digital security

Personal Cybersecurity: How to Protect Your Information Online in 2024

sam chapman headshot
Last update: April 7, 2023

Practice common sense, never click suspicious links and lock all your devices with strong passwords and two-factor authentication. A VPN can also save your life: I recommend ExpressVPN, which you can try for free with a 30-day money-back guarantee.

I like to think of personal cybersecurity as something a little like the video game Minecraft.

If you’ve had a child or been a child in the last 10 years, there’s a good chance you’ve encountered Minecraft. The player wakes up alone in a vast wilderness and must gather materials to build an impenetrable fortress.

Minecraft is a digitization of the idea every child has when they’re left alone to play outside: let’s build a fort! Tree forts, blanket forts, snow forts, Fortnite — they all come from the same instinct.

But what does this have to do with personal cybersecurity?

  1. Best for personal cybersecurity
    Overall Rating 9.5 / 10
    Get 49% Off ExpressVPN
  2. Overall Rating 9.2 / 10
    Visit NordVPN
  3. Overall Rating 8.9 / 10
    Visit Surfshark

Keeping your personal data safe on the internet is often framed as a matter of dire need. If you don’t do everything exactly right, the hackers will get you. Although it’s true that leaving yourself unprotected is a huge risk, we think personal cybersecurity should be fun as well. You’re not hiding in the dark from monsters — you’re building yourself an internet fort.

Ready to create a cyber-castle that will stand the test of time? Read on.

What Is Personal Cybersecurity?

Personal cybersecurity means taking responsibility for the safety of yourself, your loved ones and your property when using the internet.

Going online is kind of like going abroad. When traveling, you’re more vulnerable than you are at home. In your home country, you’re aware of the local customs and you know where to look for danger. In distant lands, where you’re obviously a foreigner, you’re a more likely target for scammers and pickpockets.

You can’t rely on the police, since they only show up after the crime. They can only do so much to get your wallet back, so you take your own precautions. You wear your backpack on the front, you don’t flash wads of cash, you don’t accept services from suspicious people.

Personal cybersecurity is exactly the same, but online. It’s the sum total of actions you take to protect yourself — the walls of the online fort you build around yourself.

Why Is Cybersecurity Important?

Why is it important? Because your personal data is extremely valuable.

Hackers want it so they can sell it to advertisers, or force you to buy it back from them.  Advertisers want it so they can use it to sell things to you. Some governments want to use it to violate your rights to privacy and free speech.

It’s not that everyone is a target every minute they’re online; it’s that everyone can be a target. A hacker doesn’t care that you don’t think your identity is worth stealing — they’ll loot first and ask questions later. I have a complete guide on how you can protect your identity from hackers.

But as you’ll see in the next section, the precautions you can take against them are incredibly easy.

On one side of the scale, you’ve got a few minutes of work. On the other, you’ve got the potential destruction of your finances and shameful ruining of your private life. The trade-off is clear: pay attention to personal cybersecurity.

13 Ways to Protect Your Personal Information Online

1. Remember you’re a target

Some of you probably read what we wrote above — the thing about how everyone can be a target — and assumed that “everyone” didn’t include you. This first tip is for you.

Here are a few things that do not deter information pirates in any way:

Here are a few things that do deter information pirates:

Nobody wakes up in the morning expecting to be the victim of a ransomware attack. Not even people who really should, like members of the U.S. government. That’s the environment hackers thrive in.

The best thing you can do for your personal cybersecurity is to accept that nobody’s coming to your rescue: not your parents, not your kids, not the ghost of Steve Jobs.

2. Let’s (not) go phishing

Hacking seems like complicated technical wizardry, and some of it is. But the most common online scams are just good old-fashioned grifting with a 21st-century coat of paint.

Take phishing. In a phishing scam, the con artist gets the victim to give up sensitive information by pretending to be somebody trustworthy, using the anonymity of the internet as cover.

Scammers send emails or private messages posing as a relative, friend or service professional. These messages will either ask you to share your information for a seemingly innocuous reason, or will convince you to click on a link (see #5) that will install a pernicious program on your computer.

To keep yourself safe from phishing attacks, cultivate skepticism. If your best friend sends you a Facebook message with a link in it, call them and ask if they actually sent the message. If you get an email from your bank asking for your account number, Google the text of the email: it’s likely to be a known scam others have reported.

It’s easy to spot scams once you start looking. If anything sets off alarm bells — weird phrasing, spelling mistakes — throw that email right in the spam folder.

3. Update your software and whack those moles

The companies that build reputable software have whole teams whose only job is to constantly stay ahead of security threats. When they discover a hole in their security, they release an update to fix it. It’s a never-ending game of Whac-A-Mole, and software updates are your rubber mallet.

You might think that software like Microsoft Word isn’t vulnerable because it doesn’t go online. But everything is connected to the internet these days. When all else fails, remember tip #1: you aren’t safe just because you think you’re safe.

4. Make your passwords more than passable

To paraphrase the prescient comedy film Spaceballs: “12345? That’s the kind of password an idiot would have on his luggage!”

Another way hackers can penetrate your systems without knowing a line of code is to guess your passwords. They use programs to rapidly try the most common passwords — “password,” “qwerty,” “abc123,” etc. If they guess one correctly, they’ll try it on all your other accounts, so woe betide you if you use the same password for everything.

The worst thing they can do is guess your email password. If they have that, they can use it to reset all your other passwords, locking you out of your entire online life.

But who can remember 50 different passwords that all have to have a capital letter, a number and a special character?

