The roadmap, to read
The whole roadmap, in order: 224 actions, domain by domain, each with its why and how. Read it here, or take it with you — print, PDF or Excel (83 tools and 57 terms included).
The fundamentals
- Read the terms before you accept them
Clicking “I agree” without reading is signing a contract blindfolded. At the very least, skim what the service does with your data, the way you’d read the ingredients to dodge an allergen.
Look for what the service collects, resells and shares; ToS;DR (tosdr.org) flags the worst clauses for you.
- Treat the internet as insecure by default
Assume anything you send online can be read, copied or diverted. Before you send an ID for a rental or a scan of your card, ask yourself whether the recipient has really earned that trust.
- Stay deliberate instead of running on autopilot
Most attacks bet on your autopilot: the reflex click on a pop-up, the tempting link, the impulsive reaction. Taking back control of those habits blocks a large share of threats on its own.
- Pause when a message plays on your emotions
Urgency, fear or excitement are exactly the levers social engineering pulls: you’re rushed so you can’t think. The moment a message triggers a strong emotion, stop, breathe, and only act afterwards.
- Ask three questions before reacting to a message
Before you click or reply, filter it: was this message expected, is the sender really who they claim to be, and is it normal to be approached this way? Three reflexes are enough to unmask most traps.
Was this message expected? Is the sender who they claim to be? Is it normal to be approached like this?
- Map your attack surface (1/5): inventory your devices
You only protect what you’ve listed. Write down everything that connects: computers, phones, smart devices, printers, drives and USB sticks, with their OS and versions. Every forgotten device is a blind spot.
List desktops and laptops (OS and versions), mobiles (model, OS, main apps), smart devices (thermostats, cameras, voice assistants) and peripherals (printers, external drives, USB sticks).
- Map your attack surface (2/5): list your online accounts
Every account is one more door into your digital life. List them all: email addresses, social media, banking and payments, shopping, streaming, forums. What you don’t list, you won’t secure.
Write down your email addresses, social accounts, banking and payment accounts, shopping accounts, then everything else (streaming, subscriptions, forums).
- Map your attack surface (3/5): locate your important data
Your sensitive documents live somewhere: on the drive, on an external disk, in the cloud. Know exactly where, because you can’t back up or defend data you’ve lost track of.
Find where your key documents (certificates, passports), photos and videos, bank statements and tax records, and any work data actually sit.
- Map your attack surface (4/5): assess your weak points
Run every device and account through the sieve: firewall and antivirus on, updates done, strong passwords, two-factor, data encrypted and backed up. Wherever the answer is “no,” you’ve found a gap.
Check the basics (firewall, antivirus, updates), password strength and 2FA, then how your data is protected (encryption, backups, restricted access).
- Map your attack surface (5/5): pinpoint your critical points
Not everything carries the same weight. Spot the devices you use most, the accounts holding the most sensitive information, and the data that would do the most damage if it leaked. That’s where your effort goes.
Note the devices most used for sensitive access, the most exposed accounts, and rank the data whose compromise would cost the most (financial, personal, professional).
- Recognize the signs of a compromise
A device slowing down for no reason, programs or files you never installed, unusual error messages: those are the engine misfiring. A noticeable change in behavior deserves an investigation, not a shrug.
Watch for unusual slowdowns and crashes, unknown apps or files, and unexpected error windows or security alerts.
- Keep an eye on your account activity
A sign-in from an unfamiliar place, a password changed without you: these traces reveal a break-in before it does real damage. Check the login history of your sensitive accounts regularly.
- Check a login alert on the site itself, never through the message
A “suspicious login detected” email is phishing’s favorite disguise. Never click its link: open the official site yourself and, if the alert is real, you’ll find it waiting in your account.
- Stay calm when you suspect an attack
Panic drives rushed decisions, and those almost always make things worse. When you’re under attack, the first thing to do is stay calm: size up the problem before you act.
- Set up regular backups
The number-one regret after an attack is not having backed up. With recent copies of your files, ransomware becomes a setback, not a catastrophe: you restore instead of paying the ransom.
Automate regular backups of your important data, keep one copy offline or off-site, and test now and then that restoring actually works.
- Prepare a plan for reacting to an attack
The worst time to improvise is mid-crisis. Decide the first moves while you’re calm: disconnect the infected device from the network, change your critical passwords right away, and know who to alert.
Write down in advance how to isolate a compromised device (cut Wi-Fi and network), which passwords to change first, and who to turn to.
- Review an incident afterwards to harden your defenses
An attack you survive without learning from invites the next one. Once things are calm, retrace what happened and where it got in, then close that exact gap so it can’t reopen.
- Put tools in place to monitor your devices
The human eye misses things: an up-to-date antivirus and well-tuned alerts catch suspicious activity while you get on with your day. Early detection is what turns a break-in into a mere scare.
- Keep learning and staying informed
Scams evolve faster than any piece of software. Your best defense isn’t a tool but your own awareness: continuing to learn is precisely what keeps your resilience standing over time.
- Invest in a few well-chosen tools
Protecting yourself doesn’t mean emptying your wallet. A few modest, well-placed purchases, like a password manager or a backup solution, do more for your security than ten expensive gadgets.
- Test your protections regularly
A backup you never restore or an alert that never fires are worthless when the day comes. Test your protections like you test a smoke detector: better to learn they work before the fire, not during it.
Passwords & 2FA
- Set up a password manager
Your brain cannot remember 80 unique passwords, so it cheats: it reuses. A password manager generates and stores strong, unique passwords in an encrypted vault, protected by a single master password.
Install it, set a long master password, import existing accounts, enable the browser extension.
- Create a long master password (14 characters minimum)
The longer a password, the harder it is to crack. Aim for a memorable passphrase mixing upper and lower case, digits and symbols: entropy does all the work.
- Ban dictionary words, personal info and obvious sequences
"123456", "qwerty", your birth date or the dog’s name are tested first: that’s a key under the doormat. These combinations fall in seconds.
- A unique password per account, never reused
Reusing means one key for every door. A leak on any random site, and attackers try your credentials everywhere else: that’s the domino compromise.
- Share a password only through the manager, then change it
If sharing is unavoidable, use the manager’s encrypted sharing, never SMS or email. Change the password once access is over to limit the residual risk.
- Choose a reputable, audited, up-to-date manager
Not all managers are equal: it’s like choosing a trustworthy bank. Prefer open source, audited, regularly updated.
- Enable two-factor authentication on the manager itself
The vault holds everything: put a double lock on it. Even if the master password leaks, access stays blocked without the second factor.
- Secure the master password and plan its recovery
If you forget the master password, recovering the rest becomes nearly impossible. Store it safely (a physical safe) or pick a memorable phrase, and set up recovery options.
- Turn on the manager’s breach alerts
It’s a smoke detector for your accounts: being warned early that a password showed up in a leak lets you change it before anyone exploits it.
- Do not store passwords in the browser
Physical access, a compromised sync or a piece of malware can easily extract passwords saved in the browser. Turn the feature off and prefer the manager.
- Check whether your accounts have already leaked, and subscribe to alerts
A leak never dies: your 2014 credentials are still circulating. Knowing which ones are burned tells you exactly which passwords to change first.
Go to haveibeenpwned.com, enter your email, turn on notifications.
- Inventory your critical accounts and harden them first
Banks, main emails, sensitive services: list them and give them long, complex, unique passwords. You cannot protect what you have not mapped.
- Avoid public machines for sensitive accounts
On a shared computer, you can never be sure there’s no malware or keylogger. If you must use one: private session, never save the password, fully sign out when you leave.
- Treat security questions like passwords
Your birth date, mother’s maiden name or hometown are all on your social media. Invent consistent fictional answers (a persona) and store them in the manager.
- Enable 2FA on email, banking and social media first
Email is the master key to your digital life: whoever controls it can reset everything else. Two-factor turns a stolen password into a useless key, then extend it to every account.
- Prefer an authenticator app over SMS codes
Number hijacking (SIM swap) makes SMS the least secure 2FA method. An app generates codes that expire in 30 seconds, out of reach of that hijack. Use SMS only when nothing else is available.
- Keep your 2FA backup codes somewhere safe
These codes are your only way back in if you lose your second factor. Keep an encrypted copy in the manager and a physical copy in a locked drawer, and regenerate them after any change of method.
- Use a physical security key on critical accounts
Against targeted phishing, SMS is not enough and the app can be tricked. A physical key requires real presence: it won’t be fooled by a fake login page.
- Don’t make biometrics your main factor
You can change a password, not your face or fingerprint. Keep biometrics for unlocking the phone day-to-day, but don’t rely on it as the only wall for sensitive accounts.
- Don’t host 2FA inside the manager, diversify your methods
Putting passwords and 2FA in the same place creates a single point of failure: whoever gets in has it all. Spread it out (physical keys for some accounts, an app for others) and keep well-protected backup methods.
Web browsing
- Choose a browser that respects your privacy
Your browser is the window through which you see the whole internet, and the one through which the internet watches you back. Firefox or Brave put privacy first, where Chrome, Edge and Safari collect your data first.
Install Firefox or Brave, set it as your default browser, import your bookmarks and accounts.
- Replace Google with a private search engine
Your searches are the diary you didn't know you were keeping, and Google reads it to build your profile. DuckDuckGo or Qwant return solid results without keeping your history or tracking you.
In your browser settings, set DuckDuckGo or Qwant as the default search engine.
- Install uBlock Origin to block ads and trackers
Ads aren't just intrusive: they carry cookies and trackers that resell your data. uBlock Origin blocks them, lightens pages and speeds up your browsing. Don't take my word for it, install it and see the difference.
- Vet every extension before you install it
A poorly coded or malicious extension can steal your logins, inject ads or slow your browser to a crawl. Before installing, check the developer, read the reviews and look at the permissions it asks for: an extension that asks for too much is usually hiding something.
- Remove the extensions you no longer use
Every installed extension is one more door into your browser, including the ones you forgot about. Clean house regularly: uninstall anything you no longer use and you shrink your attack surface by that much.
