October is Cyber Security Awareness Month—what better time to strengthen your defences against online threats? In our increasingly digital world, protecting sensitive information is more important than ever. From the emails we send to the accounts we access, cyber criminals are constantly searching for opportunities to exploit vulnerabilities—and when even accessing an article online requires a newsletter sign-up, there’s certainly no shortage of them.
Here’s the thing: practical cyber security isn’t reserved for tech experts—it’s something everyone can learn. Whether you’re an individual looking to safeguard your personal data or a business striving to protect its assets, there are simple steps you can take right now to improve your digital defences.
Do Nothing, Lose Everything
These days, you can’t afford to sit back and let cyber security fall by the wayside. You might not think your personal data—like your age, your address, your bank account details—are all that appealing to criminals. Who wants to know about Simon the accountant from St Andrew’s anyway?
Actually, plenty of threat actors do, and even more want to sell Simon’s data to others. Cyber criminals don’t just collect data for personal use; they create entire networks to buy, sell, and trade sensitive information. The more data they have, the more valuable it becomes.
So, just how much could a cyber criminal make from stolen data?
- Credit card details: £110-£180, depending on the account’s balance
- Crypto accounts: £310-£610, depending on the currency
- Email accounts: £25-£60
- Scans of driver’s licences: £15-£75, depending on the country
- Rideshare accounts: £6
Without proper cyber security measures, your personal data could end up in the wrong hands, leading to identity theft, fraud, or worse.
How Do Cyber Criminals Steal My Data?
Just as you don’t need to be a tech wizard to stay safe online, cyber criminals don’t need advanced expertise to launch highly successful cyber attacks.
These attacks often start with simple methods, such as phishing emails, which trick you into revealing personal information or login credentials by posing as a legitimate entity—like your bank or a well-known company. Clicking on malicious links or downloading infected attachments can install malware on your device, giving attackers access to sensitive information.
Another common tactic is credential stuffing, where hackers use stolen usernames and passwords from one breach to try logging into other accounts (especially if you reuse the same password).
Social engineering is also frequently used, where attackers manipulate people into providing confidential information by impersonating trusted or authority figures (e.g., posing as your boss, a parent, or a service provider).
Other than dark web sales, cyber criminals can monetise your stolen data in various ways, including:
- Making purchases online using your credit card or PayPal accounts.
- Filing false tax returns in your name to claim refunds.
- Withdrawing money directly from your bank accounts.
- Requesting loans from your bank or even impersonating you to your friends and family to ask for money.
- Tricking your clients into redirecting payments by posing as you or your business, often sending fraudulent invoices with altered bank details.
- Spreading phishing attacks through your email or social media accounts, infecting your contacts with malware or gathering more personal information—essentially using you as a patient zero.
Cyber criminals exploit every chance, so it’s crucial to stay vigilant about protecting your data.
Simple Steps: A Solid Place to Start
Cyber security doesn’t have to be complicated to be effective. Here are a few key actions you can start with today:
- Strengthen Your Passwords
As many as 70% of people use the same password for multiple online accounts. If that password gets leaked in a data breach, every single one of those accounts, and all your sensitive information stored on them, could be accessed by threat actors.
A strong password should be:
- At least 12 characters long
- Unique to each of your accounts (genuinely unique—adding ‘1’ or ‘!’ to the end of an existing password isn’t going to cut it)
- Sufficiently complex
Do use a combination of uppercase and lowercase letters, numbers, and special characters to create passwords that’re difficult to guess.
Don’t use personal information, like your birthday, children’s, business’s or pet’s name, as part of your password—it’s too easy for hackers to find this information online.
- Ditch the Post-it Notes
No one expects you to remember all those passwords, but writing them down on sticky notes or scrap paper isn’t a safe solution.
Someone could spot your password on a misplaced note, and though the majority of your colleagues will be trustworthy, insider threats are always a cyber security risk. Plus, if you accidentally include a sticky note in a photo shared on social media, you could unintentionally reveal your credentials to the world.
Instead, use a password manager to store and organise your passwords securely. There are plenty of free and easy-to-use password management tools available that make it super simple to keep track of multiple complex passwords without you having to memorise them all.
- Turn On Multifactor Authentication (MFA)
You’ve probably noticed more websites and apps asking for an extra step when logging in, like a text message with a code or an app confirmation. This is multifactor authentication (MFA), and it’s one of the best—if, admittedly, a little annoying—defences against cyber attacks.
MFA provides an extra layer of security by requiring two or more ways to verify your identity before granting access to your account. If someone steals your credentials, there’s nothing to tell a site that it’s not you trying to use them to log in. But, if a login attempt comes from an unusual device or location, your account can demand a second way of verifying the user’s identity—and this, in a nutshell, is MFA.
You could be asked to verify your identity using:
- A pin
- A text message code
- An in-app notification
- A security question
- A physical token
This way, even if someone does know your password, they can’t use it to gain access to your accounts.
Switching on MFA is easy, and the extra authentication steps only take a few seconds. It’s a whole lot less of a headache than wrangling back control from hackers.
- Update Your Software
Be honest: how many times have you dismissed that “an update is available” notification on your device? It’s easy to put off software updates, but ignoring them can leave you vulnerable to cyber attacks.
Aside from the thought of how long installing updates is going to take—significantly less when you stay on top of them—the ‘if it ain’t broke, don’t fix it’ mindset could also be putting you off. While that might be a savvy approach to other areas of life, when it comes to technology, outdated means vulnerable.
Patches aren’t just created to improve the performance of software and applications; they’re also built to address new weaknesses that developers have discovered in previous versions—ideally before cyber criminals do.
Staying up-to-date is one of the simplest yet most effective ways to keep your devices secure. Set your devices to automatically update software whenever new patches are released, or schedule updates for times when you’re not actively using your computer or phone.
- Recognise and Report Phishing
Phishing scams are one of the most common methods cyber criminals use to gain sensitive information. A phishing email might look like it’s from a legitimate source, like your bank or a well-known company, but it contains malicious links or attachments designed to steal your personal data.
- Be cautious of any email that asks you to click a link or download an attachment, especially if it’s from an unfamiliar sender.
- Look for red flags like poor grammar, generic greetings, or email addresses that don’t match the company’s domain.
- When in doubt, don’t click—and report suspicious emails to your IT team or service provider.
Cyber Security Is Everyone’s Responsibility
Cyber security isn’t just for businesses or IT professionals—it’s something that affects all of us. Whether you’re protecting your personal information, your family’s data, or your company’s assets, taking simple steps like strengthening passwords, using MFA, and updating software can go a long way in keeping you safe online.
This Cyber Security Awareness Month, take the opportunity to step up your game. The threats might be growing—but so are the tools and strategies to fight them.
