Using face scans and fingerprints is safer than relying on passcodes alone. Features like Face ID or fingerprint scans add an extra layer of security, with built-in protections to secure this sensitive data.

Multi-factor authentication (MFA) is another powerful defense. Whenever possible, enable MFA to make it harder for cybercriminals to access your accounts.

If you can’t use authenticator apps or hardware keys, even a phone number is a good alternative. And if you enable MFA for just one account, make it your e-mail – that’s often the primary target for attackers.

Be mindful of what you share publicly. Small pieces of information, like answers to those fun Facebook surveys about your first car or the city you were born in, can become clues for cybercriminals. They can use such details to impersonate you or access your accounts, so think twice before posting.

You don’t always need every app. Many services work just as well through a website, which avoids unnecessary data collection. Apps often gather more information than websites, such as your location or contacts, so it’s worth considering whether an app is essential. If you do download an app, think about deleting it when you’re done; you can always reinstall it later.

Be careful about where you get your apps, too. Apps from unofficial sources can be risky, as they might lack security protections that app stores like Google Play, Apple’s App Store and Samsung’s Galaxy Store provide. Stick to official sources, or if an app isn’t available there, download it from the developer’s official website or use the web version.

Phishing is real

Stay cautious with unexpected e-mails or messages, as phishing is still one of the most common tactics used by cybercriminals. Ignore unsolicited messages, especially if they have attachments or links. If a message seems important, contact the sender directly to confirm its legitimacy.

It’s also worth questioning any urgent messages or calls. Scammers often create a sense of urgency to prompt quick, unthinking action. If someone pressures you to act quickly, claiming they’re from a trusted source like your bank, the South African Revenue Service or police, take a pause. Use a trusted contact method, like the phone number on your bank card, to verify.

Having strong passwords is essential, too. Each account should have a unique password that’s at least 12 characters long, with a mix of numbers, uppercase and lowercase letters, and special characters. Avoid personal details in your passwords and try using phrases instead of single words. If keeping track of all these is difficult, a password manager can help.

Don’t overlook updates either. Keep all apps and devices updated and make sure to have security software on every device, including phones and even Macs. Eventually, though, some devices and software become too old to be supported. Systems like routers or older software eventually lose access to security patches, which makes them targets for attackers. When this happens, it’s time to replace them.

Finally, make it a habit to back up your data. While ransomware often targets businesses, individuals can also be affected. With a backup, even if you’re targeted, you won’t feel pressured to pay a ransom to recover your information.

Cybersecurity concerns that are overhyped

Part of staying secure is knowing which risks are real and which are overblown. Here are some common fears that might not deserve the worry.

Public Wi-Fi, for instance, is generally safer than it used to be. Thanks to encryption used by most sites and apps, using Wi-Fi at coffee shops or airports is usually fine, though it’s wise to avoid highly sensitive activities.

Also, beware of unnecessary fear around new tech features. Not every innovation is as risky as it sounds. Apple’s NameDrop, for example, is typically safe and requires specific conditions to work. If you’re still concerned, you can always turn it off.

And don’t worry about using public chargers. The risk of “juice jacking” (data theft through public chargers) is extremely low. Public phone chargers are generally safe, so it’s better to focus on other, more common security threats instead.

By focusing on these practical tips, you can protect yourself without falling into unnecessary worry over exaggerated threats.

About Sophos
Sophos defends organisations from inevitable cyberattacks with innovative, adaptive defences and deep expertise. Continuously innovating to stay ahead of cyber threats, Sophos integrates endpoint, firewall, MDR and more through the Sophos Central management console, as Sophos X-Ops expansive threat intelligence optimises the entire cybersecurity ecosystem.