- Keep your browser updated automatically
Not a day goes by without a new flaw turning up in the most-used browsers. Fixes ship fast, but they only help once installed: turn on automatic updates and never postpone them.
- Use private mode on a shared computer
Incognito is neither an invisibility bubble nor a trace eraser: your employer, your ISP and the sites still see you. Its real value: on a shared or public machine, it saves no history, no cookies and no passwords for the next person.
- Compartmentalize your accounts with multi-account containers
If you're on Firefox, the Multi-Account Containers add-on splits your browsing into sealed, color-coded tabs: personal, work, banking, social. Each world stays in its own bubble, which cuts cross-site tracking and limits your fingerprint.
- Measure your browser's unique fingerprint
Even without cookies, your browser leaks enough (fonts, resolution, version, extensions) to identify you almost uniquely. Test yours on amiunique.org, built by students from Lille and INRIA: it's the wake-up call most people are missing.
- Block third-party cookies in your browser
Third-party cookies are dropped by domains you never even visit, to follow you from site to site and build a profile of your habits. Block them under “Privacy and security”: you cut ad tracking without breaking sites.
- Turn on the “Do Not Track” option
This setting asks sites not to track you. It costs one click, so you may as well switch it on, but stay clear-eyed: nothing forces sites to honor it, so its effect stays limited. It's a signal, not a shield.
- Add Privacy Badger against invisible trackers
Privacy Badger learns on its own to spot and block the trackers that follow you without consent, the ones default settings let through. Installed alongside uBlock Origin, it strengthens your defense against tracking.
- Hover a link before clicking to see where it really goes
A redirect link can hide a phishing page behind a legitimate-looking address, and sometimes a single click is enough to infect your device. Hover the link to read the real URL at the bottom of the browser, be wary of shorteners like Bitly, and check at the slightest doubt.
Hover without clicking and read the URL shown at the bottom. For a shortened link, paste it into CheckShortURL or URLVoid before opening it.
- Turn on the pop-up blocker
Some pop-ups mimic a message from your system to push you into clicking or downloading booby-trapped software. Turn on the built-in blocker, and if a window slips through, close it with the X in the corner or with Alt+F4 (Windows) or Cmd+W (Mac), never with a button inside it.
- Cut off web notifications
Shady sites have hijacked notifications to bombard you with alerts and fake news. Disable the permission to even ask in your site settings, revoke the ones already granted, and stop clicking “Yes” out of reflex just to make the box go away.
- Disable automatic file downloads
It sounds basic, and it is: block automatic downloads so no file lands on your disk without your say-so. That one extra step lets you check what you're getting before it arrives.
- Disable browser geolocation
Geolocation tells sites where you are, down to the moment, and reveals your habits and movements. Turn it off by default in the settings and switch it on by hand only for a service that genuinely needs it, like directions.
- Block camera and microphone access by default
Your camera and mic can be used by sites or apps to spy on you without your knowledge. Deny access by default in the browser, and grant it case by case, only for a video call you started yourself. Think twice before saying yes.
- Choose an encrypted, privacy-respecting email provider
Your emails hold your statements, your documents and your forgotten passwords: with a classic provider all of it is readable and monetisable. An end-to-end encrypted service guarantees that only you and the recipient can read your messages.
Open a mailbox with an encrypted provider, then migrate your sensitive accounts first: banking, health, government.
- Protect your inbox with a unique 16-character password
Your email is the master key to your whole digital life: whoever opens it can reset everything else. Generate a complex, unique password of at least 16 characters and keep it in your manager, never in a note or a file.
- Turn on two-factor authentication for your inbox
Even if your password leaks, two-factor adds a second lock that stops the intruder at the door. Turn it on in the security settings, using an app rather than SMS, and keep a physical copy of the backup codes.
- Compartmentalise your digital life with several email addresses
One address for everything is a single point of failure: the online shop that leaks also exposes your bank. By separating work, personal, shopping and newsletters, you keep each incident inside a single compartment.
Create at least one personal address, one for work, and one dedicated to sign-ups, shopping and newsletters.
- Keep one email address only for account recovery
A quiet address, used almost never and known to no one, becomes a back door an attacker never thinks to target. Keep it out of your daily exchanges so it stays genuinely clean.
- Never expose your main email address publicly
An estimated 94% of malware arrives by email, and it starts by harvesting your address wherever it sits in the open. Keep the real one for trusted contacts, and hand out a secondary address for every online sign-up.
- Regularly review your account’s recent activity and sign-ins
When an attacker gets in, their first move is to settle in quietly for the long haul, like a foot slipped into a half-open door. Scanning the recent activity and your sent folder lets you spot an unusual sign-in before it becomes a real problem.
- Revoke third-party app access to your inbox
Every app you once allowed to “read your emails” or “send on your behalf” stays a key in circulation, even the one you no longer use. Clean house in the security settings and remove anything you don’t recognise.
- Inspect your mailbox’s automatic rules and filters
A quiet rule that forwards or deletes certain messages is an attacker’s favourite trick for reading your mail without you knowing. Review your filters and delete any automation you didn’t set up yourself.
- Disable automatic loading of remote content
The images hidden in an email are often trackers: they signal that you opened the message and tell the sender about your device and location. Block remote content by default; a button stays there to show it when you choose.
- Never share sensitive information by email
An email can be intercepted, and a card number or password left inside it becomes a windfall for fraud. If you must send a sensitive document, protect it with a password and share that password through another channel.
- Enable a spam filter on your mailbox
Most spam hides a phishing link, a booby-trapped attachment or a scam: the spam filter stops it before your inbox. Your provider almost always offers one; often you just have to switch it on.
- Use your own private domain for email
With your own domain, like @yourname.com, you no longer depend on a single provider and you control your security settings and spam protection. Expect a small yearly cost and a little admin in exchange for that control.
- Read and compose your emails in plain text
Plain text carries no script, no image, no tracking pixel: nothing that can follow you or inject code. A little old-school, but you see exactly what you send and receive, and you switch back to HTML case by case.
- Use aliases to trace and cut off spam
One alias per service, like yourname+facebook@…, tells you exactly where a spam came from and lets you cut it off without touching your real address. With a private domain or a dedicated service, you can generate as many as you need.
- Back up your emails regularly
A hacked, deleted or locked mailbox, and years of important documents vanish at once. Export your emails regularly to a drive or encrypted storage so you can recover everything if something goes wrong.
- Be cautious with out-of-office auto-replies
An over-talkative away message tells a stranger you’re far from home and for how long: a gift to social engineering as much as to burglary. Stay vague (“away until [date]”) and keep the details for internal contacts only.
- Use disposable email addresses for one-off sign-ups
For a single download or a service you’re just trying out, a throwaway address keeps your real inbox clean and your identity at arm’s length. It soaks up the spam then disappears, without ever exposing your main address.
Social media
- Draw up a full list of your social media accounts
You can only secure what you can see. Start by listing every network you’re active on, from Facebook to LinkedIn and the forgotten accounts too: it’s the map that makes everything else possible.
Note every platform (Facebook, Instagram, LinkedIn, X, TikTok and so on), including the dormant accounts you no longer use.
- A unique password and two-factor on every network
Access to your social accounts deserves the same protection as your inbox. Give each account a long, unique password from your manager, then turn on two-factor authentication and keep the backup codes safe.
- Review your privacy settings, regularly
Privacy settings are your first line of defence, and platforms change them without telling you. Take back control: decide who can see your posts, your photos and who can find you, then do the rounds again every few months.
On each network, open the privacy settings, restrict who can see posts and photos, and limit who can search for you.
- Assume everything you post is public and permanent
Even with private settings, a single screenshot is enough to send your post far beyond the intended circle, and forever. Before posting, ask yourself three questions: would I be fine if this went public, could it be misread, could it embarrass me later.
- Don’t overshare the details of daily life
Details that seem harmless, your workplace, the kids’ school, your usual coffee shop, map out your routine for anyone looking to exploit it. Be selective: every piece you post is one more piece of the puzzle you hand over.
- Don’t announce your holidays in real time
A holiday photo posted live is an "empty house" sign for burglars. Wait until you’re home to share the memories: the same pleasure, minus the risk.
- Keep real-time posts to a small circle
When you share in the moment, not everyone needs to see it. Use close-friends lists to limit the audience, and while you’re at it, check whether your older posts are visible to everyone or only to your contacts.
- Check an account is genuine before following it
Fake accounts are everywhere: they impersonate celebrities, brands, even your friends. The verified badge is no longer enough, since it can be bought. Look instead for the real signals: a consistent history, real followers and genuine interactions.
- Beware "friends" who push you to act fast
A "friend" warns you about a compromising video of you, another begs for money in an emergency, a third asks you to receive an SMS code for them: these are hacked or impersonated accounts. Never click and never pass on a code without checking through another channel.
- Ignore requests and messages from strangers
Before accepting a friend request, look at the profile: a recent account with few photos or odd inconsistencies reeks of a scam. A hairdressing degree from the Sorbonne doesn’t exist. When in doubt, ignore it.
- Never share confidential information on social media
Having thousands of followers doesn’t mean each one deserves access to your life. Social media is no place for a card number, a password or a relative’s address. If you’re asked for them, check directly with the organisation through another channel.
- Keep third-party apps connected to your accounts in check
Logging into a site with your Facebook or Google account is convenient, but you often hand it a goldmine of information. Before agreeing, check the requested access makes sense, and regularly clear out the permissions you no longer recognise.
In the security settings, open the list of authorised apps and revoke the ones you no longer use.
- Steer clear of quizzes and games that fish for your data
"Which film character are you?": these fun quizzes collect your name, your date of birth, your first pet’s name, and match exactly the security questions your bank uses. Many also demand access to your profile, your photos, sometimes your private messages. A friend sharing it guarantees nothing.
- Don’t post your location in real time
Sharing your position live reveals your habits and movements to anyone watching. Personally, I never post until I’ve left the place: so much for chasing likes. And remember that a single photo often says far more than you think.
