Cybersecurity and you: 3 must-know rules for keeping yourself safe online

A mobile phone and laptop showing the same “VPN” logoYou probably already know that the safest online passwords contain a mixture of characters: numbers, upper- and lowercase letters, and symbols. But did you know that a six-character password composed in this way can be hacked instantly?

Even a password nine characters long would take today’s scammers just 48 hours to crack.

Opt for a 12-character password, though, and your average hacker would need more than 200 years to get at your prized data.

Beefing up your password security is just one way to stay safe online.

To avoid falling victim to a scam or hack, you’ll need to consider some other important factors too. Here are just three of them.

1. Choose a secure password and keep it safe

According to Cybernews, the five most popular passwords for Brits in 2023 are:

  • 123456
  • 123456789
  • qwerty
  • password
  • 12345

The latest data from Hive Systems confirms that all of these passwords can be hacked instantly. If you are using any of these passwords, change them now. Hackers are only getting better at hacking and new software – and the rise of AI – is helping them too.

Choose a password that combines upper- and lowercase letters, numbers, and special characters and make it as long as possible. Hive Systems’ research found that an 18-character-long password would take 26 trillion years to hack!

Once you have your password, keep it safe. That means not writing it down unless you absolutely have to and not sharing it with anyone. Also, try to avoid using the same password for multiple sites. If a hacker gets into one of your accounts, they’ll likely try the same password elsewhere.

You might consider using an online password manager like KeePass or LastPass that can store, and even generate, passwords digitally and securely.

2. Use two-step verification when you can

A 2022 YouGov poll, conducted in partnership with Goldman Sachs, found that nearly 25% of us don’t use two-step verification because we think it’s “too much hassle”.

But two-step verification (also known as “two-factor authentication”, or “2FA”) could make a huge difference to your online security.

2FA is an extra level of protection, beyond your username and password. It may take the form of an answer to a security question, a separate passcode emailed or texted to a known address or number, or a selection of characters from a known passphrase.

Even if your password is weak and instantly hackable, this extra layer of defence could be enough to put a scammer off. Combined with a strong password, though, your data’s defences could prove unbreachable.

3. Stay alert for fraudulent emails and texts

Fraudsters are unscrupulous. They will take advantage of anything they see as a weakness. This became apparent during the Covid pandemic, and more recently, during the cost of living crisis.

A scam email or text will often purport to be from a trusted organisation like HMRC, the NHS, or the police. During coronavirus lockdowns, scammers impersonated the police to impose “fines” for rule violations. Just last year, the government stepped in to make emergency payments to help people cover the cost of rocketing fuel bills. Scammers soon reacted, pretending to be from government agencies and requesting bank details to make payments.

During challenging and stressful times, our defences are often at their lowest, making us even more susceptible to the damaging effects of fraud.

Thankfully, there are some simple steps you can take to stay safe.

  • Check emails or texts for spelling or grammatical mistakes that could suggest they have been written by scammers.
  • Visit the organisation’s website to check if their email addresses are in the same format as the address that has contacted you.
  • Don’t click on any links in emails or text messages, or reply to suspicious contacts, as you could inadvertently download a virus or be taken to a clone site designed to steal your data.
  • Remember that pension cold-calling was banned in 2019, so if you receive unsolicited contact about your pension, it is highly likely to be a scam.
  • The BBC recently reported that the above ban is to be extended to the selling of all financial products. This means that you should consider any contact out of the blue, and about financial products you don’t already hold, as an immediate red flag.

There are plenty of places to go to get help

Action Fraud has a lot of useful information for detecting and avoiding scams. They can also be contacted on 0300 123 2040 if you think you might have fallen victim to fraud.

If you believe an email you have received is suspicious, forward it to and then delete it. Text messages can be forwarded to 7726.

Finally, check the FCA’s ScamSmart site and remember that if the organisation that contacts you claims to be in the financial sector, you can use the FCA register to check their credentials.

Get in touch

Huge technological advances are making staying safe online harder than ever. But there are red flags to look out for and ways to protect yourself and your money.

If you would like to discuss your secure finances, or any aspect of your retirement or long-term plans, speak to us now.

Please contact us at or call 01234 713131.

Please note

This blog is for general information only and does not constitute advice. It should not be seen as a substitute for financial advice as everyone’s situation is different.

More stories

21 Apr 2023

Meet Thomas, our new trainee financial planner

Read more

21 Apr 2023

10 wonderful Bedfordshire dog walks to enjoy with your pet

Read more