10 Essential Internet Safety Rules & Guidelines: UK Guide

The digital world offers endless possibilities, but navigating it safely requires knowledge of essential internet safety rules. Every day, UK internet users face sophisticated phishing scams, malware attacks and data breaches that can compromise personal information, financial security and digital identity. Whether you’re protecting yourself, your children or elderly relatives, following proven cyber safety guidelines isn’t optional—it’s essential.

This comprehensive guide provides 10 fundamental internet safety rules backed by the National Cyber Security Centre (NCSC) and UK data protection authorities. You’ll learn practical, actionable steps to secure your devices, recognise online threats, protect personal data and respond effectively if something goes wrong. These rules apply whether you’re browsing on your laptop, smartphone or tablet, and whether you’re shopping, banking or simply staying connected with friends and family online.

Quick Answer: The 10 Essential Internet Safety Rules

Internet Safety Rules, Quick Answer

Before we explore each rule in detail, here are the core principles every internet user must follow:

  1. Use strong, unique passwords with two-factor authentication on all accounts.
  2. Never click suspicious links or download files from untrusted sources.
  3. Keep all software and devices updated with the latest security patches.
  4. Protect personal information – never share sensitive details with strangers online.
  5. Secure your devices with antivirus software and firewalls.
  6. Use a VPN when connecting to public Wi-Fi networks.
  7. Back up data regularly to both cloud storage and external drives.
  8. Verify website security – always look for HTTPS and padlock icons.
  9. Be cautious on public Wi-Fi when accessing banking or shopping sites.
  10. Report suspicious activity immediately to Action Fraud and the NCSC.

Each rule is explained thoroughly below, with practical UK-specific guidance for implementation.

What Are Internet Safety Rules? Understanding the Basics

Understanding the terminology helps establish why these guidelines matter to your daily online activities.

Internet safety rules are essential guidelines and practices designed to protect individuals from online threats whilst browsing, communicating and conducting transactions on the internet. These rules encompass password security, recognising scams, protecting personal information and maintaining secure devices.

Cyber safety rules specifically focus on defending against cyber attacks, malware, phishing attempts and identity theft. In the UK, organisations like the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) provide authoritative guidance on implementing these rules effectively.

The importance of following internet safety guidelines cannot be overstated. Cybercrime costs UK individuals and businesses over £27 billion annually, according to government estimates. Following established safety measures significantly reduces your risk of falling victim to online fraud, data breaches and identity theft. These rules establish a layered protection system that works together to safeguard your digital presence.

Understanding Internet Safety: Why Cyber Security Rules Matter Today

The digital landscape presents both opportunities and risks that require informed navigation.

The Evolving Threat Landscape

Cyber criminals continuously develop more sophisticated attack methods. Recent threats targeting UK users include AI-driven phishing emails that mimic authentic communications from banks and government departments, deepfake audio recordings used to impersonate company executives, and ransomware attacks that encrypt personal files and demand payment.

The NCSC reports that phishing remains the most common attack vector, with over 1.2 million suspicious emails reported by UK users in 2024 alone. These scams have become increasingly difficult to detect, often replicating official branding and employing social engineering techniques to create a sense of urgency and panic.

Impact on Individuals and Families

The consequences of inadequate internet safety extend beyond financial loss. Data breaches expose personal information that criminals use for identity theft, opening credit accounts or taking out loans in victims’ names. The psychological impact includes stress, anxiety and a loss of trust in digital services.

For families, children face specific risks including cyberbullying, inappropriate content exposure and contact from predatory individuals. Elderly relatives often become targets for romance scams and fraudulent tech support calls that exploit their limited technical knowledge.

UK Context: Our Digital Society

The UK has one of the highest internet adoption rates globally, with 96% of households having internet access. This widespread connectivity creates a vast attack surface for criminals. UK-specific vulnerabilities include scams impersonating HMRC for tax refunds, Royal Mail delivery notifications and NHS appointment confirmations.

The Online Safety Act 2023 places new responsibilities on platforms to protect users, whilst the UK GDPR and Data Protection Act 2018 give individuals rights over their personal information. Understanding these protections forms part of comprehensive internet safety.

The 10 Essential Internet Safety Rules Everyone Must Follow

These foundational rules provide robust protection when implemented correctly and consistently.