- Build a persona to shield your real identity
If you mainly want to consume content without exposing yourself, nothing forces you to give your real identity. A consistent alias, with a fake name and birth date reused across your accounts, keeps you off the radar of identity theft and harassment. Short on inspiration? The Fake Name Generator site is made for this.
- Agree on a family code word against AI scams
With AI, a scammer can mimic your child’s voice claiming their phone is broken and urgently asking for money. The countermeasure is simple: pick a code word only your family knows, something ordinary like "courgette", and demand it at the slightest doubt before acting.
- Ask a question only the real person could answer
In 2024, a Ferrari executive got a call reproducing his CEO’s voice by deepfake. He asked one question: "Which book did you recommend to me a few days ago?" The scammer hung up. Faced with an unexpected, sensitive request, verify with a detail only your genuine contact could know.
- Verify information before sharing it
Algorithms amplify what provokes a reaction, not what’s true, and even respected sources sometimes create their own fake news. Before you relay anything, cross-check several sources and stay "politely paranoid": sharing a false story lends it your credibility.
Mobile devices
- Lock your phone’s screen
It’s like locking your front door when you leave: obvious, yet skipped for the sake of comfort or saving a few seconds. Screen lock is your first line of defense against unauthorized access, whether by passcode, pattern, fingerprint or face.
iOS: Settings > Face ID & Passcode (or Touch ID & Passcode), set a passcode. Android: Settings > Security > Screen lock, choose a PIN or pattern.
- Choose a strong unlock code
"1234", "0000", your birth date or a relative’s are the first combinations tested. A former prime minister once used his sister’s birth date as his PIN: incredibly easy to guess. Aim for at least six digits, or better, an alphanumeric passcode.
iOS: Settings > Face ID & Passcode > Passcode Options > Custom Numeric Code (6+ digits) or Alphanumeric Code. Android: Settings > Security > Screen lock, pick a long PIN or a password.
- Set auto-lock to a short delay
Auto-lock is a safety latch that trips on its own when you forget to shut the door. Set to a short delay, it closes the gap of those few minutes when the phone sits unlocked on a table, out of your sight.
iOS: Settings > Display & Brightness > Auto-Lock > 30 seconds. Android: set the lock delay under Settings > Security > Screen lock settings > 'Lock after screen turns off', shortest option; also set Display > Screen timeout to a short value.
- Turn on device encryption
Encryption is a digital shield. Without it, if your phone falls into the wrong hands, all your data (passwords, photos, messages) is readable. With it, it’s just a pile of bytes that are useless without your code.
iOS: encryption turns on automatically as soon as you set a passcode, nothing more to do. Android: Settings > Security (or Security & privacy) and check encryption is on; it is by default on recent models.
- Delete the apps you no longer use
Every app is a potential way in. The more you have, the bigger your attack surface: a forgotten app can carry an unpatched flaw or permissions you no longer remember granting. Clear them out, and you get storage back as a bonus.
iOS: long-press the icon > Remove App. Android: long-press the icon > Uninstall. Review your apps once a month.
- Grant only the permissions that are truly needed
A navigation app needs your location; a flashlight app has no reason to ask for your contacts or your microphone. Always ask yourself why a permission is being requested, and grant only what the app genuinely needs to work.
At each install, deny any permission that isn’t justified; you can always grant it later if a specific feature really needs it.
- Audit and revoke granted permissions regularly
Over time, you forget the permissions you granted for a one-off use. A regular audit is a walk-through of every key you handed out: you’d be surprised how many apps still reach data they no longer need.
iOS: Settings > Privacy & Security, review each category (location, mic, camera, contacts). Android: Settings > Privacy > Permission manager, revoke anything unjustified.
- Install apps only from the official stores
Sticking to the App Store and Google Play removes the vast majority of booby-trapped apps. Official doesn’t mean 100% safe, though: in 2019 the "Joker" malware slipped into more than twenty Google Play apps to sign victims up to paid services. Check reviews, permissions and the update date before installing.
Install only from the App Store (iOS) or Google Play (Android). Before installing: read the reviews, inspect the requested permissions, check the last-updated date. Never use a third-party site or an unknown APK file.
- Guard against juice jacking at public chargers
A public charging station, in an airport, hotel or café, can be rigged: that’s juice jacking. A USB port doesn’t just deliver power, it also opens a data connection that can be used to install malware or siphon your files, emails and banking details.
Plug your own charger into a wall socket rather than a public USB port. Carry an external battery. In a pinch, use a USB data blocker ("USB condom") that blocks the data pins. Turn the device off before plugging it into an unknown station.
- Sign up on the do-not-call lists
Cold calls end up poisoning your day. In France, register with Bloctel to stop companies from soliciting you; in Belgium, there’s the DNCM (Do Not Call Me) list. Also check with your carrier: some, like Free, block call-center numbers for free.
France: register at bloctel.gouv.fr. Belgium: the DNCM list (dncm.be). Also check the free blocking options your carrier offers.
- Turn off personalized ads
Personalized ads look convenient, but they run on the harvesting of your data and your online activity. Cutting off personalization takes back a bit of ground from profiling, without losing anything useful.
iOS: Settings > Privacy & Security > Apple Advertising > turn off "Personalized Ads". Android: Settings > Google > Ads > "Delete advertising ID" / turn off ad personalization. Also switch these options off on Facebook and your other accounts.
- Back up your device automatically
A backup is a solid plan B: phone lost, stolen or broken, you restore everything onto a new device without losing a single file. It’s like keeping a duplicate of every key to your house: losing one no longer locks you out. Automate it so you never have to think about it.
iOS: Settings > [your name] > iCloud > iCloud Backup > turn on. Android: Settings > Google > Backup > turn on. Plan a full backup every week, and one before any important trip. Choose a trustworthy service.
- Enable auto-wipe after too many failed attempts
Against a brute-force attack that tries thousands of codes, auto-wipe after ten failures is a bear trap: past that threshold, the device erases itself. One hard requirement: back up regularly, otherwise simply forgetting your code costs you everything.
iOS: Settings > Face ID & Passcode (or Touch ID & Passcode) > enable "Erase Data" after 10 failed attempts. Android (e.g. Samsung): Settings > Security > Secure lock settings > "Auto factory reset".
- Use analysis tools for your smartphone
An analysis tool like System Status or Network Analyzer is a doctor for your phone: it watches the CPU, memory, battery, disk and network, scans the devices on your network, and spots anomalies before they turn into trouble. It makes you proactive rather than reactive.
iOS: install a tool like System Status or Network Analyzer to monitor CPU, memory, battery and network. Android: equivalents exist on the Play Store. Use them regularly to catch unusual behavior.
- Reduce your device’s standby activity
Even on standby, your device keeps working in the background and, potentially, exposing data. Fewer notifications means fewer wake-ups; turning off Wi-Fi, Bluetooth and mobile data when they’re not needed cuts activity by that much, and battery saver does the rest.
Limit notifications to important apps only. Turn off Wi-Fi, Bluetooth and mobile data when unused. Stop non-essential apps from running in the background (iOS: Settings > General > Background App Refresh; Android: Settings > Apps > Battery). Enable battery-saver mode.
- Don’t use third-party keyboards
A third-party keyboard sees everything you type: passwords, banking details, intimate messages. Even an app as popular as TikTok has been called out for keystroke logging. My position is clear: don’t use this kind of keyboard, stick with the built-in one.
iOS: Settings > General > Keyboard > Keyboards, delete any third-party keyboard and keep the native one. Android: Settings > System > Languages & input > On-screen keyboard, keep the stock keyboard (Gboard, Samsung) and uninstall third-party ones.
- Restart your device regularly
Restarting clears temporary data, closes apps quietly running in the background, and above all breaks the persistence of many remote attacks that need the phone to stay on to keep control. It’s a simple habit. Personally, I have a reminder at 4:55 every morning, before I take on the day.
Set a daily reminder (early morning, for instance) to fully power the phone off and back on. Close all open apps while you’re at it.
- Keep your phone number private
Your number is a doorway into your private life, especially if it’s used for two-factor authentication. Don’t publish it on social media or an online résumé: data scraping is very real, and that information eventually gets used against you.
Remove your number from public profiles, social media and online résumés. Check the privacy settings that expose your number to strangers.
- Use a secondary number for sign-ups
Why would Deezer or Spotify need your phone number? Most often, it’s for profiling and reselling data. For sign-ups and services you’re wary of, use a secondary or disposable number, which many carriers offer cheaply or even for free. Protecting your number means protecting your privacy.
Ask your carrier for a second or disposable number (often free or low-cost) and keep it for online sign-ups and non-essential services.
Computers
- Protect your session with a strong password
Your session password is the key to your front door: it stops anyone unauthorised from reaching your files, apps and information while you’re away. A weak key like "1234" is forced in seconds, whereas a long mix of upper and lower case, digits and symbols makes an intruder’s job far harder.
Windows: Settings > Accounts > Sign-in options to change the password. Mac: System Settings > Touch ID & Password (or Users & Groups) to set a strong password.
- Turn on automatic updates for the system and apps
Keeping your system up to date is one of the simplest and most effective things you can do. Every update fixes security holes: ignoring them is like leaving your front door open to attacks. Enable automatic installation, and still check now and then that no update is waiting.
Windows: Settings > Windows Update, turn on automatic updates. Mac: System Settings > General > Software Update, turn on automatic updates. Check manually about once a month.
- Encrypt your computer’s drive (BitLocker or FileVault)
Encryption turns your data into a format that is unreadable to anyone without the decryption key. Even if a thief gets hold of your device, they cannot read your files: it is a layer of protection that travels with your machine. Windows offers BitLocker, macOS offers FileVault, both built in and guided.
Windows: Settings > Privacy & security > Device encryption (or BitLocker Drive Encryption). Mac: System Settings > Privacy & Security > FileVault, click Turn On. Keep the recovery key somewhere safe, off the device (for example in your password manager).
