Digital security and privacy are not destinations — they are practices that develop over time, starting with a few high-impact controls and expanding as knowledge, tools, and threat awareness grow. This complete guide to security and privacy is the organised map of that journey: 79 in-depth guides covering every major topic in personal and organisational security and privacy, structured so you can start from where you are and build toward where you want to be. Whether you are setting up a password manager for the first time, hardening a cloud environment, protecting sources as a journalist, or implementing privacy by design in a product — this complete guide to security and privacy is the reference that connects everything.
The guides in this complete guide to security and privacy library are grouped by the protection layer they address. Security works in layers: no single control protects everything, but each layer addresses the threats the others cannot. Start with the foundations — credentials and device basics — then add network, privacy, organisational, and advanced layers as your security posture develops. This complete guide to security and privacy covers both individual users and organisations, because the foundational controls are identical and the advanced controls build on the same base.
The Foundation Layer
Every effective security posture starts with the same three foundations: strong unique credentials managed by a password manager, two-factor authentication on every account, and reliable backups. These three controls address the threats that affect the most people most often — and this complete guide to security and privacy library has a dedicated guide for each. If these three are in place — as this complete guide to security and privacy strongly recommends making the first priority — the majority of automated attacks fail. If any of these three is missing, the rest of the security stack rests on unstable ground.
Credentials and password management: Our guide on using a password manager covers setup from scratch. Our guide on creating strong passwords explains what makes a password genuinely resistant to attack. The complementary guide on passkeys vs passwords covers the emerging authentication standard that may eventually replace passwords for many services. For teams and organisations, our guide on password manager for teams covers the shared vault architecture that enables team credential management without sacrificing individual accountability.
Two-factor authentication: Our guide on enabling two-factor authentication covers setup for every major platform. Our guide on two-factor authentication setup covers the backup codes, phone migration, and shared account considerations that determine whether 2FA survives a device loss. Our authenticator app comparison helps choose between Google Authenticator, Aegis, Authy, and others. For the strongest available second factor, our hardware security key guide covers YubiKey, FIDO2, and phishing-resistant authentication. Our guide on secure password reset addresses the recovery flow that is often the weakest link in otherwise strong account protection. And our guide on preventing account takeover covers every attack technique — credential stuffing, AitM phishing, SIM swap — and the specific defences that work against each.
Device and Email Security
Securing the devices and email accounts that are the gateway to everything else is the second layer of this complete guide to security and privacy. A well-protected account accessed from a compromised device remains vulnerable — this section of the complete guide to security and privacy addresses both sides of that equation.
Device security: Our guides on securing your laptop and keeping your phone secure cover the full device configuration for Windows, macOS, iOS, and Android. Platform-specific deep dives: our Windows Defender guide, macOS security settings, Windows privacy settings, Windows 11 location tracking, iPhone privacy settings, iOS app permissions, and Android privacy settings provide the platform-specific configuration detail that general device guides cannot. Our guides on firewall settings and USB security cover often-overlooked device-layer controls. For threat response, our guides on removing malware from Windows, removing spyware, and malware types explained provide the knowledge to respond correctly to each infection type.
Email security: Our guide on securing your email covers the complete email account hardening process. Our guide on checking if your email was hacked covers the detection and remediation of account compromise. Our guide on encrypting your email covers ProtonMail, OpenPGP, and end-to-end encrypted email options. Our guide on email security best practices covers SPF, DKIM, DMARC, attachment handling, and operational security habits for both individuals and organisations.
Network, Browser, and Privacy Tools
The network and browser layers determine what data is collected from every browsing session and what protection the connection provides in transit. This complete guide to security and privacy includes dedicated guides for every major control at this layer.
Network security: Our guides on securing your home WiFi, network security basics, WiFi security protocols (WEP, WPA2, WPA3), securing your smart home, and our Wi-Fi network security guide cover the home network stack comprehensively. Our guides on using public WiFi safely and setting up a VPN on Windows 11 cover secure network use outside the home. Our guide on VPN no-logs policy explains how to evaluate whether a VPN provider’s privacy claims are verifiable.
