By Dr. Audrey Guinchard, Senior Lecturer, Essex Law School

In the vast and interconnected realm of the digital age, our lives have become intrinsically linked to the virtual world. From online banking to social media interactions, our personal and professional activities have found a new home in cyberspace. However, as we embrace the convenience and opportunities offered by the digital revolution, we must also acknowledge the shadows of cyber threats that pose a constant risk to our security.

We live in an era where sophisticated hackers and malicious actors continuously exploit vulnerabilities, seeking to breach our defences and gain unauthorized access to our sensitive information. We have all heard of viruses, ransomwares, phishing attacks, scams… but it’s not always easy to keep on top of best cybersecurity practices in our daily, busy, lives.

Who has never delayed updating their operating systems (OS) for a few days because of the sheer inconvenience of having to stop working and using the digital device for a solid 20 mins?

And what about these annoying passwords? Who never got frustrated when not remembering an obscure combination of letters, numbers and special characters in no logical order? Even the author who recommended this form of password management back in 2003 has regretted his initial advice!

And, how about the apparently preposterous advice of not re-using passwords when one has to remember about 70 to 100 passwords?

The consequences of a successful cyber-attack can be devastating, leading to financial losses, identity theft, and irreparable damage to our digital lives. So,  what is a good starting point for good cybersecurity practices? None is, on its own, fail-proof. It’s their combination that will often delay the attacker who, discouraged, will turn towards easier targets/victims. It’s also about minimising the impact our mistakes may have.

Start with an audit of your practices, so that you know where to begin. The easiest is to answer the questionnaire on the UK National Cybersecurity Centre (NCSC) website: its Cyber Action Plan. It is a truly 1 or 2 min questionnaire; the questions may seem basic but they cut at the heart of the top best practices we can put in place. And follow their detailed advice on what you need to do, advice based on your answers.

Pay particular attention to your passwords. The question to ask oneself is always: if somebody has access to this password, what can they retrieve and find out? Will the password give them access to my bank account? Or to a work account? Or to social media? Or to the three of them?

You can notably check here whether the password has been compromised: or whether the same has happened to your email address here.

You may want to consider a password manager but be aware: your password manager tends to store your data online, so your password data is not immune to hacking, as it happened to the leading company of LastPass in 2022, which won’t be the last.

So, the question is: do you really need this password to be stored online?

For example, if you only do your tax return from home, do you need to save online your password and ID number for HMRC? Because you know that whoever has your HMRC details may well be able to access lots of government services and impersonate you. And ID theft is no fun!

For iPhone users, disable access to the control centre when your phone is locked; otherwise, even with your screen locked, you are giving control of your phone. To do so, go to your Settings, then Face ID (or Touch ID) and passcode, then scroll down to ‘allow access when locked’ (under the voice dial feature) and disable ‘control centre’, ‘accessories’, ‘wallet’.

We all make mistakes; we are humans after all! But the cost of weak cybersecurity practices is ID theft and lost data, for ourselves and for those we correspond with. So, do not delay your NCSC security audit and follow it up! By adopting some proactive strategies, we can take decisive steps towards protecting ourselves and preserving the sanctity of our digital identities.