- Back up your data regularly (local and cloud)
Hardware failures, human error and cyberattacks can all cause irreversible data loss. A regular backup guarantees you can always restore your information. Combine a local copy (an external drive stored safely) with a cloud copy for maximum redundancy, schedule the backups automatically, and test a restore now and then to make sure it really works.
Use an external drive for a local copy and an encrypted cloud for an off-site copy. Set up automatic backups (daily or weekly depending on how you work). Restore a few files to confirm the backup is complete.
- Disable the voice assistant (Cortana or Siri)
Voice assistants listen constantly for a wake word: they can pick up sensitive conversations and personal information. They can also be hijacked by cybercriminals to reach your data. If you don’t use one, switch it off.
Windows: Cortana was removed from Windows in late 2023; check that no listening assistant is active and cut unneeded mic access in Settings > Privacy & security > Microphone. Mac (Siri): Apple menu > System Settings > Siri & Spotlight, turn off "Ask Siri".
- Enable automatic screen lock
When your computer sits idle for a while, automatic locking takes over and demands your password: no one can rummage through your data if you step away without thinking. The sweet spot between security and convenience is between 3 and 5 minutes.
Windows: Settings > Personalization > Lock screen, set the delay and enable "On resume, display logon screen". Mac: System Settings > Lock Screen, require the password after sleep or the screen saver starts.
- Be wary of unknown USB devices
A USB stick can carry viruses or spyware that infect your computer the moment you plug it in. Never connect a stick you found or were handed by a stranger (unlikely, but real), scan any stick with your antivirus before opening it, disable autorun, and if you must use a doubtful stick, format it first.
Windows: Settings > Devices > AutoPlay, turn off automatic playback for all media. Mac: there is no autorun, but never open a file from a stick without checking it first. When in doubt, format the stick before use (beware, some threats survive a format: better to avoid suspicious sticks).
- Review installed apps and their permissions
Over time you pile up apps that go stale or ask for too much. An outdated app can hold vulnerabilities, and excessive permissions grant access to your location, contacts or files. Clean house regularly: uninstall what you no longer use, review the permissions of the rest, and update what remains.
List every installed app, uninstall the ones you don’t need, then review the permissions granted to each remaining app and adjust them.
- Limit the diagnostic data sent to Microsoft and Apple
Your apps and system often collect usage data to "improve their services". That collection sometimes goes beyond what is needed and eats into your privacy. Set it to the minimum, both at the system level and per app.
Windows: Settings > Privacy > Diagnostics & feedback, choose "Required diagnostic data" rather than "Optional diagnostic data". Mac: System Settings > Privacy & Security > Analytics & Improvements, uncheck sending data to Apple. Check each app’s settings too.
- Avoid overly quick unlock methods
Fingerprint and face recognition are convenient, but researchers have shown a fingerprint can be bypassed from high-resolution photos of your fingers, and some 2D (basic webcam) face recognition fooled with a photo or video. Depth-sensor systems (Face ID, Windows Hello infrared) resist this trick, but for your most sensitive devices prefer a complex, unique password or PIN: less convenient, but harder to defeat.
- Shut down completely rather than using sleep
In sleep, your system stays partly active and disk encryption can be temporarily disabled, which leaves an opening for the curious. Shutting down fully closes every session, cuts the networks and shrinks the attack surface, while letting the computer install updates on restart.
- Turn off unused sharing services
File or printer sharing is handy, but left on for no reason or misconfigured, it opens doors to cybercriminals, especially on a public network. Check regularly which sharing services are on and switch off the ones you don’t use.
Windows: Control Panel or System settings, network and sharing section, disable unused shares. Mac: System Settings > General > Sharing, turn off the services you don’t use.
- Separate the administrator account from your everyday account
An administrator account is the master key to your system: it can install anything, change anything, read anything. If you use it every day and fall into a trap, malware installs without asking. Create a standard account for your daily activities and keep the administrator account for the tasks that truly need it: an attack then becomes far less destructive.
Windows: Settings > Accounts > Family & other users, create a standard account. Mac: System Settings > Users & Groups, add an account without administrator rights for everyday use.
- Cut the microphone and cover the camera when you’re not using them
Malware can switch on your microphone without you knowing and listen to everything said around the computer. The camera is easy to block with a cover or a switch; the mic is quieter and easier to forget. Turn it off in your system’s privacy settings when you’re not using it, and revoke access from apps that don’t need it.
- Turn on the system firewall
A firewall filters incoming and outgoing traffic to block intruders while letting legitimate data through. Without one, it is like leaving every door and window wide open. Windows and macOS include a built-in firewall: turn it on, especially when you are connected to the internet.
Windows: Control Panel > System and Security > Windows Defender Firewall, turn it on for private and public networks. Mac: Apple menu > System Settings > Network > Firewall, turn it on and adjust the allowed apps in the options.
- Choose a paid antivirus over a free one
A free antivirus often stops at basic protection: it lacks anti-phishing, real-time updates and advanced defences against ransomware. Worse, some fund the service by reselling your browsing data. A paid antivirus offers complete protection, updated daily: a few euros a month to sleep (almost) soundly.
- Set a BIOS password
Protecting your computer starts before the operating system even loads. The BIOS is the program that runs at startup: without a BIOS password, someone with physical access can change the boot settings, install another system or reach your files, even if your session is secure. If you are not comfortable with this, get help: a bad configuration can make the computer hard to start.
At startup, press the key shown on screen to enter the BIOS (often F2, F10, Del or Esc). Find the security menu, set the BIOS password, enter it twice, then save and exit (often F10 or "Save and Exit"). Restart to check. Every manufacturer differs: if needed, check the maker’s website.
- Enable Secure Boot
Secure Boot checks each component before allowing it to run: only software approved by the manufacturer can start. It blocks low-level attacks like rootkits, which compromise the system before the antivirus even takes over. As with the BIOS password, if you are not comfortable, get help.
Enter the BIOS/UEFI at startup (often F2, F10, Del or Esc). Find the "Boot" or "Security" menu, locate the Secure Boot option (sometimes off by default) and enable it. Save and exit (F10 or "Save and Exit"), then restart to check.
- Plant Canary Tokens to detect intrusions
A Canary Token is a booby-trapped file or URL: the moment someone accesses it, you get an alert. Picture a landmine that sets off an alarm. Placed where no one should ever go (a fake sensitive document on your drive, a secret URL), they warn you immediately that an intrusion has happened and give you time to react.
On a service like canarytokens.org, create a token (file, URL, document...). Put it somewhere no one should be poking around. The moment it is opened, you get an alert: act fast to secure your system.
Home network & IoT
- Choose a router with real security features
The router is the brain of your network: it connects every device to the internet and manages the traffic between them. If you can pick your own, get a model with a built-in firewall and the ability to create a guest network. A good router does half the security work of the whole home.
- Wire fixed devices with Ethernet
Wi-Fi is convenient, but a wired connection is faster and cannot be picked up from the street. For devices that never move, a desktop PC, a game console, a TV box, an Ethernet cable gives a more stable link and one less attack surface.
- Hide your main Wi-Fi network’s SSID
The SSID is the name of your Wi-Fi network. Hiding it won’t make you invisible to seasoned hackers, but your network no longer shows up in the list of nearby networks: one extra layer of discretion, ideal for the average household. Anyone connecting will then need both the name and the password.
In the router’s admin panel (often 192.168.1.1), under “Wi-Fi settings”, uncheck “Broadcast SSID”, save, then type the network name manually on each device.
- Change the router’s default admin credentials
Your router or ISP box ships with factory login details, often “admin” and “admin”, that anyone can find online in three seconds. Whoever controls that panel controls your entire network: replace these credentials with a long, unique password the moment you set it up.
Open the router panel (typically 192.168.1.1 in the browser), sign in with the factory credentials, then under “Security” or “Account settings”, choose a strong password and store it in your manager.
- Set up a guest Wi-Fi network for visitors
Hosting friends or family shouldn’t open your personal devices to everyone. A guest network separates visitors from your main network: even if a guest’s phone is infected, the malware can’t reach your computers and sensitive data. Most recent routers offer this in a few clicks.
- Prefer a personal router over your ISP’s
ISP routers are convenient because they come preconfigured, but they cap what you can tune. A personal router hands you full control: advanced firewall, guest networks, finer parental controls, VPN at the network level, segmentation. If you want to secure your home in depth, this is where it starts.
- Change the default password on every smart device
I never tire of this story: a high-end casino had its database siphoned off because of a single connected aquarium thermometer left accessible from the internet with no protection. Every connected object is a potential doorway. From the moment you install it, replace the default password with a strong, unique one saved in your manager.
Go to the device’s admin panel (through its app or IP address), open the “Security” or “Account” section, and replace the factory password with a unique one.
- Rename your smart devices with generic names
By default, a device announces itself on the network with its exact brand and model, which hands an attacker the known vulnerabilities to try. Generic names hide that clue, and distinct names help you spot a stranger in your device list at a glance.
- Turn off smart-device mics and cameras when unused
Mics and cameras make our devices convenient and make us vulnerable. Hackers, but also legitimate apps, can tap them to spy on your private life, sometimes without explicit consent. Prefer a physical cutoff, a switch or a lens cover: a mere software toggle can be re-enabled remotely without you knowing.
- Check what data a device collects before buying it
A connected object always means your data gets exploited. Before you buy, find out: what information the device gathers, why, where it’s stored and how it’s protected. You wouldn’t want your whole private life ending up on a faraway server, in a country with no real data protection.
- Read the privacy policy before accepting
If these documents feel too complex, that’s no accident: the legal jargon is there so you click “Accept” without reading them. Two tools help: paste the policy into a generative AI for a clear summary, and check ToS;DR, which demystifies at a glance what you’re really agreeing to.
Paste the policy into a generative AI for a concise explanation, or check the service on tosdr.org before creating an account.
- Disable data sharing with third parties
In the privacy settings of every app and every device, switch off third-party data sharing to limit who reaches your information. Review these settings regularly: an update often quietly re-enables options you had turned off.