Rule 1: Create Strong Passwords and Enable Two-Factor Authentication

Your passwords serve as the primary defence against unauthorised account access, making their strength crucial.

Creating Unbreakable Passwords: Practical UK Examples

Strong passwords contain at least 12 characters that combine uppercase letters, lowercase letters, numbers, and special symbols. Rather than random strings, use memorable passphrases with character substitutions. For instance, “Coffee at 8am on Monday” becomes “C0ff33@8am-Mond4y!” – easy to remember but difficult to crack.

Never reuse passwords across multiple accounts. A breach of one service immediately compromises all others sharing that password. Given that the average person manages over 100 online accounts, password managers become essential rather than optional.

Password Manager Recommendations for UK Users

Password managers securely store and generate unique passwords for each account:

  1. 1Password: £2.99 per month (individual) or £4.99 per month (family plan for up to 5 people). Excellent UK customer support and intuitive interface.
  2. Bitwarden: Free tier includes unlimited passwords and cross-device sync. Premium plan costs £8.33 annually for additional features.
  3. Dashlane: £3.99 per month (individual). Includes VPN service and dark web monitoring.

These tools encrypt your password database, requiring only one master password to access all credentials. They also generate strong random passwords and alert you to compromised accounts.

Setting Up Two-Factor Authentication

Two-factor authentication (2FA) requires an additional verification step beyond your password, typically a code generated on your smartphone. This prevents unauthorised access even if criminals obtain your password.

All major UK banks, including Barclays, HSBC, Lloyds, and NatWest, now require two-factor authentication (2FA) for online banking. Enable it immediately on:

  1. Email accounts (Gmail, Outlook, Yahoo).
  2. Social media platforms (Facebook, Instagram, Twitter/X).
  3. Shopping accounts (Amazon, eBay, PayPal).
  4. Cloud storage services (Google Drive, Dropbox, OneDrive).

Use authenticator apps (such as Google Authenticator, Microsoft Authenticator, or Authy) instead of SMS codes whenever possible. SMS interception remains a vulnerability that authenticator apps eliminate.

Phishing attacks manipulate victims into revealing sensitive information or installing malware, making recognition your strongest defence.

Identifying Common Phishing Tactics

Phishing emails and messages often create artificial urgency (“Your account will be suspended within 24 hours”) to bypass critical thinking. Warning signs include:

  1. Generic greetings (“Dear customer” instead of your name).
  2. Spelling and grammar errors in supposedly official communications.
  3. Suspicious sender addresses (amazonn.co.uk instead of amazon.co.uk).
  4. Requests for personal information via email.
  5. Mismatched URLs when hovering over links (displayed text shows one address, actual destination differs).

Current phishing campaigns targeting UK users include fake Royal Mail delivery texts requesting redelivery fees, HMRC tax refund emails requesting bank details, NHS appointment confirmations with malicious links and energy bill “refund” messages following the cost of living crisis.

Sophisticated Scams Requiring Extra Vigilance

Newer attack methods prove harder to detect. Deepfake audio technology allows criminals to impersonate executives requesting urgent wire transfers, whilst AI-generated emails mimic colleague writing styles perfectly. CEO fraud variations target finance departments with seemingly legitimate payment authorisation requests.

Always verify unexpected requests through alternative channels. If an email requests urgent payment, telephone the supposed sender using a number from your records rather than the contact details in the email itself.

Reporting Suspicious Emails and Scams in the UK

When you receive suspicious communications:

  1. Forward phishing emails to [email protected] (NCSC’s Suspicious Email Reporting Service).
  2. Report online fraud to Action Fraud at 0300 123 2040 or via actionfraud.police.uk
  3. Text suspicious messages to 7726 (spells SPAM) – free on all UK mobile networks.

The NCSC’s Suspicious Email Reporting Service has removed over 150,000 malicious websites since launch, directly protecting millions of UK internet users from scams.

Rule 3: Keep All Software and Devices Updated with Security Patches

Software updates patch security vulnerabilities that criminals exploit, making timely installation critical.

Updates address newly discovered weaknesses in operating systems, browsers and applications. Cyber criminals actively scan for unpatched devices, knowing that many users delay updates. The 2017 WannaCry ransomware attack exploited a Windows vulnerability that had been patched months earlier, affecting only systems that hadn’t been updated.

