Cyber hygiene: How to stay safe online in 2025

It’s hard to write a definitive cyber hygiene guide, since both cybersecurity and cyber crime evolve side-by-side. What was cutting-edge defence five years ago might be the bare minimum – or even obsolete – today. But with cybercrime rising in Australia – the cost of attacks for businesses jumped 14% between 2022 to 2023 – it’s always a good time to brush up on the latest cyber hygiene principles. Whether you’re an individual or a business, here are six simple things you can do to stay safe online. 

1. Use multi-factor authentication everywhere 

If your bank, myGov, or another service offers you multi-factor authentication, use it. Multi-factor authentication (MFA) requires users to verify their identity through multiple forms or stages, rather than a single login. For example, your bank might text you a separate PIN to confirm a transfer. MFA is not infallible, but it can seriously reduce the risk of account penetration, even if your password gets compromised. Most of the major ecosystems offer dedicated authenticators now. You can even try hardware tokens for an extra layer of security.  

2. Regularly update software and systems 

Software companies and operating systems, like macOS, release regular updates to fix known exploits and security threats. The problem is, a lot of people don’t bother installing them. It’s a good idea to enable automatic updates for your operating system at the very least (e.g. Windows, macOS), as well as your anti-virus software, your office suite, and any browsers you might be using. Auto updates can also be configured for firewalls and routers, making sure every part of your network is up-to-date and fully patched.  

3. Implement strong password policies 

This gets drummed into us even as kids, but so many people still use one or two passwords for all their critical online activity. That means, when one platform gets compromised, they all get compromised. We all think this won’t happen to us, but poor password management contributes to 81% of corporate data breaches. So what’s best practice? First, turn off any auto-fill passwords in your browser  – you should be manually entering your password every single time. Next, choose a long, complex password, with a good mix of letters, numbers, symbols and case variation. If you’re having trouble generating or remembering your various passwords, invest in a secure password manager. There are plenty online.   

4. Back up regularly and securely 

Ransomware and data corruption attacks are constant risks online, so you should get in the habit of backing up your files and storing them in a secure location. There are a couple of ways you can go here. The first is physical: buy a password-protected SSD storage device and keep it somewhere safe. The second is to use dedicated cloud backup services, which are obviously handier for businesses who need to store large volumes of files. In terms of cadence, you need to find something that works for you; however most experts agree that backing up weekly (or monthly at the very least) is a good habit to get into.  

5. Read up on phishing scams  

A phishing scam is a cyberattack where an attacker pretends to be a known person or trusted organisation to deceive you into revealing sensitive information, like your password. Phishing attacks were actually the most common cyberattack in Australia in 2023. With the rise of generative AI, phishing is becoming more and more sophisticated, which means we all need to educate ourselves on the latest scams. Services Australia has some good information on phishing, as does cyber.gov.au. As a business, there are dedicated tools for simulated employee training, but the best defence is always the simplest: if you smell something phishy, don’t respond via text or email. Don’t click links, and never give out private information online. Only interact with organisations directly via their apps or websites.  

6. Secure your network with firewalls or VPNs 

Unauthorised access to your business or home network can be devastating, which is why it’s always a good idea to use a mix of firewalls, Virtual Private Networks (VPNs) and network encryption. Overlay all that with multi-factor logins and strong password policies, and you’ve got a pretty watertight network setup. For personal use at home, out-of-the-box firewalls are totally fine, but companies may want to invest in business-grade VPNs to encrypt data traffic and prevent eavesdropping. Even then, given the rise of VPN-related attacks, it’s generally best practice to adopt a Zero Trust strategy when it comes to network activity.