Text Size

Current Size: 100%

Protect yourself - online checklist

Share by emailShare by email

Steps to protect your information online

By taking a few simple steps to educate yourself about the dangers of Cybercrime and how you can protect yourself, you are making it much more difficult for the criminals to take advantage.

Think you’ve been hacked? Recovering a hacked account

Please report all cybercrime incidents directly through the Action Fraud website or by calling 0300 123 2040. For live cyber-attacks call 101. 

Action fraud also has 24 hour reporting for businesses and organisations suffering a live cyber-attack by 0300 123 2040. 


  • Keep passwords secure by using three random words, mixed in with numbers and symbols, for example: ‘3Redhouse!pug27’ 
  • Visit: https://howsecureismypassword.net/ to test the strength of your password
  • Don’t use information that may be in the public domain or easily worked out from social media or ancestry sites, such as your mother’s maiden name or your place of birth.
  • Need help to remember passwords? Use a Password Manager to securely store passwords. These can be found on your devices app stores. Don’t share your password with anyone else. 
  • Don’t use the same password on multiple accounts 
  • Change any default passwords as quickly as possible.

Security Questions:

Use strong security questions to protect the forgotten password facilities to your accounts 

STOP - Using facts about you & completing social engineering questionnaires. Never duplicate an answer to a security question. Although you may be asked to provide the answers to nearly identical questions across multiple accounts, don't use the same answers or variations on one answer. 

START - Make every answer completely unique, and not guessable, instead make them up using random words. Why not use a password manager to help you remember answers by adding a secure note?

While certain things will have to stay, taking your hometown off of social media isn't going to affect your quality of experience on that social network. If you know you might still have generic security question answers floating around, consider taking that type of information down—nobody who knows you will miss this information.

Two-Factor Authentication (2FA): 

This is an extra layer of security for your online accounts as it makes you verify your identity when logging in. An example of this would be after you have entered your username and password it will send a verification code via text. The account you are logging into will then make you enter the code before giving you access to the account. This stops an unauthorised person being able to hack into your accounts.


Social media:

  • Think about what personal information is stored within your account & what data you’ve historically shared that could compromise you, e.g. if you have liked a particular bank on social media, that could be an indicator of who you personally bank with
  • Strong privacy settings are crucial to your online security. Choose settings like ‘friends only’ or ‘only me’ when choosing your security settings
  • Don’t let the world know your location, be careful when checking in or hash tagging a post (this also makes the post public). This can allow a criminal to work out patterns of behaviours, which could compromise your home and online security
  • Change your settings to ‘hide’ your friends list to protect their security too as this will avoid duplicate friend profiles adding you as a friend as a way to bypass your privacy options set. 
  • Approve who follows you and what you get tagged in, this simply puts you in full control of what happens on your account. 
  • Check that your email address and mobile number cannot be used to find your social media accounts in a search engine.
  • Remove unused connected devices that aren’t required – do this before you set up 2FA
  • If someone is trying to contact you via social media and you do not want them to see your account, there is always the option to block them.
  • Use a different password for each social media account 


All devices should have anti-virus installed, regardless of the manufacturer. Ensure it’s installed, updated regularly & running on all devices you use.  You don’t necessarily have to pay for anti-virus; just check the customer reviews and level of protection before installing.

Websites and how to shop securely:

  • Seeing a padlock in the address bar is a good thing, but it's not a guarantee that the shop itself is legitimate. 
  • Don’t exit applications, instead log-out, otherwise you will likely remain logged in
  • You shouldn't need to give out your mother’s maiden name, or the name of your primary school, in order to buy something, this is an indicator that something maybe wrong. 


  • Ensure all software is regularly updated on your device including operating systems (e.g. iOS) and apps. Updates include security patches to fix virus vulnerabilities. If you can, select ‘Auto Update’ ensuring device protection. 
  • Back up any important data, as this will stop any loss of files if your device breaks gets lost/stolen or is infected by malware. This can be a physical backup (USB etc.) or on the cloud. 
  • Before disposing of any device, ensure you have performed a factory reset to wipe all of your personal information. 
  • Turn off location services where appropriate, or change your settings to ‘only whilst using the app’. Turn off screen notifications and services such as Siri when your phone is locked.

Android: https://support.google.com/accounts/answer/3467281?hl=ens

Apple: https://support.apple.com/en-gb/HT207092

Check your digital footprint:

Check to see what the internet knows about you: Google your name and city. Consider data that is contained within the internet & request removal where required. Other good places to check: UK Phonebook, Online Electoral Open Register, 192.com, Companies House, Telephone Preference Service, Council Planning & property websites.

Credit Reference Agency (CRA): A credit score is a tool used by lenders to help determine whether you qualify for credit. You can monitor your credit file activity or report any fraud to a CRA. You can also request a password, on your credit file. We would advise to this with all credit reference agencies & keep this password separate to others. Different lenders use different CRA’s for credit applications. This will help prevent credit being taken out in your name; this isn’t a 100% guarantee but a good free facility for additional protection. Delete email’s sent/received requesting this.


Be careful with any unexpected emails or text messages, even if the sender is known & reflects on a previousmessage chain. Phishing messages are intended to look like they are from a legitimate source to trick the reader into parting with sensitive data or the message could contain ‘malware’. 

Never respond directly to messages asking for your personal or financial details. Don’t click on the links or attachments; contact the apparent sender directly via a trusted source. For example, if the message is from your bank, contact them using the phone number on the back of
your card.
If phishing emails are becoming a major issue, you should consider creating a new email account. 

Social media Phishing is also a favourite method used by criminals to deceive their victims, as it makes their work very simple by obtaining answers to your security questions for the forgotten password link to your online accounts. It can be also used to get you to click on those bad links which requests confidential details or causes your computer or mobile device to be infected with malware.

Smart devices: 


Don’t assume public Wi-Fi hotspots in places like cafes or hotels are secure - never use them to do anything confidential like using your email or making a payment, as criminals can intercept these transactions, steal your information, access files on your computer and infect your device with malware. Where possible, use your mobile network internet, which will have built in security. 

You can turn off settings on your device which allow your device to connect to public Wi-Fi networks without your permission.  

A VPN (virtual private network) will protect your information when connected to free Wi-Fi networks, without you running the risk of anyone being able to record any activity you do.

Please follow us for our tip of the week and scam updates:

For further online support, visit the National Cyber Security Centre (NCSC)