Browser and privacy tools: Our guide on securing your browser covers the settings and configuration that harden any mainstream browser. Our guides on browser privacy extensions and choosing a privacy-focused browser cover the extension stack and the Brave/Firefox/Tor comparison. Our guide on using Tor browser covers the complete Tor usage guide — security levels, what not to do, and bridges for blocked networks. Our comprehensive guide on online privacy tools maps the full stack from uBlock Origin through DNS over HTTPS to email aliases and virtual cards. Our guide on using private browsing mode clarifies what it actually protects against — a question this complete guide to security and privacy addresses for every tool it recommends. And our guide on secure file deletion covers HDD overwriting, SSD encryption, and device wipe for sale or donation.
Privacy and Identity Protection
Privacy protection extends beyond the browser to data collection, behavioural tracking, and identity fraud. This complete guide to security and privacy section covers the full privacy protection library.
Identity and data protection: Our guides on protecting your online identity, protecting your personal data, stopping data brokers, and reducing your digital footprint cover the proactive data minimisation that limits what advertisers, attackers, and data brokers can access. Our guide on dark web monitoring covers the breach detection services that provide early warning. Our guide on credit monitoring services covers financial identity protection alongside credit freezes. Our guide on identity theft recovery provides the complete FTC report, credit freeze, and dispute process for victims. Our guide on biometric data privacy covers the irreversible privacy risks of facial recognition, fingerprints, and commercial biometric collection.
Social, shopping, and communication privacy: Our guides on protecting your privacy on social media, safe online shopping, secure messaging apps, and secure file sharing cover privacy in the specific contexts where most personal data is exchanged. Our guide on digital privacy for journalists covers the elevated privacy requirements for source protection — one of the most specialised chapters in this complete guide to security and privacy.
Threat Awareness
Understanding how attacks work makes all other controls effective. This complete guide to security and privacy includes dedicated threat education for every major attack category.
Our guides on avoiding phishing scams and social engineering attacks cover the human-layer attacks that technical controls cannot fully prevent. Our guides on protecting against ransomware and backing up your data cover the most financially damaging category of consumer and business attacks. Our guide on checking website safety provides the tools and habits for identifying fraudulent sites. Our guide on malware types explained maps every malware category — viruses, worms, Trojans, ransomware, spyware, rootkits, cryptominers, and infostealers — to its specific defence. For understanding the data landscape, our guide on software supply chain security covers SolarWinds-style attacks that arrive through legitimate channels — and this complete guide to security and privacy explains how to defend against each.
Organisational and Advanced Security
For organisations, professionals, and users with advanced security requirements, this complete guide to security and privacy library covers every major organisational security topic with guides that scale from small business to enterprise.
Organisational security: Our guides on small business cybersecurity, security awareness training, incident response planning, and cyber insurance cover the complete organisational security posture from baseline controls to breach response. Our guides on remote work security and secure home office setup address the specific security challenges of distributed workforces. Our guide on data loss prevention covers DLP technology, classification, and Microsoft Purview. Our guide on privacy by design covers the seven principles, DPIAs, data minimisation, and technical controls for product teams. Our guide on the zero trust security model covers the never-trust-always-verify architecture that is replacing perimeter security. Our guide on cloud security best practices covers AWS, Azure, and GCP security from IAM to logging and CSPM.
Specialised security topics: Our guides on securing remote desktop, secure cloud storage, encrypting files on Windows, secure file sharing, network security basics, WiFi security protocols, firewall configuration, and password management for teams cover the specific technical security topics that arise in business and technical contexts. Our guides on child online safety, cybersecurity for beginners, and the digital security checklist serve users at every experience level — from first-time security learners to professionals building annual review schedules. According to CISA’s cybersecurity awareness guidance, the combination of strong passwords with MFA, software updates, and phishing awareness addresses the majority of cyber incidents affecting individuals and small organisations — and this complete guide to security and privacy covers each of these foundational controls in depth while extending to every advanced topic that builds on them. According to the EU Agency for Cybersecurity’s threat landscape reports, credential theft, ransomware, and phishing remain the top three threat categories year after year — making the foundational guides in this library the highest-return starting point for any user or organisation building their security posture for the first time.
