These days, your phone, laptop, and online accounts are part of your daily life. But with that convenience comes risk. Many people feel “safe enough” online because they think hackers only target big companies or that their information isn’t worth stealing. This false sense of security is precisely what cybercriminals rely on.
Strong cybersecurity doesn’t start with buying expensive software; it begins with how you think. If you stay alert and question every unexpected email, link, or pop-up, you’ve already taken the first step to protecting yourself.
Common cybersecurity myths you should stop believing
Before you follow any cybersecurity checklist, it’s essential to clear up some common myths:
- “Hackers only go after big companies.”
Not true. Cybercriminals target anyone, from large corporations to small businesses and individuals. A recent example is the cyberattack that tried to cripple MTN Nigeria. In 2023 alone, social media scams caused over $1.4 billion in losses, according to the Federal Trade Commission. We also reported on how Flutterwave lost ₦11 billion in a security breach. - “My data isn’t valuable.”
Even your email and password can be worth a lot to hackers. If you reuse the same login across multiple sites, a breach on one account can give criminals access to everything, from your bank to your social media. The cost of data breaches in South Africa alone shows just how expensive these security failures can be. - “Apple devices can’t be hacked.”
While Apple products have strong security, they’re not bulletproof. Believing they are can make you careless about updates, strong passwords, and safe browsing habits. - “I’d know right away if I were hacked.”
Most cyberattacks are silent. Hackers often work in the background for weeks or months without you knowing, collecting as much data as possible. Slow devices or strange pop-ups can be signs, but often ignored. The cybercrime threat in South Africa is a reminder that constant vigilance is required.
3 steps to build a strong cybersecurity checklist
A strong cybersecurity plan works best when you layer tools and habits together. Think of it like locking your front door, closing the windows, and installing a security camera; you’re much harder to target when you have multiple layers of protection. These are three core steps experts agree should be part of your daily cybersecurity checklist.
1. Use a password manager for all your accounts
A password manager is one of the most essential tools you can have. It creates, stores, and remembers long, unique passwords for every account you own. This means you no longer have to remember dozens of different logins or, worse, use the same password everywhere.
Using the same password on multiple sites is risky. If one account gets hacked, every other account with the same password is at risk. A password manager fixes this by generating strong passwords that hackers can’t guess.
Most password managers are easy to use, with browser extensions or mobile apps that automatically fill in your login details on trusted sites. This keeps your accounts safer while also making your online life simpler.
2. Turn on multi-factor authentication (MFA)
Even with strong passwords, you should always add a second layer of protection. Multi-factor authentication (MFA) means you need more than just a password to log in, like a code from your phone, a fingerprint, or a security key.
This extra step makes a stolen password useless. If a hacker somehow gets your password, they still can’t get in without your second verification method.
Avoid using text messages (SMS) as your only form of MFA. Criminals can use SIM swapping to take over your phone number. Instead, use an authentication app like Google Authenticator, Authy, or a physical security key for better protection.
3. Start using passkeys
Passwords have been around for decades, but passkeys are the next step in account security. A passkey lets you log in with your device’s built-in security, like your fingerprint, face scan, or phone PIN, without typing a password at all.
Passkeys are harder to steal because they are linked directly to the website or app you’re logging into. They also protect you from phishing scams since they won’t work on fake login pages.
Many big platforms now offer passkeys, and they can sync securely between your devices, making them both safe and convenient.
How to take care of your devices and data
Online safety isn’t just about spotting scams; it’s also about how you manage your devices and protect your information every day. Good habits here can differentiate between staying safe and losing important data.
1. Keep your devices updated
One of the simplest yet most effective ways to protect yourself is to keep your devices and apps updated. Updates don’t just add new features; they fix security flaws that hackers can exploit. Skipping even one important update can leave you exposed.
Turn on automatic updates whenever possible. This is often enabled by default on Windows, but it’s worth checking in your settings. On phones, make sure your apps update automatically from official sources like the Google Play Store or Apple App Store.
Avoid downloading pirated or “cracked” software; these are common ways for malware to spread. Stick to trusted sources only.
2. Control app permissions and protect your privacy
Many apps ask for access to your location, contacts, camera, or microphone, but not all truly need it. This data can be collected, shared, or sold, risking your privacy.
The safest approach is to give apps the least access possible. Regularly check which apps you have installed, remove ones you no longer use, and review permissions for the ones you keep.
For example, you can set your phone only to share your location while an app is in use, instead of all the time. These small changes can significantly reduce the amount of your data exposed.
