In our lesson ‘Introduction to online safety’, we talked about the benefits of staying safe online. We also explained some of the risks and what to look out for. You can take ‘Introduction to online safety’ here, if you haven't seen it already.

In this lesson, we’ll share top tips to help keep yourself and your loved ones safe online.


  • Take steps to look after your personal safety online
  • Know how you can keep friends and family safe

Read time:

15 mins

Chapter 1

Ten tips for staying safe online

Read time:

15 mins

Steps you can take to keep safe

Now we know more about online risks, let’s look at what we can do to stay safe on the internet.


1. Keep things up to date

Whatever device you use, make sure you install the latest updates. Scammers can use any weaknesses as a way into your personal details and devices. Computer companies work hard to prevent these issues happening. Part of this is to try to keep your data safe with ‘software updates’. Most device apps will tell you when an update is ready. Please update these as soon as possible or when you receive the prompt to update from your device. Or, even better, set your updates to ‘automatic’.


So, how do you install them?

  1. Prompt – A prompt will come up on your device’s screen and ask if and when you’d like to install
  2. Download – Agree to the update. It’s best to do it as soon as you can
  3. Restart – You may need to restart your device, so make sure you save everything first


You can also schedule for automatic updates in your settings. This means your device will apply the updates as soon as they’re available.


Haven’t seen any update notifications recently?

It’s worth checking for these to make sure you’re running the most up-to-date software. Do this by going to your Google Play Store, Apple App Store, Windows or Mac menu settings (depending on the device you’re using). If you’re not up to date, it will give you the option to ‘Install latest updates’.

Top tip

Regularly download updates to help keep your device safe and secure

2. Use strong and unique passwords

Services we use online such as email, online banking and shopping sites often ask us to create an account and password. Always protect your accounts with strong passwords. Don’t use the same password for more than one account.

So, what makes a strong password? It’s one that other people or software can’t easily guess. They can work out easy passwords, like the name of your street or your favourite sports team. If they guess right, someone could get access to your account.

Scammers can also use ‘password cracking’ software that quickly tests and guesses passwords for your accounts. So it’s best to try to think of something that has no link to you. Avoid common passwords like ‘password’ or ‘1234’, too.


How to create a strong password

Think of three random words

For example, TreeBarnPepper

Replace some letters with numbers

For example, Tr3e8arnPepp3r

Add special characters

For example, Tr3e8@rnPepp3r!

Remembering your passwords

It might sound quite hard to come up with, protect and remember good strong passwords. There are ways to make this easier, though.


Here’s how:

Never share personal details

This includes your PINs, passwords and private information about your life

Don’t re-use your passwords

If one password is stolen they can use it to access other services too

Use a browser/password manager

These can create a strong password for you and store them in one place

Two-factor authentication (2FA)

Add a fingerprint, face scan or a text code to give an extra layer of security

Password managers

These can be really useful. They create and safely store all your passwords. So you just need to remember one strong password, for your password manager. Here’s how it works. When you access one of your online sites, it offers to fill out your password for you.

Some password managers track to make sure you haven't used the same password twice. They may also scan online to check your passwords haven't been shared anywhere.

They’re not completely risk-free, though. If someone did get hold of your main password, they’d have access to all your accounts. Using this access, a scammer could change your passwords and take control of your accounts. If this happens, make sure to set a new, strong password as soon as possible.


Two-factor authentication

Some people know this as ‘multi-factor authentication'. It adds another security ‘factor’ to your log-in process. This could be a fingerprint or face scan. It might be a code sent separately – by text, for instance. You could add two-factor authentication to your email account. Then, if someone you don’t know tries to log in, it will ask them to enter a code that it sends to your mobile number. This lets you know what’s going on, and you can stop the access.

A scammer can access an eight-letter lowercase password almost instantly. Can you guess how long a 12-character password with at least one capital letter, a number and a symbol would take? It would be around 34,000 years!

3. Pick your secret questions well

Sometimes, websites will ask you to set up a ‘secret question’ as well as a password. This helps identify you if you forget your password and need to reset it. It also gives your account an extra layer of protection.

So, what are these questions? They’re often things like: ‘what’s the name of your first pet?’, ‘what’s your mother’s maiden name?’, ‘who was your best friend at school?’. The answers to these may seem very personal, but friends or family members could also know the answer. Could a scammer guess the answers? Maybe, if you post lots of information online about yourself.

Top tip

Pick questions where your answers are unique and not known by many people.

4. Lock your devices when you’re not using them

It’s always a good idea to have a screen lock on all your devices. This can be a password, passcode, a fingerprint or face scan. When someone tries to use your device, it will ask for this.

Set your devices to ‘auto-lock’ if you haven’t used it after a certain time. For instance, you could set your phone to lock after 2 minutes. If you lost your phone and someone picked it up later, they wouldn’t be able to get into it.


5. ‘Back up’ your data

Your device can do so many things. You may use it to store files, take photos, help you communicate, and even play music. This means it holds lots of personal data.

If it gets lost, stolen or scammed, you risk losing this data forever. Make sure you have a second copy of your data that is stored separately. This is a ‘back-up’. There are two types of ‘back-up’ – offline and online.


Offline back-ups

Offline back-ups use external devices like ‘hard drives’ and ‘USBs’ to store your data. Depending on which type you buy, you’ll get a certain amount of space to store everything on. As they’re physical devices, they can easily be damaged, lost, or stolen. So keep yours in a safe place when you’re not using it. You also need to know what data is on which device and when you last backed it up. This can be quite time-consuming, so do keep a note of where everything is.


