Cybersecurity at home: practical lessons from Jen’s webinar

This week, our neighbour Jen—who works with governments and other organisations to reduce cyber risk—shared a clear and practical guide to staying safe online. Her central point was reassuring: cybersecurity isn’t about being perfect or paranoid, it’s about building awareness, forming good habits and making small decisions that reduce your risk over time.

One of the first challenges she tackled is how confusing the language can be. Terms like phishing, passkeys and two-factor authentication are often used as shorthand, but they can alienate people who aren’t immersed in the topic. After deciphering the jargon, she encouraged us to focus on understanding what scammers are actually trying to do—manipulate behaviour.

Scams themselves come in many forms but they all share a common goal: to trick you into taking an action. That might be clicking a link, sharing personal information or sending money. Some scams rely heavily on emotional manipulation, such as romance scams where someone builds a fake relationship over time. Others are more direct, like phishing emails, text messages (smishing) or phone calls (vishing). There are also fake investment opportunities, impersonation scams where someone pretends to be a friend or family member and even fraudulent job offers designed to harvest personal data. Blackmail scams are used too, sometimes involving data from stolen records.

What makes these scams effective isn’t just technical sophistication, it’s psychology. Scammers are skilled at creating urgency and fear. You might be told your bank account is at risk, that your device has been hacked or that HMRC is investigating you. The aim is always the same: to push you into acting quickly before you’ve had time to think. They also exploit trust, impersonating organisations like the NHS, or using information gathered from social media to create highly targeted “spear-phishing” attacks.

Technology plays a supporting role in these tactics. Fake websites can be nearly indistinguishable from real ones and scammers often rely on people not checking URLs closely. Public Wi-Fi networks can be spoofed, meaning you might connect to something that looks legitimate but isn’t. Even QR codes—something many people trust without question—can be tampered with in public places, such as car parks. On online marketplaces, scams can appear alongside genuine listings, making it harder to rely on the platform itself as a guarantee of safety.

Because scams are becoming more convincing—especially with AI improving the quality of written messages—spotting them isn’t always straightforward. Poor spelling and grammar used to be a reliable warning sign but that’s no longer the case. And while we’ve been told to trust websites that start with https or show the padlock symbol, even that isn’t foolproof. Instead, it’s better to look at the overall context. Does the message feel urgent or threatening? Is it asking for sensitive information or money? Does the sender’s address or phone number look unusual? Even if a message appears to come from someone you trust, it’s worth pausing – links can be compromised and accounts can be hijacked.

That pause is crucial. Jen emphasised that a legitimate organisation will never rush you into immediate action without giving you time to verify. If something feels off, the safest approach is to ignore the link and search for the organisation independently. This simple habit—going directly to a website rather than clicking—can prevent a huge number of attacks.

Phone scams deserve particular attention because they are designed to keep you engaged and off balance. Callers may claim to be from your bank or a tech support team and will often try to control the conversation, even transferring you to a “senior colleague” to reinforce legitimacy. It’s important to remember that you are never obliged to stay on the phone. Hanging up isn’t rude—it’s a sensible security measure.

If something does go wrong, the most important thing is not to panic. In the UK, incidents can be reported via Action Fraud, which helps build intelligence and protect others. If money is involved, contacting your bank immediately can make a significant difference.

When it comes to protecting your accounts, Jen was very clear: passwords alone are no longer enough. Strong passwords still matter—ideally using three random words, as recommended by the National Cyber Security Centre—but they should be unique for every account and stored securely. And yes, that can mean writing them down on paper. Just don’t keep that paper next to your device!

The real game changer is two-step or two-factor verification, which adds a second layer of protection. The two elements are (1) something you know (e.g., a password, phrase or PIN) and (2) something you have (e.g., your face, fingerprint or a piece of information such as a code sent to your phone or email). Even if someone gets your password, they can’t access your account without that second factor.

The main example of this is passkeys, which are becoming a more secure and user-friendly alternative to passwords. Instead of typing a password, you authenticate using something like your fingerprint or facial recognition. Because passkeys are tied to your device and encrypted, they remove many of the weaknesses associated with traditional passwords. If you’re given the option to use one, it’s worth taking.

Another useful step is checking whether your data has already been exposed in a breach. Services like Have I Been Pwned allow you to see if your email address has been compromised. If it has, changing your password and enabling two-step verification should be a priority.

Security doesn’t stop at accounts—it extends to the devices in your home. Every internet-connected device, from laptops to smart TVs represents a potential entry point. Keeping software up-to-date is one of the simplest and most effective ways to stay protected as updates often fix known vulnerabilities. Backups are equally important; without them, recovering from an attack or failure can be devastating. If you don’t back up to the cloud, make sure you do so to an external drive on a regular basis. Even small details, like ensuring your home Wi-Fi has a strong, unique password (now a legal requirement in the UK when you’re supplied with a new router) or being mindful of cameras and microphones on devices contribute to a more secure environment.

Privacy is another area where small choices add up. Many websites collect data through cookies and share it with third parties, including data brokers. Taking a moment to reject optional cookies, adjusting privacy settings and being thoughtful about what you share online can significantly reduce your exposure. For those concerned about how their data is used in AI systems, many platforms now offer opt-out options.

Jen also touched on antivirus software and VPNs, noting that for most people using mainstream systems like Microsoft, Apple or Google built-in protections are already strong. Additional tools can be useful in specific situations—such as using a VPN on public Wi-Fi—but they’re not essential for everyday browsing and can sometimes conflict with existing security features.

Her final message was simple but powerful. Cybersecurity isn’t about eliminating risk entirely—that’s impossible. It’s about being aware, staying cautious and putting a few key protections in place. Scams are now the most common form of crime in the UK, but with the right habits, they are also one of the most preventable.

Top tips

1. Search for websites yourself—don’t click links

2. Be suspicious of anyone asking you for money or information

3. Don’t open unexpected attachments

4. Screen your phone calls and let them go to voicemail if you don’t know the number

5. To secure your accounts

   1. Don’t reuse passwords

   2. Use passkeys where possible

   3. Turn on two-step verification

6. Configure the security settings on your device

7. Keep devices updated and backed up

Above all, if something is legitimate it will give you time to think. And that moment of pause is often your best defence.

If you would like to see Jen’s slides from the webinar, download the file here (and, yes, you can trust this link!)

.