Automating Updates for Maximum Protection

Enable automatic updates on:

  1. Windows: Settings → Update & Security → Windows Update → Advanced options → Automatic updates.
  2. macOS: System Preferences → Software Update → Automatically keep my Mac up to date.
  3. iOS: Settings → General → Software Update → Automatic Updates.
  4. Android: Settings → System → Advanced → System update → Automatic system updates.

Browser updates deliver security fixes for the software you use most frequently. Chrome, Firefox, Edge and Safari all update automatically when configured correctly. Verify this in your browser settings.

Smart Device Firmware Updates

Internet-connected devices, including smart cameras, doorbells, thermostats and speakers, require firmware updates. Manufacturers release these less frequently than software updates, but they remain equally important. Check device settings menus monthly for available updates, or enable automatic updates where supported.

Rule 4: Protect Your Personal Information and Privacy Settings

Your personal data has significant value, making protection essential for preventing identity theft and fraud.

Understanding Your Data Rights Under UK Law

The UK Data Protection Act 2018 and UK GDPR grant you control over personal information that organisations collect. Your rights include:

  1. Knowing what personal data organisations hold about you (right of access).
  2. Requesting deletion of your data (right to erasure).
  3. Objecting to data use for marketing purposes.
  4. Requesting data portability to move information between services.
  5. Withdrawing consent for data processing.

When an organisation suffers a data breach affecting your information, they must notify the Information Commissioner’s Office (ICO) within 72 hours. Visit ico.org.uk to exercise your rights or report concerns about data protection.

Reviewing Privacy Settings on Social Media

Social media platforms collect extensive personal information and share it with advertisers by default. Review privacy settings every three months on:

  1. Facebook: Settings & Privacy → Privacy Shortcuts → Limit who can see your posts and personal information.
  2. Instagram: Settings → Privacy → Configure account visibility, story sharing and tagged post approvals.
  3. LinkedIn: Settings & Privacy → Visibility → Control profile visibility and connection suggestions.
  4. Twitter/X: Settings and privacy → Privacy and safety → Configure discoverable information.

Limit personal information in your profile. Avoid listing your full birth date, home address, phone number or current location. These details enable identity theft or physical security risks.

Minimising Third-Party Tracking

Websites and advertisers track your browsing behaviour to build detailed profiles. Reduce tracking by:

  1. Using privacy-focused browsers (Firefox, Brave) or enabling privacy modes in Chrome/Edge.
  2. Installing tracking blockers (Privacy Badger, uBlock Origin).
  3. Clearing cookies regularly or configuring browsers to delete them automatically.
  4. Opting out of personalised advertising in Google and Facebook ad settings.

Rule 5: Secure All Your Devices with Antivirus Software and Firewalls

Comprehensive device security requires multiple protective layers working together.

The National Cyber Security Centre recommends the following protection:

  1. Antivirus Software:
    • Windows Defender: Built into Windows 10 and 11 at no additional cost. Provides solid baseline protection with regular updates from Microsoft.
    • Bitdefender Antivirus Plus: £24.99 per year for one device, £34.99 for three devices. Consistently achieves top marks in independent testing.
    • Kaspersky Anti-Virus: £22.49 annually for one device. Excellent malware detection rates.
    • Norton AntiVirus Plus: £19.99 for the first year (then £39.99 annually) for one device. Includes 2GB cloud backup.
      • Prices include VAT. Most vendors offer 30-60 day money-back guarantees, allowing testing before commitment.
  2. Firewall Protection: Firewalls monitor incoming and outgoing network traffic, blocking unauthorised access attempts. Windows Firewall and macOS Firewall provide adequate protection when enabled:
    • Windows: Settings → Update & Security → Windows Security → Firewall & network protection → Verify “On” status.
    • macOS: System Preferences → Security & Privacy → Firewall → Turn On Firewall.
      • Never disable firewall protection, even temporarily. If specific applications require network access, create firewall exceptions rather than disabling protection entirely.
  3. Device Encryption: Encryption scrambles data on your device, rendering it unreadable without your password. This protects information if your device is lost or stolen.
    • Windows: BitLocker (Professional/Enterprise editions) or VeraCrypt (free alternative).
    • macOS: FileVault (built-in, enable in System Preferences → Security & Privacy).
    • iOS/iPadOS: Enabled automatically when you set a passcode.
    • Android: Settings → Security → Encryption (usually enabled by default on modern devices).
  4. Securing Your Wi-Fi Network: Your home Wi-Fi network requires protection from unauthorised access:
    • Change the default router password immediately (use a strong, unique password).
    • Enable WPA3 encryption (or WPA2 if WPA3 isn’t available).
    • Change the default SSID (network name) to something non-identifying.
    • Disable WPS (Wi-Fi Protected Setup), which has known vulnerabilities.
    • Enable the router firewall.
    • Keep router firmware updated (check the manufacturer’s website quarterly).

