Personal Safety

Protecting Yourself Online: What I Teach My Family and Friends (and What You Should Too)

· 4 min read

Let’s be clear. At home, you don’t have an IT team managing your network, filtering your inbox, or securing your devices. That makes you the target and the only line of defense.

Cybercriminals don’t care if you’re running a Fortune 500 company or checking your email at a coffee shop. You’re just an IP address until you click. Then you become a victim.

Here’s what I teach my own family about protecting themselves online, and what every individual and small business should be doing by default.

1. Passwords Are Still Your First and Worst Line of Defense

If you’re reusing passwords or storing them in your browser, you’re giving attackers a head start.

  • Use a password manager (not your browser)
  • Enable multi-factor authentication wherever possible
  • Use long, unique passphrases (minimum 15 characters)
  • Never reuse passwords across sites, especially for email or financial accounts
  • Change your passwords regularly for sensitive systems

Browser-based password storage (Chrome, Safari, Firefox) can be easily compromised. If someone gets your laptop, they get everything.

2. Phishing Emails Are Designed to Trick You and They Work

Phishing is still the number one vector for identity theft, ransomware, and account takeover.

  • Never click a link or open an attachment unless you fully trust the sender
  • Don’t call phone numbers listed in suspicious emails; call known numbers from the provider’s website
  • Don’t reply to marketing spam or click “unsubscribe” unless it’s from a source you recognize
  • Don’t assume QR codes are safe. Confirm the full URL before visiting any linked site

If an email, text message, or notification pressures you to act quickly, stop. That urgency is the tactic, not the warning.

3. Social Media Is Not Your Friend

Every post, photo, check-in, and comment adds to your public profile. Most of it can be used against you.

  • Disable location tagging on your phone and apps
  • Never post vacation photos in real time. Wait until you’re home
  • Review your privacy settings often and limit visibility to family or friends
  • Don’t overshare about your kids, home, employer, or schedule

Metadata in images, social check-ins, and even usernames can be mapped to build a profile useful to attackers, recruiters, or competitors.

4. Treat Your Home Network Like a Business Asset

The default router from your ISP is not secure. Period.

  • Replace your ISP-issued router with one you control
  • Use WPA3 encryption if supported
  • Disable WPS (Wi-Fi Protected Setup)
  • Change default admin credentials and review logs
  • Set up a separate guest network for visitors and IoT devices
  • Don’t use wireless printers. Connect via Ethernet and disable Wi-Fi

If you don’t manage your own router, you don’t control your own perimeter.

5. Backups Are the Only Reliable Ransomware Insurance

Eventually, something will fail: a drive, a patch, or your judgment.

  • Back up important data daily or weekly
  • Use both local and offsite or cloud storage
  • Physically disconnect backup drives after use
  • Test recovery regularly
  • Keep backup copies offline and encrypted

If your backup is online during an attack, ransomware will encrypt it too.

6. Your ISP Sees Everything Unless You Use a VPN

Incognito mode doesn’t hide your traffic. Your provider can log it all.

  • Use a reputable VPN, especially on public Wi-Fi
  • Don’t rely on “private” browsing to protect anything important
  • Assume all traffic is being monitored unless encrypted

Free hotel Wi-Fi, airport hotspots, and public kiosks are playgrounds for network sniffing tools. Don’t log into anything sensitive in those environments.

7. Your Devices Shouldn’t Be an Open Door

Phones, tablets, printers, and even smart TVs can expose you.

  • Keep firmware updated
  • Remove unnecessary apps and services
  • Disable Bluetooth and Wi-Fi when not in use
  • Don’t plug unknown USBs into your machine
  • Avoid using hotel or library kiosks for anything beyond basic browsing

If you wouldn’t leave your front door unlocked, don’t leave your devices unpatched.

8. Lock Down Credit Before It Becomes a Problem

Assume your identity has already been stolen. Now limit what can be done with it.

  • Freeze your credit with Equifax, Experian, and TransUnion
  • Sign up for transaction alerts on all accounts
  • Monitor your statements and report suspicious activity immediately
  • File a police report if fraud occurs
  • Submit an identity theft affidavit with the FTC

Third-party monitoring services are optional, but you can do most of it yourself.

Final Thoughts

Cybersecurity at home isn’t about buying the latest tools or reading breach headlines. It’s about establishing habits and applying structure to your digital life.

  • Don’t click mindlessly
  • Don’t post carelessly
  • Don’t trust convenience over security

Online threats are real, persistent, and evolving. But so are the defenses, if you’re willing to take them seriously.

← Back to all articles