- Regularly update firmware on the router and smart devices
Firmware is a device’s software brain, and like any software it has flaws that hackers exploit. A smart object that’s never updated becomes a wide-open door. Turn on automatic updates where you can, and otherwise get into the habit of checking manually after each vendor patch.
- Don’t expose your critical devices directly to the internet
Remember the casino: the attackers went through a harmless object to reach the internal network and steal sensitive data. Keep offline, or behind an isolated network, whatever truly matters: home security system, thermostat, medical equipment, any device with an essential function. Fewer entry points, fewer possible attacks.
- Stay cautious with voice assistants
Alexa, Google Home or Siri listen constantly for their wake word, and sometimes record snippets of conversation without you being aware of it. Mute the mic when you don’t need it, and regularly review the privacy settings to control what’s stored and shared.
- Monitor the devices connected to your network
An intruder on your network shows up as an unknown device or abnormal traffic. Using your router’s management app or a dedicated tool, review the list of connected devices and set up alerts for repeated connection attempts or unusual traffic volume. You’ll react before the intrusion takes hold.
- Segment your network: a separate VLAN for smart devices
Picture your home as a castle. If everyone uses the same main entrance, an intruder who gets through reaches everything. By creating a separate entrance for your smart devices (a guest network or VLAN) and another for your computers and phones, you raise a barrier: if a camera or a thermostat is compromised, your personal data stays out of reach.
On a recent router, enable a guest network or a dedicated VLAN, then move all smart devices (cameras, thermostats, bulbs) onto it. Keep computers, smartphones and NAS on the main network.
Secure messaging
- Move your sensitive conversations to an end-to-end encrypted messenger
By default, on SMS, social media or email, someone can read over your shoulder, the platform most of all. On Signal, only you and your recipient hold the key, no one else, not even the app. Start by moving whatever is genuinely private there.
Install Signal, invite the people close to you, and get in the habit of switching over the moment a topic turns sensitive.
- Understand what encryption protects, and what it does not
End-to-end encryption hides the content of your messages, not the fact that you are talking. Who writes to whom, when, how often: that metadata stays visible and already says a great deal. Encryption is essential, but it does not make you invisible.
- Turn on disappearing messages for your sensitive chats
A message that no longer exists cannot be stolen, seized, or dug up ten years from now. Set an automatic timer on sensitive conversations: what needs saying stays said, what needs erasing erases itself, on both ends.
In Signal, open the conversation and set 'Disappearing messages' to a suitable timer (a day, a week).
- Verify a contact’s safety number before critical exchanges
Encryption assumes you are talking to the right person, not an impostor slipped into the middle. The safety number (or QR code) confirms the line has not been hijacked. Check it in person or over another channel for the conversations that truly matter.
In Signal, open the contact’s profile, tap 'Verify safety number', then compare or scan the QR code together.
- Lock your messaging app with a passcode or biometrics
Your unlocked phone sits on a table for two minutes and everything becomes readable. An app-specific lock adds a door: even with the phone in hand, no one gets into your conversations without the code.
In the app’s privacy settings, enable screen lock and require the passcode or fingerprint on open.
- Hide message previews on the lock screen
By default, the start of every message shows on the lock screen: anyone next to you reads it without even touching the phone. Turn previews off so a notification announces a message without revealing its content.
In the app’s (or system’s) notification settings, hide content and keep only 'New message'.
- Never trust a secret to SMS
SMS travels in the clear: your carrier reads it, it gets stored, it gets intercepted. It is a postcard, not a sealed letter. Banking codes, passwords, sensitive details: all of that deserves an encrypted channel, never SMS.
- Be wary of messengers that are not end-to-end encrypted by default
"Encrypted" does not mean "end-to-end encrypted". Telegram, for instance, only protects its cloud chats up to its own servers, where it can read them: true end-to-end encryption is a buried option there, never on by default. Check who holds the key before you trust it.
- Prefer a messenger funded by a foundation, not by advertising
When the service is free and lives off advertising, your attention and your data are the product being sold. A messenger backed by a non-profit foundation has no reason to profile you: its business model is aligned with your privacy, not against it.
- Encrypt and protect your message backups
Your messages may be encrypted in transit, but a plaintext backup on the cloud or your computer becomes readable again by whoever reaches it. Turn on an encrypted backup, write the recovery phrase down carefully, and do not store it next to the backup.
In Signal, enable encrypted backups and keep the restore phrase in your password manager.
- Regularly review the devices linked to your messenger
An encrypted messenger can be paired with a computer or tablet that receives a copy of everything. A forgotten linked device, or one added without your knowledge, is a permanent ear in your conversations. Go through the list and remove anything you do not recognize.
In Signal, open 'Linked devices', check each session and delete the unknown ones.
- Understand what is at stake with Chat Control: client-side scanning breaks encryption
End-to-end encryption only holds if no one reads before you hit send. Client-side scanning installs exactly that: an informer inside your phone that inspects every message before it leaves. It is a backdoor, and a backdoor always ends up serving people other than the ones it was opened for.
VPN & DNS filtering
- Use a VPN to encrypt your connection and hide your IP
A VPN builds an encrypted tunnel between your device and the internet: nobody along the way can read what passes through, and your real IP address vanishes behind the server’s. It’s the baseline for making your activity unreadable to your ISP, advertisers and snoops.
- Don’t mistake a VPN for anonymity, or use it for anything illegal
A VPN hides your IP and encrypts your data, but it doesn’t make you invisible or above the law. In October 2023, the people behind France’s bomb hoaxes were identified despite their VPN: an investigation can trace it back.
- Enable the kill-switch to cut the internet if the VPN drops
At the slightest drop between the VPN and the site, your device falls back to your normal connection and you become visible to everyone without even knowing it. A kill-switch cuts the internet entirely until the tunnel is back, so you never leak.
- Compare providers before choosing your VPN
Not all VPNs are equal, and a free VPN is often paid for with your data. Take the time to read the reviews, the logging policy and the audits before you hand all your traffic to someone.
- Consider an all-in-one bundle rather than stacking apps
Some providers bundle VPN, antivirus and DNS filtering into one coherent package, like Bitdefender or Sophos. The goal isn’t to stack layers for fun, but to have protection that’s consistent and easy to manage.
- Set up DNS filtering to block malicious sites
DNS filtering acts like a guard at the door: it blocks access to malicious sites before the page even loads, so before malware or phishing reaches your device. It’s a layer that works upstream, without you having to think about it.
- Use DNS filtering as parental control
The classic parental control is nothing more than DNS filtering that blocks content unsuitable for children, like adult sites or gambling. Setting it at the DNS level covers every device in the home at once.
- Don’t assume DNS filtering replaces an antivirus
DNS filtering blocks a lot of dangerous sites, but it can’t do everything and some will slip through the net. Keep an antivirus and above all keep your guard up: no filter is perfect.
- Choose your DNS filtering provider carefully
As with a VPN, your DNS provider sees every request you make, so choose it with care rather than stacking bricks at random. Compare the options and consider packages bringing DNS, antimalware and the rest together to avoid piling up apps.
Online payments
- Harden the password and 2FA on your payment accounts
Your shopping and banking accounts hold everything needed to drain you: they are the first to harden. A strong, unique password plus two-factor, and a stolen login is no longer enough to place an order in your name.
- Check a merchant site’s reputation and legitimacy
Before you pull out your card, a basic reflex we forget far too often: look up the reviews, the legal notice and the privacy policy. A two-minute detour on Google or Trustpilot sniffs out most scams before it is too late.
- Check the URL and spot fake websites
Scammers clone legitimate sites pixel for pixel, with a URL that differs by only a subtle detail: a typo, an odd character, an over-long domain name. Read the whole address before you enter any information.
- Type the URL directly or use your bookmarks
Rather than clicking a link from an email or found at random, type the site’s address yourself or use your bookmarks for the sites you visit often. If in doubt, call the company on a number found from a trusted source, never the one shown on the suspicious site.
- Be wary of sponsored links at the top of search results
Scammers buy Google ads to push their fake sites to the very top of the results, right where we click without thinking. Always check the URL of a sponsored link before clicking, and lean on a browser extension that vets site safety.
- Compare prices and be suspicious of flash sales
An unbelievably low price is not a gift, it is often bait that plays on your impulsiveness. Use a well-known price comparison site to learn the average price, and take your time with flash sales that claim to be limited.
- Never send your payment details over an unsecured channel
No legitimate merchant will ask for your card number by email, text or social media message: those channels are intercepted far too easily. If a hotel asks for that information, ask them what secure method they offer instead.
- NEVER save your card details on a site
Saving your card to gain three seconds means leaving its details in the site’s database, and no database is unbreakable. The day that merchant gets hacked, your card goes with the rest: re-enter your details on every purchase.
- Use a secondary bank account dedicated to online shopping
Set aside a separate account for your online shopping and keep only the amount needed for your planned spending. In case of fraud, only that buffer account is exposed and your main savings stay intact.
- Use a virtual bank card for your online payments
A virtual card generates a temporary number, often valid for a single transaction, with a limit you set. If stolen, that number is useless, and many banks or apps offer it straight from your smartphone.
Public Wi-Fi
- Be wary of open Wi-Fi networks with no password
An open network asks for no password and encrypts nothing: it is the most convenient, and by far the most vulnerable. Treat every free hotspot as a noisy public place where anyone can eavesdrop.
- Turn on a VPN the moment you join public Wi-Fi
On a public network, your data can be exposed to third parties, whether cybercriminals, network admins or other users. A VPN encrypts everything leaving your device, making it unreadable to anyone trying to intercept it.
- Avoid sensitive sites on a public network
On public Wi-Fi, especially without a password, someone in range can listen in and intercept what you send. Using it for your bank or to enter a card number is like shouting your secrets across a crowded hall: wait until you are on a trusted connection.
- Disable file and device sharing
File sharing lets other devices on the network reach yours: handy at home, dangerous on a public network. Left on, it is an open door through which a stranger can read your files, alter them or drop malware.
