In our previous lesson on 'Introduction to online safety', you learnt the benefits of staying safe online. You also learned how to spot some of the main online risks. If you haven't yet, you can take that lesson by clicking here.

In this lesson, we will add to what you learnt by giving you some tips you can use to stay safe. So you can begin to feel more confident in keeping yourself and your loved ones safe.


  • Put steps in place to look after your personal safety online.
  • Understand how you can keep friends and family safe.

Read time

15 mins

Top tips

Now that we know a little more about the scams that can happen online let's look at what we can do to stay safe on the internet, with some top tips on keeping yourself safe:


1. Keep things up to date

Whatever device you use, you should make sure you install the latest updates. Scammers can use any weaknesses as a way into your personal details and devices. Companies work very hard to prevent these issues through what are called 'software updates'. 'Software updates' fix issues as they are found and are part of keeping your data safe. So, how do you install them?

Most devices and services will tell you when an update is ready. A prompt will come up on the screen of your device and ask if and when you would like to install. It's best to do this as soon as you can. Updates can require you to restart. So, make sure you have everything you need saved before you click to install. You can also schedule for automatic updates in your settings.

If you haven't recently noticed any notifications like this, it's worth checking for them manually by looking at your Google Play Store, Apple App Store, Windows, or Mac menu settings to see that you are running the latest and most secure software.

2. Use strong and unique passwords

Protect all your accounts with strong passwords and don't re-use them. Services we use online such as email, online banking and shopping sites often require us to create an account and password.

When this is needed you should use a strong password. A strong password is one that can't be easily guessed by scammers or scam software. Easy passwords such as the name of your street or your favourite sports team could easily be worked out by someone wishing to gain access to your account.

Scammers can also use 'password cracking' software which allows them to quickly test and guess passwords for your accounts. Either way, it is best to try and think of something not so linked to you or a popular password like 'password' or '1234'.

One way of coming up with a strong password is to take three random words that you will remember. Put them together and then change some of the letters to make it even harder to guess such as tree summer pepper, which could become Tr45Su@£erPep!3r.

To help stay safe:

  • Never share details like your password, PIN codes and memorable information
  • Don't use the same password twice – If your password is found out by a scammer, they could try using it on other services and gain access to those too


Remembering your passwords

It might sound like it's going to get quite difficult to come up with, protect and remember good strong passwords, but there are ways to make this easier.


These are:

  • Use a browser/password manager – Finding a strong password that we can remember isn’t easy, but there is help. One option we have is a password manager. This is a computer program or browser feature that can come up with strong passwords for your accounts and safely store them for you. This means you can just remember one strong password for your password manager, and it will remember the ones for all your accounts. When you go to log-in to any website where you have an account, it will offer to fill out your password for you. Some password managers will also track to make sure you haven't used any passwords more than once. Plus, they will scan online to check your passwords haven't been shared. One concern you may have with password managers is that if someone did get your main password that they would then have access to all your accounts. This is true and it also applies to your main email account. Your email is likely to be where a request to reset one of your passwords is sent. Using this access, a scammer could change your passwords and take control of your accounts. There are ways around this like setting a strong and new password
  • Two-factor authentication (2FA) – or 'multi-factor authentication' is another really good way of adding an extra layer of safety to your accounts. It does this by adding another security ‘factor’ to your log-in process. It could be a fingerprint scan or a face scan which can check that the person entering the password is you. It could also be a code sent separately. Take your email account, you could add two layers of security to your account which means that when someone tries to log-in, it will ask them to enter a code which has been sent to your mobile number. If a scammer is trying to access your email, they won't have the code sent to your phone and you can deny access. This will also alert you to any attempt to access your account, as you will have received a code you did not request. You can see then how adding two steps to your log in process can reduce some of the concerns we said earlier

3. Choose your secret questions well

Sometimes, websites will ask you to set up a 'secret question'. This is used as well as your password and is there to identify you if you were to forget your password and need to reset it. Sometimes it's just as an extra layer of protection to log-in to your account.