3. Back up your data
If your device is stolen, hacked, or stops working, the only way to be sure you don’t lose everything is to have a recent backup. This is especially important in ransomware attacks, where criminals lock your files until you pay.
Back up your important files, photos, documents, and anything you can’t afford to lose to an external hard drive or a secure cloud service. Keep at least one backup offline so it’s safe from online threats.
Many online threats today don’t rely on complicated hacking tools; they rely on tricking you. These tactics, known as social engineering scams, are designed to make you hand over your information without realising it. They show up in phishing emails, fake job offers, and suspicious direct messages on social media. To stay safe, you need to spot these scams and understand how they work on each platform you use.
How to spot phishing and social media scams
Phishing is one of the most common online scams. It happens when someone pretends to be a trusted person or company to get your passwords, bank details, or other private information. Learning the warning signs is your best defence.
1. Phishing red flags: A quick checklist
Phishing red flags | What to look for |
Sender details | Is the email from a public domain like @gmail.com but claiming to be from a company? Is the domain slightly misspelt (e.g., ‘amaz0n.com’ instead of ‘amazon.com’)? |
Content & Tone | Does the message create a sense of urgency or fear, with phrases like “act now” or “your account will be closed”? Are there spelling or grammatical errors? |
Links & Attachments | Does the email contain unexpected attachments? Does the link URL (visible by hovering over it) differ from the anchor text, or is it a vague call-to-action like “Click here”? |
Requests for Information | Does the message ask for personal information, passwords, or financial details? Legitimate companies will never request this via email. |
2. Common social media scam tactics
On different platforms, scammers adjust their tricks to fit the environment:
- Twitter/X – You might get a direct message from an account that looks official, telling you to “verify” your account or click a link to claim a prize. Some scams also hide malicious links behind trending topics or fake giveaways.
- LinkedIn – Scammers target professionals with fake job offers or urgent messages that lead to phishing sites or malware downloads. Some create phony company pages to lure you in.
- Facebook – Attackers often use fake URLs, like faceb0ok.com instead of facebook.com, or hide dangerous links behind shortened URLs. These can lead to phishing pages or install malware on your device.
No matter the platform, the safest approach is to stop and think before clicking anything. If a message, link, or request feels rushed, urgent, or suspicious, treat it as a possible scam.
How to use public Wi-Fi safely
Public Wi-Fi can be useful, but it also comes with risks. Some experts say that HTTPS encryption makes it harder for hackers to spy on your activity. This is true to an extent; HTTPS scrambles the data you send and receive, making it difficult for attackers to intercept.
But the risks aren’t gone. Hackers can still set up fake Wi-Fi networks that look legitimate (called evil twin hotspots) or use man-in-the-middle attacks to watch your activity. They might even trick you with a fake encrypted site to steal your login details.
Best practice:
- Avoid logging into banking or financial accounts on public Wi-Fi.
- If you must use it, connect through a VPN (Virtual Private Network) to encrypt all your data and hide your online activity.
Staying alert on social media and cautious on public networks will protect you from many of the most common online attacks.
Your daily cybersecurity checklist
Your daily cybersecurity habits | Actionable step |
Use a Password Manager | Generate and store unique, strong passwords for every single account to eliminate password reuse and protect against data breaches. |
Enable Multi-Factor Authentication (MFA) | Activate MFA on all critical accounts, opting for authenticator apps over SMS-based methods whenever possible for a stronger second layer of security. |
Update Your Devices and Apps | Ensure that automatic updates are enabled for your operating systems and all applications to patch vulnerabilities as soon as they are discovered. |
Be Sceptical of Unsolicited Contact | Pause and critically analyse any unexpected email, message, or phone call, especially if it creates a sense of urgency or asks for personal information. |
Manage App Permissions | Regularly audit the apps on your phone and deny any that are requesting access to data or functions they do not need to perform their primary task. |
Avoid Sensitive Transactions on Public Wi-Fi | Refrain from logging into banking or other sensitive accounts on a public network. If necessary, use a VPN to encrypt your connection. |
Back Up Your Important Files | Implement a regular backup schedule to protect your data from ransomware, theft, or hardware failure. |
Final thoughts: You are the first line of defence
Most cyber threats today don’t rely only on complex code; they use social engineering to trick you into giving away information or clicking harmful links. This means you are both the first and last line of defence for your devices.
The best tool you have is critical thinking. Any time you get a link, file, or request that you weren’t expecting, stop and ask yourself: “Why am I getting this?” That slight pause can save you from a costly mistake.
Studies show that human error, such as clicking on suspicious links or ignoring updates, is the top cause of security breaches. Technology can help, but nothing replaces your caution and awareness.