This article originally appeared in the June 2025 issue of Cybersecurity Law & Strategy. Read it here.

In an era when digital threats like phishing, identity theft and data breaches are increasingly sophisticated, personal cybersecurity is more critical than ever. While organizations deploy advanced defenses, individuals remain a prime target for cybercriminals exploiting everyday online activities.

The NIST 2025 guidelines highlight practical, user-centric strategies to protect personal data and devices. They provide actionable tips for individuals to secure their digital lives, from safe browsing habits to robust authentication practices, in both their personal and professional environments. By adopting these measures, you can significantly reduce your risk and navigate the online world with confidence.

1. Use a VPN 

Public Wi-Fi = Public exposure. It is always recommended to avoid public Wi-Fi to ensure that a user is at no risk of exfiltration of sensitive data due to man-in-the-middle attacks. Unfortunately, in certain situations, it may not be possible to avoid public Wi-Fi. Using a virtual private network will ensure that the network traffic is anonymized and encrypted and will bar any attacker from being able to read the network traffic and extract sensitive data. 

2. Be Extra-Vigilant on Phishing Emails 

With the advancement of artificial intelligence, attacks have become increasingly frequent and sophisticated. AI has enabled attackers to create highly plausible phishing email look-alikes which can be extremely difficult for a user to recognize. Thus, it is critical always to examine the sender’s information, such as the domain, and verify the person exists in the entity—for example, by checking on LinkedIn. If unsure, it is always better to reach out to the sender through a known channel to verify the legitimacy of the email. 

3. Be Cautious of QR Codes

QR codes have become commonplace in recent years, used for everything from restaurant menus to “contact me” signs at conferences. However, as convenient as scanning a code instead of typing a URL may be, QR codes can represent significant security concerns in what is known as “quishing” (QR phishing). Barracuda researchers identified 500,000 quishing emails over three months. Taking advantage of the increasing public trust of QR codes, attackers build look-alike pages that, on a phone, may be indistinguishable from the real site, mimicking banking and finance apps.

Always be cautious of scanning a QR code in public. Is it at a restaurant you’ve been to before? Then go ahead. Is it taped to a pole in a crosswalk? Skip that one. 

4. Separate Your Work and Personal Life 

Mixing work and personal activities creates vulnerabilities that attackers exploit. Using work email or credentials for personal services risks exposing the firm’s systems to phishing or credential theft, as personal platforms often lack the same level of enterprise-grade security.

Similarly, accessing personal accounts on work devices can introduce malware or unauthorized access, bypassing organizational controls. NIST guidelines emphasize strong, unique credentials, and blending work and personal spheres undermines this, increasing the likelihood of data breaches or compromised corporate networks. 

5. Always Initiate Activity 

Responding to unsolicited emails, calls or messages requesting credentials or financial details is a major vulnerability, as attackers frequently impersonate IT departments, banks or trusted entities. Social engineering tactics, such as phishing or vishing, exploit human trust, bypassing technical controls like multifactor authentication.

NIST’s guidelines advocate proactive security measures, but reacting to unsolicited requests undermines these efforts, enabling attackers to harvest credentials or gain unauthorized access to systems, often without triggering detection mechanisms. Always initiate the activity yourself; never answer a call or email to provide sensitive information. Always be the one calling or emailing. 

6. Use Strong, Unique Passwords 

Weak or reused passwords are a leading cause of personal data breaches. NIST’s most recent guidelines recommend using long, memorable passphrases (15+ characters) that are unique for each account. Avoid common words or predictable patterns and consider using a reputable password manager to generate and store complex passwords securely. This practice makes it significantly harder for attackers to crack your credentials through brute-force attacks or exploit them across multiple platforms. 

7. Enable 2FA 

Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone or an authentication app, in addition to your password. Even if an attacker steals your password, 2FA makes unauthorized access much harder. NIST’s guidelines strongly endorse 2FA as a simple yet effective way to protect personal accounts from email to banking against phishing and credential theft. 

8. Keep Your Personal Devices Updated 

Outdated software on personal devices, such as smartphones, laptops or tablets, can expose you to exploits targeting known vulnerabilities. Cybercriminals often use these weaknesses to install malware or spyware or steal data without your knowledge.

Regularly update your devices’ operating systems, apps and browsers to ensure you have the latest security patches. Enable automatic updates where possible, as recommended by NIST’s latest guidelines, to stay protected against ransomware and other evolving threats. 

9. Be Cautious with Social Media Sharing 

Oversharing personal information on social media can provide attackers with details to fuel phishing attacks, identity theft or social engineering scams. Avoid posting sensitive information, such as your birth date, address or travel plans, and review your privacy settings to limit who can see your posts. Recent guidelines emphasize minimizing your digital footprint to reduce the risk of targeted attacks exploiting publicly available data. 

10. Use Secure Cloud Storage 

Storing sensitive files in insecure locations, like email attachments or unencrypted drives, risks data exposure. Instead, opt for reputable cloud storage services with strong encryption and 2FA to protect your documents, photos and other personal data. Regularly review access permissions and avoid sharing links publicly. This aligns with NIST’s 2025 recommendations for safeguarding data against unauthorized access or breaches. 

Personal cybersecurity is a vital defense against today’s sophisticated digital threats. By adopting habits like using VPNs on public Wi-Fi, staying vigilant against phishing and QR code scams and keeping work and personal activities separate, individuals can significantly reduce their risk. Complementing these habits with strong, unique passwords, 2FA, updated software, cautious social media use and secure cloud storage creates a robust personal security framework.

When you take responsibility for your digital safety following NIST-aligned practices, you protect not only your data but also contribute to a safer online ecosystem for everyone.

Reprinted with permission from the June 2025 edition of the Cybersecurity Law and Strategy Law Journal Newsletter © 2024 ALM Global Properties, LLC. All rights reserved. Further duplication without permission is prohibited, contact 877-256-2472 or [email protected].