Rule 6: Use a Virtual Private Network (VPN) for Online Privacy

Virtual Private Networks (VPNs) encrypt your internet connection and mask your IP address, thereby protecting your privacy and security.

VPNs establish encrypted tunnels between your device and the internet, thereby preventing the interception of your data. This proves particularly valuable on public Wi-Fi networks in cafés, hotels and airports where criminals commonly monitor traffic.

  1. When to Use a VPN: Essential VPN use cases include:
    • Connecting to public Wi-Fi for any sensitive activities (banking, shopping, email).
    • Accessing work resources remotely.
    • Protecting your browsing history from your internet service provider.
    • Preventing website tracking based on your location.
  2. Choosing a Reputable VPN Provider: Quality varies significantly among VPN providers. Look for:
    • No-logs policy (provider doesn’t record your browsing activity).
    • Strong encryption standards (AES-256).
    • UK server locations for optimal speed.
    • Clear privacy policy explaining data handling.
    • No data caps or bandwidth restrictions.
  3. Recommended VPN Services for UK Users:
    • NordVPN: £3.09 per month (2-year plan), over 440 UK servers, independently audited no-logs policy.
    • ExpressVPN: £5.23 per month (annual plan), 5 UK server locations, excellent speeds for streaming.
    • Surfshark: £1.99 per month (2-year plan), unlimited simultaneous connections, UK servers in London, Manchester and Glasgow.

All prices include VAT. Avoid free VPN services, which often monetise by selling browsing data or injecting advertisements.

VPN Comparison

FeatureFree VPNsPremium VPNs (£2-6/month)
Data limitUsually capped at 500MB-10GB monthlyUnlimited
Server locationsLimited to 3-5 countries50-100+ countries
Connection speedThrottled, often slowFast, minimal impact
UK serversRarely availableMultiple UK locations
Customer supportEmail only, slow response24/7 live chat
Logging policyOften log and sell dataAudited no-logs policies
SecurityBasic encryptionMilitary-grade AES-256
Best forOccasional browsingBanking, streaming, daily use

Rule 7: Back Up Your Personal Data Regularly

Data loss can occur through hardware failure, ransomware attacks, theft, or accidental deletion, making backups your primary safety net for recovery.

Ransomware attacks encrypt files and demand payment for the decryption key. Without backups, victims face losing precious family photos, important documents and years of accumulated data. Regular backups eliminate this threat entirely – you simply restore from backup rather than paying criminals.

The 3-2-1 Backup Strategy

Security professionals recommend the 3-2-1 rule:

  1. 3 copies of your data (original plus two backups).
  2. 2 different storage types (internal drive plus cloud/external drive).
  3. 1 offsite copy (cloud storage or drive stored at another location).

This redundancy protects against multiple failure scenarios simultaneously.

Cloud Backup Services:

  1. Google Drive: 15GB free, £1.59 per month for 100GB, £2.49 per month for 200GB.
  2. Microsoft OneDrive: 5GB free, £1.99 monthly for 100GB (included with Microsoft 365 subscription).
  3. Dropbox: 2GB free, £9.99 monthly for 2TB.

External Hard Drive Backup:

Purchase a portable external hard drive (1-2TB typically costs £40-70) and back up weekly using:

  1. Windows: File History (Settings → Update & Security → Backup).
  2. macOS: Time Machine (System Preferences → Time Machine).

Store the external drive in a different room from your computer. If fire or flood affects your home, having the backup drive next to your computer provides no protection.

