree or a Fortune 500 budget.

1. Use a Password Manager (Yes, Really)

I know, I know. "I have a system." But let me guess - your system involves variations of the same password with a number at the end? That's what the bad guys are counting on.

A password manager like Bitwarden (free) or 1Password generates and remembers unique passwords for every site. You only need to remember one master password. That's it. Job done.

**Why it matters:** When one website gets hacked, your other accounts stay safe because you're not using the same password everywhere.

2. Enable Two-Factor Authentication (2FA)

Think of 2FA as a deadbolt on your door. Sure, a determined burglar might get through, but most will just move on to an easier target.

Use an authenticator app (Google Authenticator, Microsoft Authenticator, or Authy) rather than SMS codes when possible. SMS can be intercepted, but app-based 2FA is much more secure.

**Where to start:** Enable it on your email first. If someone gets your email, they can reset passwords for everything else.

3. Don't Click Links in Emails (Even From People You Know)

Here's the thing: scammers are getting really good at this. I've seen emails that look identical to legitimate messages from banks, delivery companies, even government departments.

**Simple rule:** If an email asks you to click a link and log in, don't. Instead: - Go directly to the website by typing it in yourself - Call the company using a number from their official website - Check your account by logging in the normal way

If it's urgent and legitimate, it'll still be there when you log in directly.

4. Keep Your Software Updated (Boring But Vital)

Those update notifications aren't just adding new emoji. They're fixing security holes that hackers are actively exploiting.

**Set it and forget it:** Enable automatic updates for: - Your operating system (Windows, macOS) - Your browser (Chrome, Firefox, Safari) - Your phone (iOS, Android) - Your apps

5. Be Suspicious of Urgency

This is the big one. Scammers rely on panic to make you act without thinking.

**Red flags:** - "Your account will be closed unless you act now!" - "Your package couldn't be delivered - click here immediately!" - "Unusual activity detected - verify your identity!" - "You've won something you didn't enter!"

Legitimate companies don't operate like this. If it feels rushed or threatening, it's probably dodgy.

The Reality Check

Perfect security doesn't exist. But these five things will protect you from 95% of the threats out there. The remaining 5% are nation-state hackers and organised crime rings - and if they're after you specifically, you've got bigger problems than I can solve in a blog post.

Start with one. Maybe set up a password manager this week. Then add 2FA next month. Small steps, big difference.

Need Help?

If any of this feels overwhelming, that's exactly why I offer 1-to-1 tech support. No judgment, no jargon - just practical help to get you sorted.

Stay safe out there, Dan