The do’s and don’ts of cyber security are practical rules that protect your data, devices, and accounts from hackers and scams.
Use strong passwords, enable multi-factor authentication, keep software updated, avoid suspicious links, and never share sensitive information on unsecured networks.
Cybercrime is no longer something that happens only to large corporations. According to the Indian Computer Emergency Response Team (CERT-In) Annual Report 2022, India recorded over 1.39 million cybersecurity incidents in 2022 alone a figure that keeps climbing year on year.
Individuals, especially students, are increasingly targeted through phishing, social engineering, and identity theft.
The Cybersecurity and Infrastructure Security Agency (CISA) reports that 85% of successful cyberattacks start with human error a clicked link, a reused password, or an unpatched app. That means most breaches are preventable.
In India, the Reserve Bank of India (RBI) and TRAI have both issued advisories warning citizens about UPI fraud, fake KYC calls, and SMS phishing (smishing) threats that are rising sharply among mobile-first users.
If you’re just getting started, our Cybersecurity Fundamentals guide gives you the foundational vocabulary you’ll need to make sense of everything below.
Think of these as non-negotiable habits. Each one closes a door that attackers love to walk through.
Password hygiene is the foundation of online safety. A strong password is at least 12 characters long, mixes uppercase letters, numbers, and symbols, and is unique to every account. Reusing “Rahul@123” across Gmail, Instagram, and your bank is one of the most dangerous things you can do online.
A password manager tools like Bitwarden, 1Password, or Google Password Manager generates and stores complex passwords so you don’t have to remember them.
The National Institute of Standards and Technology (NIST) recommends passphrases and password managers in its Digital Identity Guidelines (SP 800-63B).
Multi-factor authentication (MFA) requires two or more verification steps before granting account access. According to Microsoft’s Security Blog (2019), MFA blocks over 99.9% of automated account-compromise attacks. Enable it everywhere Gmail, WhatsApp, banking apps, all of it.
Software updates patch known security vulnerabilities that hackers actively exploit. The infamous WannaCry ransomware attack in 2017 which hit hospitals and government systems in over 150 countries spread almost entirely through unpatched Windows systems. Turn on automatic updates for your OS, browser, and apps.
Safe browsing means verifying URLs before you click and using HTTPS-only sites for any transaction. A VPN (Virtual Private Network) encrypts your internet traffic and masks your IP address, making it much harder for attackers to intercept your data on public networks. Choose an audited paid provider like ProtonVPN or Mullvad free VPNs often sell your data.
Public Wi-Fi at cafes, airports, and college campuses is often unencrypted. An attacker on the same network can run a man-in-the-middle attack, intercepting everything you send and receive.
According to the Forbes Advisor Consumer Tech Survey (2023), 40% of respondents had their information compromised while using public Wi-Fi. Use your mobile data hotspot instead it’s encrypted by default.
Phishing is a social engineering attack where criminals impersonate trusted entities your bank, CBSE, IRCTC, or even your college to trick you into revealing credentials or downloading malware.
In India, fake SBI and HDFC bank emails and fraudulent UPI payment links are among the most reported phishing vectors. Always hover over a link before clicking. Report incidents via CERT-In’s official portal or cybercrime.gov.in.
Posting your phone number, home address, school name, or daily schedule gives attackers everything they need for targeted scams.
Social engineering attacks frequently start with public social media profiles. Set Instagram, Snapchat, and Facebook posts to Friends Only and remove your phone number from public view.
A uniquely prevalent Indian threat: fraudsters call posing as bank representatives or Aadhaar officials, claiming your KYC is expired and requesting OTPs or remote access to your phone. The RBI has explicitly stated that no bank will ever ask for your OTP, PIN, or CVV over a call. Hang up immediately and report to your bank’s official helpline.
Cyber safety is the set of practices and habits that help individuals stay secure, private, and protected while using the internet and digital devices.
Indian school curricula under CBSE increasingly include cybersecurity topics in Class 9 and Class 10 IT and computer science papers.
You can explore hands-on cybersecurity projects to apply these concepts practically, or enroll in structured cybersecurity courses to go deeper.
| Category | Do This | Don’t Do This |
|---|---|---|
| Passwords | Use a unique 12+ character password per account | Reuse the same password across sites |
| Authentication | Enable MFA/two-factor on every account | Rely on password alone for security |
| Software | Update OS, apps, and antivirus regularly | Ignore update notifications |
| Wi-Fi | Use a VPN on public networks | Do banking or login on open public Wi-Fi |
| Links & Email | Verify sender and URL before clicking | Click links in unsolicited emails or SMS |
| Social Media | Set profiles to private, limit personal info | Share your address, schedule, or phone publicly |
| Backups | Back up data to cloud + external drive weekly | Rely on a single copy of important files |
| Devices | Lock screen with PIN/biometric; encrypt storage | Leave devices unlocked in public spaces |
| UPI / Payments | Verify payee UPI ID before every transaction | Share OTP, PIN, or CVV with anyone over call |
| Statistic | Figure | Source |
|---|---|---|
| Cybersecurity incidents in India (2022) | 1.39 million | CERT-In Annual Report 2022 |
| Attacks starting with human error | 85% | CISA |
| Automated attacks blocked by MFA | 99.9% | Microsoft Security Blog, 2019 |
| Users compromised on public Wi-Fi | 40% | Forbes Advisor Consumer Tech Survey, 2023 |
| WannaCry countries affected (2017) | 150+ | Europol / NCSC |
The five most important do’s are: (1) use a unique, strong password for every account; (2) enable multi-factor authentication wherever possible; (3) keep your operating system and apps updated; (4) verify links and sender addresses before clicking; and (5) back up your important data regularly to both cloud and a physical drive.
Don’t reuse passwords across accounts. Don’t click links in unexpected emails or SMS messages. Don’t use public Wi-Fi for banking or sensitive logins without a VPN. Don’t overshare personal details on social media.
Don’t ignore software update notifications unpatched apps are a primary entry point for malware and ransomware attacks.
Cyber safety is the practice of using the internet and digital devices in a way that protects your personal information, privacy, and wellbeing from threats like hackers, scammers, and cyberbullies. It’s about knowing what’s safe to share, which links to trust, and how to set up your accounts so attackers can’t easily break in.
Students should set all social media profiles to private, avoid sharing their school name, phone number, or location publicly, and use strong passwords with MFA on school email and learning platforms. In India, students can report cyberbullying or suspicious contact via the Cybercrime Reporting Portal at cybercrime.gov.in or call the national helpline 1930.
They directly address the most common causes of breaches. CISA data shows 85% of successful attacks involve human error. A clear list of do’s and don’ts removes ambiguity — you don’t have to be a security expert to follow them. They’re the simplest, highest-return investment in your digital safety.
Never share passwords, OTPs, or PINs with anyone including people claiming to be bank staff or tech support. Don’t download apps from unofficial sources outside the Play Store or App Store. Don’t use “123456” or your birth year as a password. Never ignore a browser warning that a site’s security certificate is invalid.
Use at least 12 characters with a mix of letters, numbers, and symbols; never reuse a password across sites; use a reputable password manager like Bitwarden or 1Password; and change passwords immediately if you hear of a breach. Check haveibeenpwned.com to see if your email has been compromised.
Always verify the payee’s UPI ID before sending money. Never scan a QR code sent by a stranger scammers use collect requests disguised as payments. The RBI confirms no legitimate bank or payment app will ever ask for your UPI PIN or OTP. Report UPI fraud immediately to your bank and at cybercrime.gov.in.
Not a member yet? Register now
Are you a member? Login now
Not a member yet? Register now
Are you a member? Login now