This complete guide to security and privacy is designed to be used as a reference across many sessions rather than read start to finish in one sitting. The right approach: start with whatever layer has the biggest gap in your current security posture. If credentials are unmanaged — start with the password manager guide. If devices have never been audited — start with the device security guides. If the organisation has no incident response plan — start with that guide and the cyber insurance guide alongside it. Each guide in this complete guide to security and privacy stands independently while linking to the related guides that provide depth on adjacent topics.
The ongoing practice of security — revisiting the digital security checklist annually, keeping software updated, reviewing account recovery options, monitoring breach alerts, and staying aware of emerging threats — is what makes the investment in this complete guide to security and privacy compound over time rather than decay. Security that was configured two years ago and never reviewed has drifted from its original posture as devices changed, accounts were added, and threat techniques evolved. The digital security checklist provides the scheduled review framework that keeps the complete guide to security and privacy posture current — quarterly for active maintenance items, annually for full review, and event-triggered for life changes like new devices, new jobs, or new family members. Return to this complete guide to security and privacy when new topics become relevant, when new threats are publicised, or simply as part of the annual review — it will be here, fully linked, with every topic covered at the depth that makes it actionable rather than theoretical.
One aspect of this complete guide to security and privacy worth making explicit for new readers: the guides are written for the full capability range, from people setting up their first password manager to professionals implementing zero trust architectures. The language is accessible and the guides start from first principles, but the technical depth increases progressively — the cloud security best practices guide and the software supply chain security guide assume more familiarity with technical concepts than the cybersecurity for beginners guide. If any guide in this complete guide to security and privacy assumes more context than you currently have, the links within it will point to the foundational guides that provide that context. The library is self-referencing by design — every advanced topic links back to the basics it builds on, and every basic topic links forward to the advanced applications it enables. Use those cross-links actively, not just as reference but as the connective tissue that makes this complete guide to security and privacy a coherent body of knowledge rather than a collection of isolated articles.
Situation-specific guides
The layers above form the core, but a handful of situations raise security questions that general advice cannot fully answer, and each has its own dedicated guide. Families with children will get more from our guide to child online safety, which covers parental controls and the communication-led approach that works better with teenagers than monitoring alone. People working away from a corporate network should read remote work security for home-office and public-workspace specifics. Anyone buying online will find the habits that matter in safe online shopping, from virtual card numbers to post-purchase monitoring. Securing the individual accounts that hold the most — email, banking, primary logins — is covered in depth in our guide to online account security. And if all of this feels like a lot at once, cybersecurity for beginners distils it down to the few steps that deliver most of the protection.
Security as an ongoing practice, not a one-time setup
The most useful way to hold all of this together is to treat security as something you maintain rather than something you finish. The landscape shifts — services are breached, settings reset with updates, new accounts enter your life while old ones linger — so the practice is a rhythm rather than a project: checking breach-monitoring alerts each month, auditing app permissions and account access each quarter, and verifying your recovery options and backups once a year, with an extra review whenever a device, a job, or a relationship changes.
Underneath the specifics is a simple principle: protect in proportion to real risk. Strong unique passwords and two-factor authentication stop the most common automated attacks; device encryption and automatic updates close the next tier; phishing and social-engineering awareness cover the human layer; privacy settings and data-broker opt-outs limit passive collection; and backups with a basic incident plan handle the case where something gets through anyway. No single layer is sufficient on its own, but together they are far more than the sum of their parts. If you are starting from scratch, begin with a password manager and 2FA on your email — thirty minutes there defends against the bulk of attacks aimed at ordinary users — and work outward from the foundation through the rest.







