Learning Basic Cybersecurity Practices
Loading expected effects…
What it is
A structured effort to adopt the core layer of personal digital security that sits above password management: enabling two-factor authentication (2FA) on important accounts, learning to recognise and avoid phishing attempts, keeping devices and software updated promptly, and preferring encrypted connections (HTTPS, avoiding unprotected public Wi-Fi). Together these four practices address the most common vectors through which personal accounts and devices are compromised – credential takeover, social engineering, unpatched vulnerabilities, and network interception. The intervention is distinct from password manager setup, which is a prerequisite: that intervention eliminates credential reuse; this one hardens the surrounding security layer against attacks that a strong password alone cannot stop.
Sources and key statistics
- Covers four practices in a single behaviour-change intervention: 2FA enrolment across important accounts, phishing recognition skills, systematic software patching, and encrypted-connection habits – each targets a distinct attack vector, providing defence in depth
- Research from KnowBe4 across millions of users shows security awareness training reduces phishing click rates by up to 86% within a year; baseline susceptibility across untrained populations is around 33%
- Statistics from electroiq.com indicate 2FA blocks 100% of automated bot-based credential attacks and stopped an estimated 42% of cyberattacks in 2024; adoption among individuals remains low (~52% have it on at least one account)
- Automox research attributes approximately 60% of data breaches to known, unpatched vulnerabilities – keeping software current is one of the most structurally reliable risk reductions available
- Distinct from password manager setup: that intervention eliminates credential reuse; this one addresses what happens after credentials are set – account takeover via stolen second-factor bypass, social engineering, and device-level exploitation
Cost
- Upfront cost: $0
- Ongoing cost: $0/month
- Upfront time: 3 hours
- Ongoing time: 0.25 hours/week
Personalise these costs
Override the population estimates with your own. Saved to your profile and used to recalculate Time and Money EROIs.
per
per
How to do it
- Enable 2FA on every important account (email, banking, cloud storage, social media) – prefer an authenticator app (e.g. Aegis, Authy, Google Authenticator) over SMS, which is vulnerable to SIM-swap attacks; work through accounts in one session ranked by sensitivity
- Learn to identify phishing: check sender addresses (not just display names), hover over links before clicking, be sceptical of urgency cues (“your account will be suspended”), and verify unexpected requests through a separate channel rather than replying in-thread
- Enable automatic updates on your operating system, browser, and key apps; where auto-update is unavailable, schedule a monthly manual check – patching known vulnerabilities is one of the highest-ROI security actions available
- Use encrypted connections by default: confirm HTTPS (padlock icon) before entering credentials, avoid entering sensitive data on public Wi-Fi without a VPN, and prefer mobile data over unknown networks for banking or email
What success looks like
- Every email, banking, and cloud account prompts for a second factor at login – and you have backup codes stored securely in case the primary device is lost
- You can reliably identify the structural features of a phishing attempt (mismatched domain, urgency framing, unexpected attachment) before clicking, and you have a habit of pausing on surprising messages
- Your devices and browser update automatically or on a regular schedule, and you have not deferred a critical security patch for more than a week
Common pitfalls
- Enabling 2FA only on one or two high-profile accounts while leaving secondary accounts (which are often used for password reset flows) unprotected – attackers target the weakest link in the chain
- Relying on SMS-based 2FA as the default without recognising its vulnerability to SIM-swapping; authenticator apps or hardware keys are meaningfully more secure
- Treating phishing training as a one-time exercise – threat actors continuously update tactics (AI-generated spear phishing, voice phishing), so the skill requires periodic refreshing
Prerequisites
- A smartphone or computer with internet access, and accounts on services that support 2FA
- A password manager already in use (or unique strong passwords per account) – this intervention assumes credential hygiene is already in place
- Basic literacy with device settings and app installation – sufficient to configure auto-updates and install an authenticator app
- An email address or phone number for account recovery setup, required by most 2FA enrolment flows
Expected effects across life areas
| Life area | Value | PBS | ISR | UAR | Confidence | Baseline (population percentile) | EBS |
|---|---|---|---|---|---|---|---|
| Digital Safety | Comprehensive security | 7 | 70% | 50% | medium | 35th | … |
| Digital Safety | Usability and convenience | -3 | 80% | 50% | medium | 35th | … |
| Cognitive Skills | Lifestyle integration | 4 | 55% | 50% | low | 35th | … |
Detailed Scoring
Scoring uses a logarithmic scale from 0 to 10, where each unit increase represents roughly double the impact. Learn more about ROI calculations.
Digital Safety – Comprehensive security
Anchor: Change in breadth and sophistication of digital security practices
Logarithmic Scale:
- Score 10: Transformative gain in comprehensive digital security
- Score 8: Major gain in comprehensive digital security
- Score 6: Meaningful gain in comprehensive digital security
- Score 4: Modest gain in comprehensive digital security
- Score 2: Slight, barely noticeable gain in comprehensive digital security
- Score -2: Slight, barely noticeable reduction in comprehensive digital security
- Score -4: Modest reduction in comprehensive digital security
- Score -6: Meaningful reduction in comprehensive digital security
- Score -8: Major reduction in comprehensive digital security
- Score -10: Severe damage to comprehensive digital security
Potential Benefit Score (PBS):
7
Intervention Success Rate (ISR):
70%
User Adherence Rate (UAR):
50%
Expected Benefit Score (EBS):
Loading...
Digital Safety – Usability and convenience
Anchor: Change in how seamlessly security measures integrate into daily workflows
Logarithmic Scale:
- Score 10: Transformative gain in convenience of digital security practices
- Score 8: Major gain in convenience of digital security practices
- Score 6: Meaningful gain in convenience of digital security practices
- Score 4: Modest gain in convenience of digital security practices
- Score 2: Slight, barely noticeable gain in convenience of digital security practices
- Score -2: Slight, barely noticeable reduction in convenience of digital security practices
- Score -4: Modest reduction in convenience of digital security practices
- Score -6: Meaningful reduction in convenience of digital security practices
- Score -8: Major reduction in convenience of digital security practices
- Score -10: Severe damage to convenience of digital security practices
Potential Benefit Score (PBS):
-3
Intervention Success Rate (ISR):
80%
User Adherence Rate (UAR):
50%
Expected Benefit Score (EBS):
Loading...
Cognitive Skills – Lifestyle integration
Anchor: Number of evidence-based lifestyle practices maintained daily for cognitive benefit (sleep, exercise, nutrition, stress management, social engagement)
Logarithmic Scale:
- Score 10: 5 practices maintained daily with optimised protocols
- Score 8: 3 practices maintained daily with understanding of cognitive effects
- Score 6: 1-2 practices maintained specifically for cognitive benefit
- Score 4: Basic sleep hygiene with some awareness of lifestyle effects
- Score 2: No deliberate lifestyle practices for cognitive support
- Score -2: Trivial abandonment of cognitive-support practices
- Score -4: ~1 cognitive-support practice abandoned
- Score -6: ~2 cognitive-support practices abandoned
- Score -8: ~3-4 cognitive-support practices abandoned
- Score -10: All 5 cognitive-support practices abandoned
Potential Benefit Score (PBS):
4
Intervention Success Rate (ISR):
55%
User Adherence Rate (UAR):
50%
Expected Benefit Score (EBS):
Loading...