Testing Your Backups

Backups only provide value if restoration works correctly. Test backups quarterly by:

  1. Selecting random files from your backup.
  2. Restoring them to a test folder.
  3. Verifying that the restored files open correctly.
  4. Checking that recent files appear in the backup.

Rule 8: Practise Safe Browsing and Verify Website Security

The websites you visit can deliver malware or steal information, making careful browsing habits essential.

Identifying Secure Websites

Before entering passwords, payment details or personal information, verify website security:

  1. HTTPS encryption: URL begins with “https://” (the ‘s’ indicates secure).
  2. Padlock icon: Appears in the address bar before the URL.
  3. Valid certificate: Click the padlock to view certificate details and ensure it’s issued to the correct organisation.

Never enter sensitive information on HTTP sites (without the ‘s’). These transmit data unencrypted, allowing interception by anyone monitoring network traffic.

Browser Extensions and Their Risks

Browser extensions enhance functionality but also create security vulnerabilities. Malicious extensions can:

  1. Monitor your browsing history.
  2. Inject advertisements into web pages.
  3. Steal passwords and form data.
  4. Track your online activities.

Only install extensions from official browser stores (Chrome Web Store, Firefox Add-ons, Edge Add-ons). Review permissions carefully – a currency converter shouldn’t need access to all your browsing data. Audit installed extensions monthly and remove any you no longer use.

Safe Downloading Practices

Downloads represent a primary vector for malware infections. Protection requires:

  1. Only downloading from official sources (software vendor websites, not third-party download sites).
  2. Verifying file authenticity using checksums when provided.
  3. Scanning downloads with antivirus software before opening.
  4. Being suspicious of unexpected email attachments, even from known contacts (accounts get compromised).

Never download pirated software or use “crack” programmes to bypass licensing. These almost invariably contain malware.

Rule 9: Exercise Caution on Public Wi-Fi Networks

Public Wi-Fi networks in cafés, hotels, airports and shopping centres pose significant security risks through a lack of encryption and potential monitoring.

Public Wi-Fi Risks

Unencrypted public networks allow anyone connected to the same network to intercept data transmitted by other users. Criminals use readily available tools to capture passwords, credit card details and personal information.

“Evil twin” attacks involve criminals creating fake Wi-Fi hotspots with names similar to legitimate networks (“Starbucks Guest” vs “Starbucks_Guest”). Unsuspecting users connect to the malicious network, giving criminals complete visibility into their online activities.

Safe Public Wi-Fi Practices

When using public Wi-Fi:

  1. Verify the correct network name with staff before connecting.
  2. Enable VPN before accessing any websites or services.
  3. Avoid online banking and shopping if possible.
  4. Disable automatic Wi-Fi connection (prevents connecting to malicious networks without your knowledge).
  5. Forget the network after use (Settings → Wi-Fi → Network name → Forget).
  6. Enable two-factor authentication on all accounts (provides protection even if passwords are intercepted).

For critical activities, such as online banking, use your mobile phone’s 4G/5G data connection instead of public Wi-Fi. Mobile networks provide significantly better security.

Rule 10: Report Suspicious Activity to UK Authorities

Reporting cyber crimes and suspicious activity helps authorities track criminal activity and potentially prevent others from becoming victims.

When to Report

Report immediately if you:

  1. Receive phishing emails or suspicious texts.
  2. Experience unauthorised account access.
  3. Suffer financial loss through online fraud.
  4. Discover your personal information in a data breach.
  5. Encounter websites that distribute malware or engage in scams.

UK Reporting Channels

  1. Action Fraud (actionfraud.police.uk or 0300 123 2040): It is the national reporting centre for fraud and cybercrime in the UK. Provide detailed information, including:
    • Date and time of the incident.
    • Financial losses (if any).
    • Perpetrator information (email addresses, phone numbers, website URLs).
    • Evidence (screenshots, emails, messages).
      • Action Fraud provides a crime reference number needed for insurance claims and bank fraud investigations.
  2. NCSC Suspicious Email Reporting Service: Forward suspicious emails to [email protected]. The NCSC analyses reported emails and takes down malicious websites. Over 100,000 suspicious URLs are removed annually through this service.
  3. Information Commissioner’s Office (ICO): Report data breaches and misuse of personal information to ico.org.uk. The ICO investigates and can fine organisations up to £17.5 million or 4% of global turnover for serious data protection violations.