- Disconnect and forget the network once you are done
As long as your device stays connected to public Wi-Fi, it stays vulnerable, even if you are not actively browsing. Disconnect as soon as you are done and choose “Forget this network” so you do not reconnect by accident.
- Turn off automatic connection to Wi-Fi networks
With auto-connect on, your phone latches onto unsecured networks by itself the moment it sees them, without asking you. Turn it off so you consciously choose every network you join.
- Prefer 4G/5G tethering over public Wi-Fi
Sharing your smartphone’s mobile data is often safer than any public Wi-Fi, because it runs over your carrier’s encrypted network. When you have the choice, tethering simply sidesteps the problem.
- Protect your mobile hotspot with a strong password
Your tethering hotspot is a doorway into your device and your data plan: without a solid password, anyone in range can hop on. Set a strong password for your hotspot to block any unauthorized access.
- Watch your usage and switch tethering off after use
Tethering draws on your data plan, so keep an eye on usage to avoid extra charges. Switch it off as soon as you no longer need it: you save battery and shrink the attack surface.
Social engineering
- Always check the sender’s address on an email
Vigilance is your first line of defense. A "support@mybank123.com" in place of "support@mybank.com" is enough to give the scam away, as long as you take three seconds to read the full address.
- Never answer a sensitive request without going through an official channel
An email pressuring you to "update your information within 24 hours" plays on fear to bypass your judgment. Don’t reply: contact the organization yourself, through its official phone number or known website, never through the contact details given in the message.
- Don’t click links or open attachments in a suspicious message
Links and attachments are the most common way to deploy malware or redirect you to a fake page. When in doubt, don’t click: verify through another channel first.
- Add a decoy title to your name on non-essential sites
Sign up as "Dr" or "Lord" So-and-so on secondary shops and forums. The day an email addresses you by that fake title, you know instantly where the leak came from and that it’s very likely a phishing attempt.
At sign-up, add a title before your name, note the choice somewhere safe, and keep it consistent from one site to the next.
- Be wary of any unsolicited notification
Hackers exploit distraction and emotion: a notification that makes you react strongly is very often a trap. Whether it comes by email, text or pop-up, one rule applies, stay politely paranoid.
- Redact your personal data before sharing a document
Before sending a file, take the time to check what it really contains: address, phone number, email. Word, Google Docs or Acrobat can hide or remove that information in a few clicks, and keep you from sharing more than you meant to.
- Don’t treat HTTPS or the padlock as proof of safety
HTTPS encrypts the connection between your browser and the site, but says nothing about whether the site itself is honest. These certificates are free and available to anyone, scammers included: the padlock reassures, it guarantees nothing.
- Unsubscribe from useless newsletters
Every unsolicited email is one more chance to trap you with a malicious link or attachment. Sorting through and unsubscribing cuts the clutter in your inbox and, above all, your attack surface.
Look for the unsubscribe link at the bottom of the newsletter, or the unsubscribe option some mail apps like Gmail show at the top of the message.
- Never hand over personal information when unsubscribing
Under the GDPR, your email address alone is enough to process an unsubscribe request. If a form asks for more, be suspicious: everything else is superfluous and may hide an abusive data grab.
Phishing & scams
- Build critical thinking and friendly skepticism
Behind every cyberattack are humans manipulating other humans: nearly 90% of attacks rely on some form of social engineering. Always question unusual requests and offers that seem too good, while staying courteous, that is your best defense.
- Recognize email phishing
Phishing blasts out emails that look like they come from a trusted source, a bank or an online service, to lure you into entering your credentials or card number on a fraudulent site. The fake "account locked" notice demanding immediate action is the classic example.
- Recognize spear phishing, phishing made to measure
Unlike mass phishing, spear phishing targets one specific person and uses your personal details, your first name, your employer, your tools, to look credible. The more a message seems to know you, the more it deserves your caution.
- Recognize smishing, phishing by text message
Smishing spoofs a text from a known institution, the tax office or your bank, to make you click a malicious link. A "service-tax-gov-info.com" is not the official government site: don’t click, go straight to the real one.
- Recognize vishing, the phone scam
On the phone, the crook poses as your bank, a government body or a company’s support desk to extract a verification code or your banking details. No serious organization asks for that over a call: hang up and call the official number back.
- Be wary of urgent money requests that play on emotion
A "sick" relative, "lost documents", a sum to settle within the minute: scammers mix money, urgency and emotion to short-circuit your common sense. The more pressing a money request, the more it should alarm you.
- Refuse any payment by prepaid vouchers (PCS, Transcash, Neosurf)
These prepaid vouchers are an anonymous, untraceable payment method beloved of scammers. The moment those names come up in a conversation, especially with a stranger or in an online sale, it is almost always the sign of a scam.
- Be wary of quick winnings and offers that are too good
Promises of easy money, outsized rewards for minimal effort, or products at unbelievably low prices usually hide a scam. If it looks too good to be true, it is.
- Spot spelling mistakes and odd phrasing
Typos, shaky grammar and strange turns of phrase often betray a message written by someone who isn’t fluent in the language, or by a machine translator. Generative AI weakens this signal, but it is still a good first filter.
- Never pay for a rental without a trusted third party
Never pay for an apartment or a rental directly unless you are absolutely certain the listing is real. Go through a trusted third party, an agency or a platform like Airbnb, which secures the payment and protects you if it all falls apart.
- Check a photo’s origin with a reverse image search
Between generative AI and software that fakes a webcam from stolen videos, it is easy to believe you are "facing" a real person. A reverse image search, through Google Images for instance, often reveals where the photo or video actually came from.
Save the suspicious photo, drop it into Google Images or a reverse search engine, and see whether it appears elsewhere under a different identity.
Backups
- Back up your data to a cloud and/or an external hard drive
A disk failure, a virus or a simple human error can wipe out your family photos and work documents in one blow. A backup "saves the day": the cloud is handy for your phone, an external drive for a big folder, and often both beat either one alone.
- Apply the 3-2-1-0 rule
The industry best practice fits into four numbers: 3 copies of your data, on 2 different types of media, with 1 kept offline out of ransomware’s reach, and 0 errors by regularly checking that your files still open. It is the simplest guide to never losing everything.
- Schedule regular, automatic backups
Think of a backup like watering a plant: too spaced out and it is useless. A manual backup is easily forgotten in a busy schedule, whereas automation, easy to set up today on Windows or macOS, keeps your data current with no effort.
- Encrypt your backups
Encryption turns your data into a code that is unreadable without the key: even if someone gets hold of your backup, they cannot make anything of it. It is nearly automatic today, but check in the settings that the encryption option is actually turned on.
- Test restoring your backups
A backup is only worth something if it actually restores when the day comes. Run the drill in calm conditions: better to find a problem now, on a test file, than the day you have lost everything.
Open your backup software, select the backup you want, restore a few files or the whole set, then confirm they are accessible and working.
Physical security
- Put a cover or a sticky note over the webcam
Spyware can switch your camera on without the indicator light ever coming on, and you would never know. A cheap sliding cover, or a piece of opaque tape, closes the question for good.
- Use a privacy screen filter
On the train, in a café or in an open space, the person next to you reads your screen as well as you do. A privacy filter blacks out the display when viewed from an angle and keeps your documents for your eyes only.
- Never leave a device unattended in public
Thirty seconds is all a stranger needs to plug in a USB stick, walk off with the laptop or glance through your messages. A device left alone on a café table is no longer really yours.
- Manually lock your screen the moment you step away
Automatic locking can take several minutes to kick in, plenty of time to leave a window open for anyone walking by. Build the reflex of locking it yourself, even just to grab a coffee.
Windows: Windows key + L. macOS: Ctrl + Cmd + Q. Make it automatic.
- Type your passwords out of sight
A long, unique password is worthless if the person in the next seat watched you type it. Shield your keystrokes, angle the screen, and be wary of security cameras mounted overhead.
- Turn on your device’s theft protection
If your phone is stolen while unlocked, the thief can drain your accounts before you have even reacted. This protection adds a delay and a biometric check on sensitive actions whenever you are away from your usual places.
iPhone: Settings > Face ID & Passcode > Stolen Device Protection. Android: Settings > Security & privacy > Theft protection (theft detection, remote lock).
- Keep backup codes and security keys under lock
Your 2FA backup codes and your physical key are master keys: a photo on the fridge or a key left lying around cancels out all your security. Store them in a locked drawer or a small safe, apart from the device they protect.
- Wipe and factory-reset a device before parting with it
Simply deleting files leaves your data perfectly recoverable by the next owner. Before you sell, give away or recycle it, sign out of your accounts and then run a full factory reset.
Sign out of your accounts (iCloud, Google), disable activation lock, then reset to factory settings. Check beforehand that the disk was actually encrypted.
- Set up your VPN and hotspot before you need them
In the field, you don’t install a VPN once you are already connected to a sketchy Wi-Fi: it’s too late. Configure your VPN and your own mobile hotspot ahead of time, so you never have to rely on an unknown network at the worst possible moment.
The tools
Encrypted messaging
- Signal — The end-to-end encryption standard: open protocol, funded by a foundation and not by your data. It is also the one Chat Control would structurally endanger.
- Threema — End-to-end encrypted and usable without a phone number or email: you exist as a random ID with nothing tied to your identity. Hosted in Switzerland, one-time purchase, no subscription.
- Molly — A hardened Signal client for Android: it encrypts the local database at rest and locks the app after a timeout, useful if your phone is seized or stolen. It talks to the Signal network, so your contacts change nothing.
- SimpleX Chat — The only one that gives you no identifier at all, no number and no account, so there is no contact graph for it to hand over. The top choice when the metadata of who talks to whom is exactly what you want to hide.
- Session — A Signal fork that drops the phone number: you create an account from a simple recovery phrase, and your messages travel through an onion-routing network that hides your IP address. Audited by Quarkslab, with no central server to subpoena for your metadata.
