He wewete pōhēhē mō te haumarutanga tuihono

Busting myths about online security

There's a lot of information out there about online security, but what's true and what's not? We decided to round up some of the most common myths we see about online security here, and give you the facts.

Grandmother and child laughing together with the child's arm around her shoulder
  • It won’t happen to me

    It’s easy to think, “it won’t happen to me” when it comes to online security – it’s just something you hear other people talking about, or something that only happens to famous people. While famous people can be targeted by scammers online (and often are), they’re not the only ones. Anyone can be the target of an attack online, because scammers don’t discriminate. They don’t target people individually. Instead, they cast as wide a net as possible to see who will take the bait. So it’s important to be vigilant, and do as much as you can to protect yourself. Knowing the risks and how to stay protected online is what will keep you safe, not assuming it only happens to other people.

    Common risks and threats

  • Phishing is the only thing to worry about

    Many people think that phishing – a type of email scam that asks you to either click a link and enter personal information, or open an attachment in the email – is the only real online threat you need to be aware of. While it is very common, it’s not the only threat out there.

    The type of attacks we see happening online changes constantly. New threats appear, and existing threats become more and more sophisticated. So, it’s good to stay up-to-date and aware of what the risks are, and how you can protect yourself against them.

    Top 11 online security tips

  • You just need good antivirus software to keep you safe

    Having good antivirus software – like Windows Defender – on your devices is really important, and it definitely helps keep them safe and secure. But antivirus software is only one piece of the security puzzle.

    What you really need to do is build up layers of security to stay protected online, because nothing is foolproof. Think of online security like swiss cheese: each layer has holes in it, but the holes aren’t all in the same place. So if an attacker gets through a hole in one layer, the next layer should stop them. If not, then the next layer is there as protection, and so on. The more layers you have, the less likely it is that an attack will get through.

    Good security makes life hard for attackers – if you’re not an easy target, they’ll move on.

    Get protected

  • No one will be able to guess your password

    It’s easy to think that being compliant with something means you’re protected. Take passwords, for example. Some sites have ‘strength calculators’ designed to check how strong a new password is when you set up an account. But really, they’re just checking you meet the rules set up around creating a password, not how strong or secure the password actually is. It might meet all the requirements – like, ‘your password must be a minimum of 12 characters with a number included’ – but that doesn’t mean it’s a good, secure password. It could still be something that’s easy for an attacker to crack.

    Make sure you know how to create strong passwords for your online accounts, and think about adding another layer of security by setting up a password manager.

    Keep your data safe with a password manager

  • You’ll know if your computer is infected

    Not always! Sometimes it’s not until something obvious happens – like a ransomware attack – that you’ll know your computer has been infected. For example, an attacker could have gained access to your computer and used it to steal personal information without your knowledge long before a ransomware attack happens. Make sure you put some basic protections in place to ensure this doesn’t happen, and keep your personal information safe and secure.

  • It costs a lot to be secure online

    It doesn’t need to cost money to get protected online. There’s a lot you can do for free, and you don’t need to hire someone to help you get set up either – many of the steps we recommend are straightforward. is a really effective method for preventing online attacks, and it’s a simple thing to set up. You can also choose to use -based services, like Google Docs, as they come with security protection built in, giving you one less thing to worry about.

  • Someone else will take care of things for you

    It’s tempting to think you can leave everything to someone else to look after – like your bank, or your internet service provider. After all, they’re big companies and have a lot of security protections in place already, right? But really, we all need to play our part – online security is everyone’s responsibility. It needs to become a way of life, just another bit of ‘life admin’ you give regular time to rather than something you only think about occasionally. The kind of attacks we see happening online changes constantly, they get more sophisticated, and the ways you can prevent them change too.

    Use our practical tips and how-to guides to get an understanding of the risks you face online, and learn what you need to do to stay safe and secure. Even if those big companies you have accounts with do have good security protections in place, they’re not foolproof either.

    Remember: it's much easier to prevent an attack than it is to recover from one.

    Get protected - guides