These will often be questions like 'what is the name of your first pet?' 'What is your mother's maiden name?' 'Where did you first meet your spouse?'. The answer to these questions may seem pretty personal, but actually whether you post on social media or not, there's probably a few people who know the answer to those questions other than you. If you post a lot of information online about yourself, scammers can begin to guess the answers to these questions too.


4. Lock your devices

All devices will allow you to set up a screen lock which will appear when someone tries to use the device. This can be a password, a passcode or it can be a fingerprint or face scan. It's always a good idea to have a screen lock on all your devices. You should have them set up to lock after a certain period of inactivity. So, for example, if you lost your phone and someone picked it up, they would be unable to access your personal details and accounts.


5. 'Back up' your data

Your device can take on many helpful roles in your life. It can store files, be a camera and help you communicate and listen to music. Which means that they hold lots of precious data like photos and files. It's always a good idea to double protect this data, or you may risk losing it forever.

If you only store your data on your device, you risk losing the data if your device were lost, stolen, or scammed. Make sure you have a second and separate copy of your data. This will help to make events like these to be less impactful on your life. Having a copy in this way is called having a 'back-up'.

You can create back-ups offline and online. Offline back-ups use devices like 'hard-drives' and 'USBs' to store data off your device. Though these are offline and completely yours to control, they only have a certain amount of storage space.

They are also open to damage, loss, or theft. Meaning, though there's less chance of losing the data on your device and the data on your back-up, there is still a chance. This form of 'backing up' requires a lot of manual work. You need to know what data is on what device and when was the last time you backed up.

Backing up online, on the other hand, has its own ups and downs. When you back up online, you 'hire' secure storage from a company. This means you are reliant on the company, but it often offers far more security and flexibility. It offers more security as usually these companies can invest far more in secure data storage than you could alone.

It offers more flexibility in two ways. Firstly, you can access the data from multiple devices. This means you can log-in and use your files on the go and work on two devices at the same time, like your laptop and mobile, for example. Secondly, if run out of space, you can easily buy more space for your data. Unlike the offline option, there is no worry about which data is stored where. You will continue to see your new added in the same place.

No matter whether you choose online or offline, it is a good idea to do regular back-ups. With online back-ups, the company you choose often allow you to schedule this automatically, with offline you will have to keep track of when your last back-up was. We suggest that you leave your back-ups no longer than the maximum amount of data you are prepared to lose.

6. Take care visiting websites

It's important to know that the website you are visiting is secure. If you can, you should only go to websites of organisations you trust. You should always take care to make sure the website is real and not a copy set up by scammers

There are a few key things to look out for on websites:

  • Take a look at the web address bar – Is it as expected? Is everything spelt correctly? Is there a small padlock next to the address? Does the web address begin with https? All of these are signs that the web address is real. If you see some of the signs we showed you above, you should leave the website and make sure you don't enter any personal details or click anything. Leave the site and check the address through a separate source
  • Spelling and grammar – If you're on a real website, the company should have put time and effort into making sure everything is spelled and written correctly. Of course, mistakes happen, but they should be minimal, especially with a large or reputable company
  • Quality of the website – Again, this one doesn't prove the site is real or fake, but it can be a sign. If the website you're using has poorly created pictures and design, it could be a sign that the website is a fake. Most companies will invest time into making sure their websites look professional and well created. Some smaller businesses may not be able to afford the most beautiful website in the world. So, this might not be as easy to tell. If you're unsure, always navigate away and check the address through a separate source or someone you trust


7. Install a good antivirus and security software

This can be installed on your device as a way of finding, protecting against and getting rid of online threats. You can add it on multiple devices. So, you can protect all your devices using one piece of software.

