Cyber Safety Tips

Why Online Safety Matters

Our daily lives increasingly depend on digital services: banking, communication, shopping, education and healthcare. Cyber threats can cause financial loss, privacy breaches, emotional distress, and disruption to essential services. Learning a few simple habits can dramatically reduce your risk and help protect your family and community.

Protect Your Accounts

Your online accounts are gateways to personal, financial and work information. Use the three defenses below together for the best protection.

Use Strong & Unique Passwords

Create passwords that are long, hard to guess, and unique for every account. Avoid birthdays, names, and obvious patterns.

Aim for at least 12 characters when possible.
Use a mix of uppercase, lowercase, numbers, and symbols.
Do not reuse the same password across multiple services.

Use a Password Manager

Password managers securely store and autofill complex, unique passwords so you don’t have to remember them. They also help generate strong passwords for new accounts.

Choose a reputable manager (commercial or browser-integrated) and protect it with a strong master password and 2FA.
Keep a secure, offline copy of recovery information in case you lose access.

Enable Two-Factor Authentication (2FA)

2FA requires an additional verification step (e.g., a code from an authenticator app or an SMS) in conjunction with your password. It significantly reduces the chance that attackers can access your account, even if a password is stolen.

Use an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator) where possible—it’s more secure than SMS.
Enable 2FA on email, social media, banking, and any service that stores personal or financial data.

Beware of Suspicious Links & Attachments

One of the most common ways attackers gain access is through deceptive messages that trick you into clicking a link or opening a file.

Phishing emails often look like they come from trusted organizations (banks, delivery companies, and government) and include urgent language urging immediate action.
Attachments (Word docs, PDFs, ZIP files) can contain malware. Only open attachments from trusted senders, and confirm unexpected files by calling the sender first.
Shortened links (bit.ly, t.co) can hide the real destination; preview them where possible before clicking.

Quick checks before clicking: Hover over links on desktop to see the real URL; check for misspellings or odd domains. If the message asks for credentials, don’t enter them; go directly to the official website instead. When in doubt, call the organization using a phone number from their official website (not the number in the message).

Stay Alert for Scams & Social Engineering

Social engineering targets people, not systems. Attackers manipulate emotions like fear, urgency, and curiosity to trick you into making unsafe choices.

Common social engineering tactics

Phishing (Email)—Fake messages that imitate trusted sources.
Smishing (SMS)—Fraudulent text messages with malicious links or requests.
Vishing (Phone)—Voice calls from attackers impersonating banks, officials, or family.
Impersonation & CEO Fraud—Requests from someone pretending to be a boss or vendor asking for urgent payments or data.

How to respond

Pause before reacting attackers push for quick action. A short delay can reveal the scam.
Verify identity by calling back using an official number or contacting a known colleague.
Never share passwords, one-time codes, or PINs in response to unsolicited messages or calls.
Report scams to TT-CSIRT and your bank where appropriate.

Public Wi-Fi & Online Banking

Public Wi-Fi may be convenient, but it can expose your data to attackers on the same network.

Avoid online banking, bill payments, or entering sensitive info on public Wi-Fi.
Use your mobile data or a personal hotspot when you must access sensitive services.
If you must use public Wi-Fi, use a trusted VPN to encrypt your connection.
Always verify apps come from official app stores and keep banking apps updated.

How to Trust a Website

Fake websites can mimic real ones to steal credentials or payments. Use simple checks to verify legitimacy.

Look for https:// and a padlock icon; this shows the site uses encryption (but is not a full guarantee of trust).
Check the domain carefully for slight misspellings (e.g., “paypa1.com”).
Use bookmarks for important sites like your bank instead of clicking links in emails.
Read site reviews and verify contact details on official pages.

Keep Your Devices Secure

Install updates for your operating system, browser, and apps as soon as they’re available.
Use reputable antivirus/security software and keep it updated.
Enable device lock (PIN, password, or fingerprint) and encrypt devices if available.
Back up important data regularly to an offline or secure cloud backup.

General Cyber Hygiene: Quick Summary

Use strong, unique passwords and 2FA for all important accounts.
Store passwords in a trusted password manager.
Beware of phishing links, attachments, and unexpected requests.
Keep devices and software up to date; use antivirus/EDR on PCs and phones.
Avoid public Wi-Fi for sensitive tasks; use VPNs when necessary.
Back up data and verify backups regularly.
Report suspicious activity to TT-CSIRT and local authorities.