TL; DR
Cybersecurity and privacy are no longer “IT problems”. They are life problems. Our money, our words, our photos, our medical files, even our political choices sit on servers we do not see, guarded by passwords we often choose in a hurry.
In recent years, attacks on schools, city councils, casinos, and police data have shown how fragile our systems can be when security is neglected. At the same time, new privacy laws in places like China, the UK, the US, and elsewhere are trying to catch up with this reality, often after damage has already been done.
For me, this is not just theory. When my opinion articles started to circulate, I received threatening SMS and WhatsApp messages from people who did not like what I was writing.
That was the moment I realised my phone number, my online accounts, and my personal data were not just “contact details”. They were attack surfaces. Since then, strong passwords, backups, and cautious clicking stopped being “nice ideas”. They became survival tools.
This article walks through what cybersecurity really means, highlights some real incidents, explains how privacy laws are evolving, and gives practical steps you can take to stay safer and more informed online.
FAQs
Q1. What is cybersecurity in simple terms?
Cybersecurity is the practice of protecting devices, networks, systems, and data from digital attacks. It covers both technology and human behaviour, from firewalls and encryption to training people to spot phishing attempts.
Q2. How is cybersecurity connected to privacy?
Cybersecurity focuses on keeping systems and data safe from attacks. Privacy focuses on how personal data is collected, used, shared, and controlled. Without good security, privacy collapses.
Q3. Why are cyberattacks on schools, councils, and hospitals so serious?
Because these sectors run critical services. When they go offline, people lose access to education, benefits, health care, pay systems, and other essentials. In some cases, lives can be at risk.
Q4. What are the most common cyberattacks I should know about?
The big ones include malware, ransomware, phishing emails and messages, denial of service attacks, man in the middle attacks, and exploits of software vulnerabilities that have not been patched.
Q5. Do I really need to care about data protection laws as an ordinary person?
Yes. These laws define your rights over your data and the obligations of organisations that collect it. They can give you power to access, correct, or delete your data, and require companies to tell you when they leak it.
Q6. What are the easiest steps I can take to improve my security today?
Update your devices, use strong and unique passwords, turn on two factor authentication where possible, back up your data, and slow down before clicking on links or opening attachments in emails or messages.
Introduction
Cybersecurity and privacy used to sound like specialist topics reserved for IT teams and lawmakers. Not anymore.
Today, banks, schools, governments, hospitals, small shops, churches, NGOs, and solo creators all depend on online systems. Most of our important documents, numbers, and conversations now pass through devices that can be hacked or mishandled.
I remember when the worst “security issue” in my life was losing a physical notebook or a paper letter. Now, a single leaked document, exposed password, or stolen email account can cause damage across several countries in a few seconds.
In this article, we will:
• Explain what cybersecurity really covers
• Look at some real cyber incidents involving critical services
• Explore how privacy and data protection laws are changing
• Share practical steps to protect yourself and your work
The goal is not to make you paranoid. It is to make you prepared.
What Is Cybersecurity, Really?
Cybersecurity is the work of defending systems, networks, and data from digital attacks. It is not just about computers. It is about every device that connects to the internet and every person who uses them.
Common types of cyberattacks
Here are some major attack types, in plain language:
- Malware
Malicious software that infects or damages systems. This includes:
• Viruses and worms that spread across devices
• Trojans that hide inside “normal” programs
• Spyware that silently tracks what you do
• Ransomware that encrypts your files and demands payment - Phishing
Fake emails, texts, or messages designed to trick you into:
• Revealing passwords or bank details
• Clicking harmful links
• Downloading infected attachments - Denial of service (DoS and DDoS)
Attackers flood a website or service with traffic until it slows down or shuts down, making it unavailable to real users. - Man in the middle (MITM) attacks
Attackers secretly insert themselves between you and a site or service, reading or altering the communication without your knowledge. - SQL injection and other code exploits
Attackers insert malicious instructions into online forms or queries to access, change, or delete data inside databases. - Zero day attacks
Attacks that exploit vulnerabilities that software makers do not even know about yet. There is no patch, no fix, until after the first wave of damage.
Core cybersecurity measures you should know
Good cybersecurity is a mix of tools and habits:
• Encryption
Turning readable data into unreadable code that only authorised people can unlock.
• Firewalls
Filters that control what traffic is allowed in and out of a network or device.
• Antivirus and anti-malware
Software that detects and removes malicious programs.
• Authentication
Verifying that someone is who they claim to be. Passwords, biometrics, tokens, and two factor authentication belong here.
• Backups
Regular copies of your important data stored in separate places. If ransomware or a hardware failure hits, your backup is your rescue boat.
• Education and awareness
Training people to recognise suspicious messages, risky behaviour, and basic hygiene like not reusing passwords.
In short, cybersecurity is not just about machines. It is about people, process, and technology working together.
Cyberattacks Against Critical Infrastructure and Public Services
Why critical infrastructure is a target
Attackers go where disruption is most painful and profitable. Critical infrastructure and public services are attractive because:
• They hold large volumes of sensitive data
• They often run on older systems with limited budgets for upgrades
• Taking them down creates chaos, which can pressure victims to pay ransoms
Hospitals, schools, councils, police services, and big companies have all learned this the hard way.