Online back-ups

When you back up online, you ‘hire’ secure storage from a company. This may be more secure, as these companies can invest more in secure data storage than you could. It could be more flexible, too. You can get at your data from different devices, like your laptop and mobile. This means you can log in and use your files on-the-go. You can even work on two devices at the same time. Plus, you can buy more storage space if you run out, so it’s all in the same place.

Top tip

Whether online or offline, do your back-ups regularly. You can often schedule online back-ups automatically. Backing up offline? Make sure you keep track of when your last back-up was.

6. Take care when you visit websites


It’s important to know that the websites you visit are safe. If you can, only go to websites of organisations you trust

Always make sure the website is real and not a copy set up by scammers. So how do you know if the site is safe or a fake? Here’s what to look for:

The web address 

Spelling and grammar 

Website quality

Contact details

The web address

Look at the address bar at the top of the screen. Can you see a small padlock next to the address? Does the web address begin with https? These are both signs that the web address is safe. It’s good to check the website name here, including the spelling.

If anything seems suspicious, don’t enter any personal details or select anything. Leave the site and check the address a different way. For example, say you follow a web link from an email and it doesn’t look quite right. Leave that site, and use a search engine to find the company’s true site.

Spelling and grammar

With a genuine website, the company is likely to put effort into making sure everything’s correct. Mistakes do happen, but there shouldn’t be many, especially with a large or reputable company.

Quality of the website

Does the website have poor quality images or design? It could be fake. Most companies make sure their websites are user-friendly and look professional. Some smaller businesses may not be able to afford beautifully designed websites, though. So this could be harder to see. If you’re not sure, always leave the site. Check the address another way, or from someone you trust.


7. Use antivirus and security software

It’s a good idea to install software on your devices that can help find and protect you from online threats. Some even work on more than one device, so it’s worth looking into. Once you install the software, it runs in the background.


It can:

  • Scan for and protect against threats
  • Help make your browsing safer
  • Add parental controls
  • Safely store your passwords and personal details
  • Back up your files
  • Stop people from using your camera to spy on you
  • Check if scammers are sharing your personal details


8. Check your privacy settings

Privacy settings are a big part of staying safe online. Your personal details can be very valuable to others, so check you have everything set up as safely as you can.


We've listed some things you can do here. Select each idea to find out more

  • On your device, check to make sure you're getting the level of protection you want. Make sure you set up your browser to keep your personal details safe too - so you can browse securely online.

  • So, what are 'cookies'? They're a tool companies use, to collect data on how you use their websites. This lets them improve your experiences and create targeted ads to keep you coming back. It also lets them share your data with other companies. So always check their cookie settings and select the option you're happy with.

  • Location tracking can be a helpful tool - like if you're using Google maps. Some companies will ask to track your location all the time, though. Try to avoid this. Only share your location when you need to and with companies that you trust.

  • Most browsers have a setting that gives you more privacy. They may call this 'incognito' or 'privacy' mode. Using this means your browser won't remember your details or what was in your shopping basket the last time you were on that site. So there's less chance the websites and devices you use can collect your data.

9. Use public Wi-Fi safely

We know public Wi-Fi can be tempting, but it does carry some risks.

If you decide to access public Wi-Fi, be careful not to log into any of your accounts, especially your bank account. Want to know more about connecting to Wi-Fi safely? We have a helpful lesson on our website.


Risks include:

  • They often ask for personal details to log in and access the Wi-Fi – Like your name, email and date of birth
  • Scammers could set up their own ‘free Wi-Fi’ – They can use this to access your device and details
  • Even genuine public Wi-Fi can be less secure – Scammers can use this to get to your device and personal details

Never log into your bank account on a public Wi-Fi

10. Be confident, but careful

It sounds simple, but one of the best ways to stay safe online is to be careful. Websites, emails, links, messages, texts, phone calls and ‘pop-up’ ads can all let scammers in.

Not sure whether what you’re looking at is genuine? It’s always best to ignore it and double check with a separate source or someone you trust.

Here are a few examples:

A Facebook friend sends a message

It asks you to follow a link. Can you call them to check if the message was really from them?

An email says a parcel you weren’t expecting is on its way

There’s a link to track the parcel. Don’t use the link. Go to the courier’s website directly and type in the tracking number to check.

A website asks for personal details like your National Insurance number

Can you use a different supplier or check the website with a friend?

Test your knowledge

Answer this question by selecting one answer from the three options provided.

That's not quite right!

Remember, scammers can create fake websites and email you a link.

That's right!

Don’t forget, there are other signs to look out for too including poor quality images and spelling mistakes.

If you’re in any doubt, remember:


Take a moment to stop and think before you do anything with your finances or personal details.


If the request seems too good to be true, it’s OK to reject, refuse or ignore. Only criminals will try to rush or panic you.


Contact your bank straight away if you think you've fallen for a scam and report it to Action Fraud.

Think you’ve been scammed?

The first thing to do is report it to Action Fraud on 0300 123 2040 or online at 

If you're in Scotland, you can contact Police Scotland on 101.

Once you've done that, take steps to stop further damage. If the scam affects your bank account, contact your bank straight away. Think someone has one of your passwords? Change your password immediately.


Lesson complete!

Well done on completing this lesson. You should now be ready to use the web safely, with confidence. We suggest you continue your learning with the next lesson ‘Using social media safely’. This will help you use some of the tips you have learnt here, to stay safe on social media.


Up next for you:

Next lesson: Using social media safely
Back to: Get started online


Bank of Scotland Academy is committed to providing information in a way that is accessible and useful for our users. This information, however, is not in any way intended to amount to authority or advice on which reliance should be placed. You should seek professional advice as appropriate and required. Any sites, products or services named in this module are just examples of what's available. Bank of Scotland does not endorse the services they provide. The information in this module was last updated on 8th November 2023..