Your Rights When Reporting Financial Fraud

Under the Payment Services Regulations 2017, UK banks must refund unauthorised transactions if you report them within 13 months and haven’t acted with gross negligence. The Contingent Reimbursement Model Code provides additional protection for victims of Authorised Push Payment (APP) fraud, requiring banks to reimburse victims in many circumstances.

Internet Safety for Specific Audiences: Tailored Guidance

Different groups face unique online threats requiring specialised approaches to protection.

Teaching Children Internet Safety: Age-Appropriate UK Guidance

Children’s internet safety requires ongoing education adapted to their developmental stage and technical sophistication.

Ages 5-7: Establishing Foundation

Young children need close supervision and clear boundaries:

  1. Keep internet-connected devices in shared family spaces (living room, kitchen).
  2. Use parental control services: Sky Broadband Shield (free with Sky), BT Parental Controls (free with BT), TalkTalk HomeSafe (free with TalkTalk).
  3. Teach the SMART rules: Safe (keep personal information private), Meeting (never meet online without parent), Accepting (don’t open messages from strangers), Reliable (not everything online is true), Tell (report worrying content to trusted adults).
  4. Use child-safe search engines: Swiggle, KidzSearch, Kiddle (all filter inappropriate content).

Ages 8-11: Building Digital Literacy

Pre-teens develop greater independence, requiring education alongside supervision:

  1. Discuss appropriate screen time limits and consequences for violations.
  2. Explain why personal information (home address, school name, phone number, full birth date) must remain private.
  3. Create accounts together with maximum privacy settings enabled.
  4. Review friend lists and followers on any social media accounts.
  5. Introduce the concept of digital footprint – everything posted online potentially lasts forever.

Ages 12-16: Developing Critical Thinking

Teenagers need skills to navigate complex online environments independently:

  1. Discuss online risks openly: cyberbullying, sexting, grooming, and misinformation.
  2. Review privacy settings together on social media quarterly (settings change frequently).
  3. Explain digital footprint implications for future education and employment opportunities.
  4. Encourage reporting concerns to trusted adults, Childline (0800 1111) or CEOP (ceop.police.uk).
  5. Discuss recognising and responding to manipulation tactics used by predators.

UK-Specific Resources for Parents:

  1. Internet Matters (internetmatters.org): Age-specific advice and parental control setup guides.
  2. NSPCC Net Aware (nspcc.org.uk/keeping-children-safe/online-safety): App and game reviews with age ratings.
  3. UK Safer Internet Centre (saferinternet.org.uk): Parent resources and annual Safer Internet Day campaigns.

Internet Safety for Older Adults: Recognising UK-Targeted Scams

Older adults face disproportionate targeting by scammers exploiting their limited technical knowledge and trusting nature.

Common Scams Targeting UK Seniors

  1. HMRC Tax Refund Scams: Fake emails or voicemails claiming tax refunds require bank details. Genuine HMRC communications are sent via post for refunds and never request bank details via email. Verify by logging into your Government Gateway account directly.
  2. Pension Scams: Cold callers offering “free pension reviews” or opportunities to access pensions before age 55. These result in significant losses and tax penalties. Register with the Telephone Preference Service (0345 070 0707) to reduce the number of unwanted calls. Never discuss pensions with cold callers – hang up immediately.
  3. Romance Scams: Criminals create fake profiles on dating websites and social media, developing relationships before requesting money for emergencies. Never send money to someone you’ve only met online. Legitimate relationships don’t involve financial requests within the first months.
  4. Tech Support Scams: Callers claiming to represent Microsoft, BT, or other technology companies state your computer has viruses. Legitimate companies never cold-call about viruses. Hang up immediately and never allow remote access to your computer from unsolicited callers.

Getting Help:

  1. Age UK Digital Support: 0800 678 1602 for technology assistance.
  2. Action Fraud: 0300 123 2040 for reporting scams.
  3. Citizens Advice: 0800 144 8848 for consumer rights guidance.
  4. The Silver Line: 0800 4 70 80 90 for confidential support and friendship.