The good news is, you don’t have to. Password manager apps let you store all your passwords in an impenetrable encrypted vault. Then all you have to remember is the password to get into the vault. They can even fill the passwords in for you. Read my password security guide to find more tips.

5. Think twice about links

Some links are fine. They hold chains together. They’re delicious for breakfast. They rescue Princess Zelda. Some even take you to fun places on the internet.

Others provide a doorway for malware to sneak onto your computer (read my ransomware statistics to learn more). Malware is like a data parasite, snagging your passwords and personal data while you browse unaware.

Hackers know they’ll never get you to download a malware app on purpose, so they’ll trick you into clicking a seemingly innocuous link — usually via a phishing scam (see #2). If you aren’t on a secure site (where a padlock appears in the URL bar), don’t click on any link, ever. Be even more on guard with emails, since automated spam filters can’t catch everything.

6. Imagine your sensitive data is a delicious sandwich

Pop quiz: what would be the worst thing a hacker could find out about you? Your bank account number? Your social security number? Your credit card number?

Once you have an answer, close your eyes and imagine that piece of information is your favorite kind of sandwich. Now answer one more question: would you leave that sandwich unattended in public?

Your online precautions should increase in proportion with the sensitivity of the data you’re dealing with. Never put any of your most sensitive data in a place where it will be saved unencrypted: in an email, on social media, in a Google search or anywhere on public WiFi (see #12).

7. Lock your mobile device

Lots of neighborhoods like to boast that you don’t have to lock your door. It’s nice, right up until someone gets robbed.

In the same way, nobody likes to unlock and relock their phone every time they use it. But if your phone ever gets stolen, you’re going to wish it was locked and that you weren’t offering up an information smorgasbord to the pickpocket.

8. Vaccinate your computer with antivirus software

We’ve been ignoring the news all year to avoid Bridgerton spoilers, so we’re not sure why everyone is so obsessed with vaccines lately. But it seems like a good time to reiterate the importance of antivirus software.

Installing an antivirus on your computer protects you with an app that knows all the tricks. A good antivirus has a list of millions of potential exploits. Whenever it detects malware sneaking in, it intercepts the attack and warns you.

Lest you think antivirus software is just fighting the last war, modern programs have incorporated artificial intelligence, anticipating new attacks before they happen.

9. Back up your data so often that people start to think it’s weird

There are some things it’s almost impossible to do too many times. Drinking a glass of water. Stretching. Throwing a ball for your dog. Backing up your personal data.

The hot new trend in hacking is ransomware. Hackers steal your files and make you pay to get your own stuff back. But if you’ve got recent copies of the files, you can thumb your nose at them. It’s like you got your car stolen, but you had a second, identical car hidden under a tarp.

Choose software that will back your hard drive up regularly, saving the data in the cloud. You won’t even have to think about it.

10. Learn the two-factor authentication waltz

Two-factor authentication is a fancy word for a simple idea: when logging into any account, you have to go a bit further to prove that you’re you.

This most often takes the form of a verification code sent to your mobile device, which you have to enter to finish logging in. It’s relatively easy for a hacker to get a hold of your username and password; it’s way harder for them to also steal your phone in the process.

You can enable two-factor authentication on most websites and apps by going to the security settings for your account.

11. Be antisocial on social media

By now, most of us know not to make our Facebook posts publicly searchable. Some people have graduated to the “friends of friends” setting, but think about that for a moment: if you have 500 friends and they each have 500 friends, that’s as many as 250,000 people, only a small fraction of whom you can trust.

Then there’s Twitter, where everything is public, even to people who don’t follow you. Instagram is an open wound unless your account is completely private. Reddit offers only a thin veneer of anonymity. Etcetera.

Social media is like hacker Christmas. Believing they’re among friends, people are far less guarded with their information. The only way to stay safe is to forgo using social media for its intended purpose of connecting with like-minded strangers.

Read my social media scams guide to learn the risks social media poses to your personal information.

12. Public WiFi is the devil

You are Eve in the Garden of Online, being tempted to eat the fruit of the Tree of Convenience.

Most public WiFi networks don’t encrypt the data that passes through them — even if they’re password-protected. A hacker can sit in the corner of the coffee shop, running a passive program to look through all the data being transmitted. If they see something that looks like a bank account login, it’s game over.

Your best bet is to do nothing on public WiFi that requires a login. You can run Google searches, read things, stream music or videos, but anything more sensitive is out.

13. Beware of apps bearing gifts

A “trojan” is a cool internet thing that got its name from this funny, ancient Greek story where thousands of people died. Listening now? Good.

In online security, a “trojan” is anything evil that sneaks onto your system by riding on something that looks safe. Phishing attacks could be considered trojans, but another common form is the seemingly convenient app.

Every time you download something onto your system, you’re opening yourself up to malware. Apps with thousands of reviews are probably fine, though keep an eye on the news just in case. Apps with only a few reviews, none of which are in English? Run the other way.

Even perfectly legitimate apps can hide shady clauses deep in the fine print, letting them steal your personal data and sell it to advertisers. If you take the time to read user agreements, you’ll protect yourself from both hackers and “legitimate” interlopers.


A lot of these articles end with “but don’t be scared all the time!” Since we just spent thousands of words listing things to be scared of, we get how this could ring a bit hollow. But we keep saying it because it’s true.

In fact, taking charge of your personal cybersecurity means you don’t have to be scared. You’re no longer a passive victim. Childhood forts aren’t just about keeping out the outside world —  they’re also about how awesome it is to have a space where you can feel safe.

So enjoy your newly safe internet experience — and if you have a favorite tip we missed, sound off in the comments!

Leave a Reply

Your email address will not be published. Required fields are marked *