Real incidents and what they teach us
In recent years, we have seen:
• A major casino operator suffering an attack that disrupted slot machines and payment systems across multiple locations. Operations were hit hard, and a massive ransom was reportedly demanded.
• A secondary school hit by a cyberattack that encrypted its files and demanded money to unlock them. Email, online learning, and communication channels were all affected.
• A suspected data breach involving a large police organisation, exposing personal details of thousands of officers and staff, including names and bank details.
• A city council that had to shut down its website and online services for days after a suspected attack, forcing residents back to manual processes.
Each case is different, but the lessons repeat:
- Critical systems are often more fragile than they look.
- Attackers are not just going after big tech firms. They go after whoever is unprepared and valuable.
- The impact is not just technical. It is social, financial, and sometimes physical.
For people like us, who depend on public services and digital systems, this means we cannot assume “someone else” is taking care of it. Security is now a shared responsibility.
Data Protection and Privacy Laws Under Pressure
While attackers are getting smarter, lawmakers are trying to tighten the rules on how personal data is handled. Privacy is becoming a global legal battlefield.
Regulators demanding more accountability
In some countries, regulators have fined organisations for failing basic security tests before being attacked. The message is simple:
“If you hold people’s data, you must protect it properly, not after the breach, but before.”
New and stronger privacy laws
Several trends are visible worldwide:
• Comprehensive privacy laws that set strict rules for how personal data is collected, stored, used, and transferred
• Extra rules for companies that handle sensitive information, like health data
• Requirements to notify users and regulators quickly when data is breached
• Increased rights for individuals to access, correct, or delete their data
These laws try to balance innovation with protection. They are not perfect, and enforcement levels vary, but they are signals: the era of “collect everything and worry later” is closing.
For anyone running a business, organisation, or even a small online project, this means:
• You must know what data you collect
• You must be clear why you collect it
• You must secure it properly
• You must be ready to respond if something goes wrong
How I Learned to Take Cybersecurity Personally
For a long time, “security” for me meant physical danger. Bullets, conflict, hunger, and survival shaped my early understanding of risk.
Digital risk felt abstract. A password was just a gate to an email inbox, nothing more.
That changed when my writing reached more people. After some opinion pieces were published, I started receiving threatening SMS and WhatsApp messages from strangers who did not like my views. Some messages included details that showed they had seen my number and activity in places I had not expected.
It hit me:
• My phone number was a data point.
• My accounts were doors.
• My weak passwords were open invitations.
From there, I began to:
• Use stronger, unique passwords for key accounts
• Turn on two factor authentication where possible
• Be more careful about where I share my personal details
• Back up my documents regularly
• Treat my data and my contacts’ data as something to guard, not something to casually throw around
I realised that for writers, activists, entrepreneurs, and anyone with a public voice, cybersecurity and privacy are not optional topics. They are part of staying alive, safe, and effective in the digital age.
Practical Steps to Stay Safer Online
You do not need to become a cybersecurity engineer to protect yourself. Small, consistent actions go a long way.
Update your systems
• Keep your phone, laptop, and apps updated
• Turn on automatic updates where possible
Many attacks exploit old vulnerabilities that have already been fixed in updates that people did not install.
Strengthen your passwords
• Use long, unique passwords for important accounts
• Avoid reusing the same password everywhere
• Consider using a password manager to keep track of them
A strong password plus two factor authentication on email, banking, and social media is one of the best defences you can have.
Turn on two factor authentication
Where available, use:
• SMS codes
• Authenticator apps
• Hardware keys
This adds another layer, so even if someone steals your password, they still cannot log in easily.
Back up your data regularly
• Store copies of important files in more than one place
• Use external drives and secure cloud storage
• Test your backups occasionally to be sure they work
If ransomware strikes, your backup can turn a disaster into an inconvenience.
Be careful with links and attachments
• Slow down before clicking links in emails or messages
• Check the sender’s address and the actual URL
• Do not download attachments you were not expecting
Most attacks still begin with someone being tricked into clicking the wrong thing.
Limit how much you share
• Think before posting personal details publicly
• Review app permissions on your devices
• Do not give more data than necessary on forms and websites
Remember: the internet has a long memory.
Staying Informed Without Living in Fear
Cybersecurity and privacy are constantly evolving. New threats, new tools, and new laws appear regularly. You do not need to follow every headline, but you can:
• Subscribe to one or two trusted cybersecurity newsletters or podcasts
• Take a short introductory course on cybersecurity basics
• Follow official announcements from regulators or major platforms you use
• Keep learning at a slow but steady pace
You want awareness, not panic. The goal is to build a calm, informed posture, where you respect digital risks, but you are not paralysed by them.
Conclusion
Cybersecurity and privacy are no longer side topics. They are central to how we live, work, learn, bank, communicate, and express ourselves.
Attacks on critical services show how much damage a few lines of malicious code can cause. New data protection laws show how serious governments are becoming about personal data. Personal stories, like receiving threatening messages or watching a service go offline, remind us this is not abstract.
The good news is this: you are not powerless. With updates, strong passwords, backups, careful clicking, and continuous learning, you can reduce your risk significantly.
You may not control the global internet, but you can control how you move inside it. And that choice, repeated daily, is what turns fear into wisdom and exposure into resilience.