- Element — Built on the open Matrix protocol: end-to-end encrypted and decentralised, and you can even run your own server. Handy for a family, a group or a team that wants to keep control.
- Briar — A messenger that does away with servers entirely: messages travel peer to peer over Tor, and even with no Internet, over Bluetooth or local Wi-Fi. Built for activists and journalists when the network is cut off or watched, open source and free.
Email & aliases
- Proton Mail — Encrypted inbox, Swiss jurisdiction, a business model aligned with the user. To transition, start by routing sensitive accounts there: banking, health, government.
- Tuta — End-to-end encrypted inbox, including the subject line and address book, hosted in Germany. A solid alternative to Proton for moving your sensitive accounts off mailboxes that read you.
- SimpleLogin — Generates a throwaway address per service that forwards to your real inbox without ever exposing it. Spam arrives, you kill the alias, and you know exactly who sold your address.
- addy.io — Same idea as SimpleLogin: a unique address per service that hides your real inbox and can be switched off in one click. Open source, with a generous free tier and the option to self-host the whole thing.
- mailbox.org — A paid, privacy-focused inbox hosted in Germany under EU law, with message encryption and a real online suite (calendar, contacts, documents). The understated alternative to Proton and Tuta for anyone who wants a full set of tools without feeding advertising.
Passwords & 2FA
- Bitwarden — Open source, audited, free for the essentials. The best manager is the one you’ll actually use, and this one leaves no excuse not to start.
- Proton Pass — The password manager from the Proton ecosystem: an open-source, audited vault with built-in email aliases and a 2FA generator. A good fit if you already live in Proton and want everything in one place.
- KeePassXC — A fully local vault, no cloud and no account: the encrypted file stays on your machine and you back it up yourself. Ideal if you would rather hand nothing to a third-party service.
- KeePassDX — The Android counterpart to KeePassXC: a fully local vault that opens the standard .kdbx files, with no cloud and no account. Ideal for carrying your vault on your phone while keeping the key to yourself, with fingerprint unlock.
- 1Password — Paid and not open source, but very polished and regularly audited, with a travel mode that hides vaults when you cross a border. A comfortable choice, especially for families and companies.
- Ente Auth ou Aegis — An authenticator app beats SMS, a physical key beats the app. Step up on the accounts that carry your life.
- 2FAS Auth — An open-source 2FA app, simple and with no mandatory account: it generates your one-time codes offline and can back them up encrypted. A clean alternative to Google Authenticator, with no ties to an advertising giant.
- YubiKey — A physical key requires real presence to sign in: it won’t be fooled by a fake login page, unlike SMS or a code.
- Vaultwarden — A Bitwarden-compatible server rewritten to be tiny: you host your own vault at home, on a plain Raspberry Pi, while keeping the official Bitwarden apps. The pick when you want cloud convenience without trusting anyone with your passwords.
Browser & extensions
- Firefox — The only major browser still backed by a foundation rather than an advertising giant. Configurable, resistant to tracking, and the base you plug uBlock Origin into.
- LibreWolf — Firefox with the telemetry stripped out and privacy turned on by default: uBlock Origin bundled, tracking and fingerprinting reined in from the first launch. The pick if you like Firefox but want everything locked down out of the box, without an hour in the settings.
- Brave — Chromium under the hood but stripped of Google telemetry, with ad and tracker blocking on by default. A good compromise if you need sites that only love Chrome but still want tracking cut off.
- Mullvad Browser — Built by the Tor Project and Mullvad to make you look ordinary: everyone looks the same, so your browser fingerprint no longer gives you away. Use it with a VPN, and don’t log into your accounts.
- Tor Browser — The browser that routes your traffic through three relays of the Tor network: neither the site you visit nor your ISP sees who you are and what you read at the same time. The reference when anonymity is not a nice-to-have but a necessity. Don’t resize it, don’t log into your accounts.
- uBlock Origin — The gold-standard ad and tracker blocker, light and effective, on every browser. Blocking ads also blocks the web’s number-one infection vector. Set nothing: the default lists are enough.
- Privacy Badger — Made by the EFF, it learns on its own to spot the trackers that follow you from site to site and shuts them down. A good complement to uBlock Origin, with nothing to configure.
- Cromite — A hardened Chromium for Android, the successor to Bromite: ad blocking built into the engine, anti-fingerprinting and telemetry removed. A good pick on the phone if you stay on a Chromium base but want Google’s tracking cut off.
Search engine
- DuckDuckGo — Your search history is the diary you didn’t know you were keeping. Handing it to an engine that doesn’t store it is an immediate win.
- Startpage — Google’s results without the ad profile: Startpage acts as a buffer and keeps neither your history nor your IP address. Handy when you want Google quality without the tracking.
- Brave Search — Its own index, independent of Google and Bing, which is rare and matters for a diverse web. Free and tracking-free, right in your browser.
- Qwant — A French engine that doesn’t track you or build a profile, hosted in Europe. A simple choice if you want to stay under EU jurisdiction.
- Mojeek — A British engine running on its own index, built by its own crawler: no Google or Bing behind the results, which is exceedingly rare. No tracking, no ad profile, just a genuinely independent source for the web.
- SearXNG — An open-source metasearch engine that queries dozens of engines on your behalf and returns the aggregated results, without ever passing along your profile. Pick a public instance on searx.space, or host your own so you depend on no one.
- Kagi — A subscription search engine, precisely so you are not the product: no ads, no ad profile, and the option to tune or block domains in your results. An honest, upfront model where you are the customer and not the advertiser.
VPN & DNS filtering
- Proton VPN — Open-source, audited apps, a no-logs policy, and above all a genuine free tier with no data cap, which is rare and honest. The ideal way in to test a serious VPN.
- Mullvad VPN — The most radical on anonymity: no account, just an account number, and you can even pay in cash by post. Flat price, open-source audited apps, and no data to sell.
- IVPN — Same philosophy as Mullvad: no logs, audited, anonymous accounts, and it deliberately refuses the misleading “VPN makes you invisible” marketing. A serious option if you want a trustworthy third choice.
- NextDNS — Customisable DNS filtering that blocks ads, trackers and malicious sites before they even load, across all your devices at once. Doubles as parental control.
- Quad9 — A free public DNS resolver, run by a Swiss non-profit, that blocks known malicious domains before they even load. Set it in one line on your phone, computer or router.
- AdGuard DNS — A DNS resolver that blocks ads, trackers and malicious sites before they load, across all your devices at once, with a dashboard and customisable filters. Free tier with no account, paid plan for fine-grained settings and statistics.
- AdGuard Home — The version you install at home: a filtering DNS server, open source and free, that blocks ads and trackers for the whole household network, router and smart devices included. Close to Pi-hole, with encrypted DNS built in and a polished interface.
Encryption & backup
- VeraCrypt — Creates encrypted volumes or encrypts a whole drive, including a USB stick you carry around. Publicly audited, it’s the reference when a lost or stolen computer must reveal nothing.
- Cryptomator — Encrypts your files before they land on Dropbox, Google Drive or iCloud, file by file. The provider stores gibberish, you keep the key, and nothing changes about how you sync.
- Picocrypt — A tiny tool that encrypts a file with a password and nothing else: no install, no account, XChaCha20 and Argon2id under the hood. Audited by Radically Open Security with no major issues, now frozen but perfectly stable. Ideal for a single sensitive file to send or stash.
- GnuPG (Kleopatra) — The classic building block of public-key encryption: sign and encrypt files or emails that only you and your recipient can open. Kleopatra gives it a graphical interface so you can skip the command line.
Storage & file sharing
- Proton Drive — The Google Drive of the Proton ecosystem: your files are end-to-end encrypted before they leave the device, filenames included. Swiss jurisdiction, open-source audited apps, and a free tier to start moving your documents off the clouds that read you.
- Filen — An end-to-end encrypted cloud, hosted and built in Germany, with open-source apps anyone can inspect. The most affordable price in its class and 10 GB free with zero knowledge: the provider never sees your files.
- Nextcloud — Your own cloud, at home or on a host you trust: files, calendar, contacts and photos under your sole control, with no reliance on a tech giant. Open source, extensible, and perfect for a family or a group that wants to take its data back.
- Ente Photos — The end-to-end encrypted alternative to Google Photos and iCloud: your memories upload encrypted, with automatic backup, shared albums and a family plan. Open source and audited by Cure53. From the same team as the Ente Auth authenticator.
- OnionShare — Shares a file straight from computer to computer over the Tor network: no middleman server stores anything, and your contact gets a temporary .onion address. The right move to hand over a sensitive document without trusting a cloud with it.
- Magic Wormhole — Sends a file from one machine to another with a short code of a few words, end-to-end encrypted and with no cloud in between. You read the code out loud or over the phone, the transfer opens then closes: nothing lingers anywhere.
- PairDrop — A universal AirDrop that works right in the browser: open the same page on two devices on the same network and send your files locally, with no install and no cloud. Open source and self-hostable, ideal for moving a photo from phone to computer without routing it through the Internet.
- Immich — The self-hosted alternative to Google Photos: automatic backup from the phone, albums, search and face recognition, but everything runs on your own server. Open source and free, to keep years of memories without handing them to a giant that mines them.
System & mobile OS
- GrapheneOS — A hardened Android with no Google services by default, built for Pixel phones: it toughens the system deeply, sandboxes apps and keeps any Google account optional and contained. Today’s high point for a smartphone that doesn’t spy on you.
- /e/OS (Murena) — A de-Googled Android backed by a non-profit foundation, with its own suite (mail, calendar, cloud) and an app store that flags trackers. Installable on many models, or preloaded on Murena phones if you would rather not tinker.
- LineageOS — The community successor to CyanogenMod: a clean Android with no manufacturer skin, available for a long list of devices, often well past the end of official support. Great for extending an old phone’s life while scrubbing out the factory bloat.
Notes & productivity
- Standard Notes — An end-to-end encrypted notebook, plain and distraction-free: neither the service nor an attacker can read what you write. Open source, audited by Cure53 and Trail of Bits, with a free tier that easily covers the essentials.