Your Complete Internet Safety Checklist: Maintaining Protection

Consistent security requires ongoing maintenance through daily habits, weekly reviews and monthly assessments.

  1. Daily Internet Safety Habits:
    • Verify URLs before entering passwords or payment details (check for HTTPS and correct spelling).
    • Log out of accounts on shared or public computers.
    • Clear browser history, cookies and cache after using public computers.
    • Think critically before clicking links in emails, messages or social media posts.
    • Avoid saving passwords in browsers on shared devices.
  2. Weekly Security Tasks:
    • Review bank and credit card statements for unauthorised transactions.
    • Check recent account activity on email and social media for unusual logins.
    • Review smartphone app permissions (Settings → Apps → Permissions) and revoke unnecessary access.
    • Update apps with available security patches (check app stores for pending updates).
  3. Monthly Security Review:
    • Rotate passwords on critical accounts (email, banking, primary social media).
    • Review and remove unused browser extensions that accumulate security risks.
    • Audit privacy settings on social media platforms (settings change frequently).
    • Run comprehensive antivirus scans on all devices.
    • Back up important data to an external drive and verify backup integrity.
  4. Quarterly Cyber Health Check:
    • Check free credit reports from Experian, Equifax and TransUnion for suspicious activity.
    • Search your email addresses on Have I Been Pwned (haveibeenpwned.com) to identify compromised accounts.
    • Update emergency contact information and account recovery options.
    • Test data restoration from backups (verify that files are restored correctly).
    • Review children’s online activity and update parental control settings to ensure age appropriateness.

Emergency Response: What to Do When Things Go Wrong

Internet Safety Rules, Emergency Response

Despite preventive measures, security incidents occur. Swift response minimises damage.

  1. If You’ve Clicked a Phishing Link:
    • Disconnect immediately from the internet (disable Wi-Fi and unplug ethernet cable).
    • Run full antivirus scan to detect any downloaded malware.
    • Change passwords on an unaffected device for any accounts where you entered credentials.
    • Enable two-factor authentication on compromised accounts.
    • Contact your bank immediately if you entered payment information.
  2. If Your Account is Compromised:
    • Attempt password reset using “Forgot Password” functionality.
    • Check account activity for unauthorised changes (email filters, forwarding rules, posted content).
    • Review connected applications and revoke access to unfamiliar apps.
    • Alert your contacts that your account has been compromised and to disregard any suspicious messages.
    • Report to platform support using official channels.
  3. If Money Has Been Stolen
    • Contact your bank immediately using the fraud number on your card (most UK banks have 24/7 fraud lines).
    • Report to Action Fraud at 0300 123 2040 within 24 hours (provides crime reference number).
    • Contact credit reference agencies (Experian, Equifax, TransUnion) to place fraud alerts.
    • Preserve evidence: Don’t delete emails, texts or transaction records.
    • Request a bank fraud investigation and ask about the Contingent Reimbursement Model Code protection.

UK banks must investigate fraud reports and typically reimburse unauthorised transactions if you report promptly and haven’t acted with gross negligence.

Following these 10 essential internet safety rules significantly reduces your risk of falling victim to online threats. Whether you’re protecting yourself from phishing scams, securing your devices against malware or teaching children about cyber safety, these guidelines provide a robust foundation for digital security.

The core cyber safety rules bear repeating: strong passwords with two-factor authentication prevent account compromises, suspicious links and downloads must always be avoided, personal information requires protection through privacy settings and careful sharing, and regular updates combined with backups prevent attacks and data loss.

Take action today by implementing the Quick Answer checklist at the beginning of this guide. Focus first on password security and enabling two-factor authentication—these two steps alone prevent the vast majority of account compromises. Then work through the remaining rules systematically, dedicating time each week to strengthening your digital defences.

Cyber threats constantly evolve, requiring ongoing vigilance. Subscribe to the National Cyber Security Centre’s alert system at ncsc.gov.uk, follow Action Fraud updates at actionfraud.police.uk, and revisit these internet safety guidelines quarterly to ensure your defences remain current.

Your online safety ultimately rests in your hands. By following these proven internet security rules and maintaining vigilant digital habits, you can confidently navigate the internet whilst protecting what matters most—your personal information, financial security and digital identity. Stay informed, stay cautious, and stay secure.