Once installed, the software runs in the background and can:

  • Scan for and protect against threats
  • Browse more securely
  • Add parental controls
  • Safely store your passwords and personal details
  • Back-up your files
  • Stop people from using your camera to spy on you or even monitor for your personal details being shared by scammers online


8. Check your privacy settings

Just like the social privacy settings we have told you about, your other privacy settings are a big part of keeping safe online. Your personal details can be very valuable to others. So, check you have everything set up as safely as you can. This is your choice as to what level you are happy with.


Somethings you can do are:

  1. Check the settings on your device/s - make sure you are happy that they are set to give you the protection you want.
  2. Check the settings on your browser - make sure it is set up to keep your personal details safe and browse securely
  3. When visiting websites, only accept minimal 'cookies' - These are a tool used by companies to collect data on how you use their websites. This allows them to improve your experiences and to create targeted ads to keep you coming back. They may also share your data with other companies. So always check their cookie settings when a pop-up comes up and choose the options you are happy with
  4. Turn off location tracking, when possible - Location tracking can be a helpful tool. For example, if you're using Google maps, you don't need to know where you are. It will simply navigate you from wherever you are to wherever you want to go. On the other hand, you should ask why a company needs to always know your location. Aim to share this only when you need to and only with companies who really can bring you benefits of doing so
  5. Browse in 'incognito'/'private' mode - Most browsers have a setting which allows you much more privately. The benefit of this is that you can browse with a layer of protection. Meaning that there's less chance of your data being collected by websites and the device you're using. This is handy if you're using someone else's computer or device. This does mean that if you want to log-in or your shopping, your browser will not remember your details or what was in the shopping basket last time you shopped, so there are good uses for both incognito and normal browsing


9. Use public Wi-Fi safely

We know public Wi-Fi can be tempting, but it can be a risk. Firstly, they often ask you to share a lot of personal details to log-in and access the Wi-Fi. Secondly, scammers could set up their own 'free Wi-Fi'. Which, once you connected, they can use to access your device and details. Finally, even if you are on a real public Wi-Fi, scammers can use this as a way to get to your device and personal details.

If you choose to access public Wi-Fi, you should always be careful not to log into your accounts. Especially not your bank account. If you want to know more about connecting to Wi-Fi safely.

10. Be confident, but careful

It sounds very simple, but one of the best ways to stay safe online is to be careful. Websites, emails, links, messages, texts, phone calls and 'pop-up' ads can all be a way in for scammers.

If you're unsure whether what you are looking at is real, it is always best to ignore it and check through a separate source or someone you trust.

For example, if you receive a message off a friend on Facebook asking you to click a link, can you call them to check if the message was from them?

If you receive an email to say a parcel is on its way to your house with a link to track the parcel, can you write down the tracking number instead of clicking the link? This means you can go to the courier's website and manually enter the tracking number to check the delivery is real and avoid clicking the link. 

If you are on a website and it's asking for an unnecessary number of personal details like your passwords or national insurance number, can you use a different supplier or check the website through a different source or a friend?

You should now be ready to use the internet with more confidence. If you are unsure – remember our motto for online safety.

If you think you've been scammed

The first thing to do is report it to Action Fraud on 0300 123 2040 or online at If you're in Scotland, you can contact Police Scotland on 101.

Once you've done that, you should try to take steps to stop further damage. If the scam affects your bank account, you should contact your bank immediately. If you think someone has one of your passwords, take action to change your password immediately.


Module complete!

Well done on completing this lesson! You should now feel more prepared to stay safe online. We suggest you continue your learning with the next module in 'Staying Safe Online' – 'Using social media safely'. This lesson will help you to use some of the tips you have learnt here to help stay safe on social media.


Up next for you:

Next module: Using social media safely

Back to: Staying Safe Online

Scottish Widows Be Money Well is committed to providing information in a way that is accessible and useful for our users. This information, however, is not in any way intended to amount to authority or advice on which reliance should be placed. You should seek professional advice as appropriate and required. Any sites, products or services named in this module are just examples of what's available. Scottish Widows does not endorse the services they provide. The information in this module was last updated on 31st Oct 2022.