- Joplin — An open-source notes and to-do app, with end-to-end encryption and sync of your choice: your own cloud, Nextcloud, or local only. Everything is Markdown, so your notes are genuinely yours and export with no format lock-in.
- CryptPad — An encrypted take on Google Docs, all in the browser: documents, spreadsheets, kanban boards and forms you edit together while the server can read none of it. Built in France by XWiki, open source, with documents you can share without even creating an account.
- Notesnook — An end-to-end encrypted notebook designed to be simple and cross-platform, open source down to the server. A good modern middle ground if Standard Notes feels too austere: the same privacy guarantees, a gentler interface.
Office suite
- LibreOffice — The reference free office suite, backed by a foundation: word processor, spreadsheet and slides that run locally, with no subscription, no account and no cloud reading your documents. It opens Microsoft formats, so you are locked into no vendor.
- OnlyOffice — An office suite whose layout stays closest to Word, Excel and PowerPoint: handy when you swap .docx or .xlsx files and want no rendering surprises. Open source, usable locally or on your own server, with a free tier and paid plans for collaboration.
- Collabora Online — Real-time document editing in the browser, in the style of Google Docs, but hosted by you: text and spreadsheets stay on your server, never with a third party mining them. Built on LibreOffice, it plugs into Nextcloud for an online suite fully under your control.
Maps & navigation
- Organic Maps — A maps and navigation app built on OpenStreetMap, fully offline and tracking-free: download the maps once, then drive or walk with no server logging your movements. No ads, no account, no data collection.
- OsmAnd — The other big offline OpenStreetMap app, richer in options: cycling and hiking routes, contour lines, voice navigation. A bit denser than Organic Maps, but unbeatable if you want to tune everything without handing anything to Google Maps.
Metadata & cleanup
- Scrambled Exif — Before you share a photo, its EXIF data gives away the place, time and device: this small Android app wipes them from a simple share. It slots into the Share menu, you pick Scrambled Exif, and the image comes out clean.
- ExifCleaner — The desktop counterpart: drop your photos, videos or PDFs into the window and it strips the hidden metadata (GPS location, device model, date) in one go. Open source, on Windows, Mac and Linux, so you never publish more than the image itself.
- MAT2 — The Metadata Anonymisation Toolkit: it strips the hidden metadata from your images, PDFs, office documents, audio and video, in a single command or a right-click. Open source and free, it’s the engine many other tools rely on so you never publish more than the file itself.
Ethical social media
- PixelFed — Photo sharing in the style of Instagram, but ad-free and algorithm-free: no gamed feed, no data harvesting to resell your attention. Open source and free, on independent servers with no single company in charge.
Removing your traces
- JustDeleteMe — A directory that lists, service by service, where and how to delete your account, colour-coded from easy to nearly impossible. The concrete starting point for shrinking your footprint: close the accounts you no longer use before they leak.
- Redact — Wipes your old posts, photos and likes in one sweep across dozens of platforms, from X to Reddit to Discord and Facebook. Ideal for scrubbing years of public traces you no longer want resurfacing, with filters by date or keyword.
- Cyd — A local app that erases your old tweets, likes and messages on X, plus your posts on Bluesky, working from an archive downloaded to your own machine. The successor to Semiphemeral, open source, to take back control of what these networks keep on you.
- BleachBit — Empties the caches, logs and temporary files your system and apps pile up, and can overwrite free space to make deleted files unrecoverable. Open source and free, on Windows and Linux, to wipe the crumbs you thought were already gone.
- Universal Android Debloater Next Generation — A desktop tool that strips the preinstalled, useless apps (bloatware) from your Android, with no root at all, just by plugging it in over USB. Open source and free, with lists that explain each package so you disable only what you truly want gone.
Checks & privacy
- Have I Been Pwned — Enter your email, find out which leaks affect you, change those passwords first. A leak never dies, but you can make it useless.
- ToS;DR — Demystifies privacy policies and terms of service at a glance, so you know what you’re really accepting before you click “Accept”.
- AmIUnique — Test the fingerprint your browser leaves: you can be identified even without cookies, by your fonts, resolution and extensions. Awareness is already a defense.
- Cover Your Tracks — The EFF tool that shows in real time how trackers and your browser fingerprint follow you, and whether your defenses actually hold. A good complement to AmIUnique to check that your blocker is really doing its job.
- Exodus Privacy — Scans Android apps and lists the trackers and permissions hidden inside, before you install them. Enough to see which ones quietly spy on you and choose with your eyes open.
- Bloctel — France’s official free do-not-call registry. Add your number and shut the most ordinary front door of phone scams.
- Canarytokens — Decoy files or links that alert you the moment someone touches them: a tripwire in your data that reveals an intrusion before the damage. Free.
The glossary
- Add-ons store
- Online platform for downloading and installing extensions or software add-ons.
- Adware
- Software that displays advertisements on the user's computer, often without their consent.
- AES-256
- Advanced encryption standard using 256-bit keys to secure data.
- Antimalware
- Software designed to detect, prevent, and remove malicious software.
- Antivirus
- Software designed to detect, prevent, and remove computer viruses and other types of malicious software.
- App Store
- Digital distribution platform for mobile applications developed by Apple.
- Availability (of data)
- Principle ensuring that information is accessible and usable on demand by authorized persons.
- BitLocker
- Disk encryption technology built into certain versions of Windows to protect data.
- CIA Triad
- Information security principle based on the confidentiality, integrity, and availability of data.
- CNIL
- National Commission on Informatics and Liberty, the French authority for personal data protection.
- Confidentiality (of data)
- Principle aimed at limiting access to information to authorized persons.
- Cookie
- Small file stored on the user's computer by a website to record specific information.
- Cryptocurrency
- Digital currency that uses cryptography to secure transactions and control the creation of new units.
- Cyberbullying
- Online harassment in which individuals are targeted by threats, negative comments, or the sharing of personal content without consent.
- Cybersecurity
- Practices, technologies, and processes designed to protect networks, computers, programs, and data against attacks.
- Dark Web
- Part of the Web accessible only through specific software, enabling anonymity and often associated with illegal activities.
- DDoS
- Distributed denial-of-service attack aimed at making a machine or network unavailable by overloading the system with requests.
- Deep Web
- Part of the Web not indexed by traditional search engines, including databases and secure online services.
- DNS
- Domain Name System that translates human-readable domain names into IP addresses.
- DNS filter
- Security tool that blocks access to malicious or unwanted websites by filtering DNS requests.
- DPO
- Data Protection Officer, responsible for an organization's compliance with data protection laws.
- Encryption
- Process of transforming information into code to secure access to it.
- Entropy (password)
- Measure of the randomness or unpredictability of a password, indicating its resistance to brute-force attacks.
- FileVault
- Disk encryption feature built into macOS to protect stored data.
- Firewall
- Network security device designed to block unauthorized access while allowing authorized communications.
- GDPR
- General Data Protection Regulation, European legislation aimed at protecting the personal data of EU citizens.
- Hacker
- Person who uses their computer skills to explore, exploit, or secure computer systems.
- Hash (password)
- Encryption function that transforms a password into a fixed string of characters, used to secure password storage.
- HTTP
- Hypertext Transfer Protocol, the foundation of data communication on the World Wide Web.
- HTTPS
- Secure version of HTTP that uses SSL/TLS encryption to secure transmitted data.
- ICANN
- Internet Corporation for Assigned Names and Numbers, the organization overseeing the allocation of unique identifiers on the Internet, including IP addresses and domain names, to ensure the proper functioning and stability of the global network.
- Integrity (of data)
- Assurance that information is accurate and complete and has not been modified in an unauthorized manner.
- IoT / Connected devices
- Everyday devices and objects connected to the Internet, enabling remote interaction and data sharing.
- IP address
- Numerical identifier assigned to each device connected to a computer network using the Internet Protocol.
- Juice jacking
- Attack in which a public USB charger is used to install malicious software on a device or to steal data.
- LAN
- Local area network, a computer network that connects computers within a limited geographic area, such as a home or office.
- macOS
- Operating system developed by Apple for Macintosh computers.
- Malware
- Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.
- Man in the Middle (MITM)
- Attack in which the attacker intercepts and possibly alters communications between two parties without their consent.
- NFC
- Near Field Communication, a technology enabling contactless data exchange over short distances.
- Norton
- Brand of computer security software, notably known for its antivirus solutions.
- Open source
- Software whose source code is accessible to the public, allowing free modification and distribution.
- OpenSSL
- Open-source implementation of the SSL and TLS protocols for encrypting communications on the Internet.
- Phishing
- Online fraud technique aimed at obtaining personal information by impersonating a trusted entity.
- Pop-up
- Advertising or informational window that opens automatically on the user's screen while browsing the Internet.
- Ransomware
- Malicious software that encrypts the victim's files and demands a ransom to decrypt them.
- Skimming
- Fraud technique in which devices are used on payment terminals to steal bank card information.
- Smishing
- Variant of phishing involving the sending of fraudulent text messages to obtain personal or financial information.
- Social engineering
- Psychological manipulation techniques used to obtain confidential information or unauthorized access.
- Spear phishing
- Targeted phishing attack that aims at specific individuals or organizations to steal information or install malicious software.
- Spoofing
- Technique of falsifying a sender's identity in electronic communications to deceive the recipient.
- SSL (Secure Sockets Layer)
- Protocol for securing exchanges on the Internet, the predecessor of TLS.
- TLS (Transport Layer Security)
- Protocol for securing exchanges on the Internet, the successor to SSL, providing secure communications.
- Typosquatting
- Malicious practice of registering domain names resembling popular brands in order to deceive users.
- Vishing (voice phishing)
- Scam technique involving the use of voice communications, such as phone calls, to extract sensitive or personal information.
- VPN (Virtual Private Network)
- Virtual private network allowing a secure and encrypted connection to be created over a less secure network, such as the Internet.
- Vulnerability
- Weakness in a computer system that can be exploited by a threat to breach the system's security.