Skip to main content
By Michal Wochna

Cybersecurity Begins With the Small Stuff

We don’t lose our data in some epic battle. We lose it in the quiet moments, when we click too fast, trust too easily, or assume that something that looks right must be right.

I watched a cybersecurity webinar recently, not technical, not dramatic, but full of uncomfortable truths. The kind that stay with you. It walked through everyday scenarios, showing how we’re tricked not because we’re careless, but because we’re human. I couldn’t help thinking about my own team, my friends, even my family. This isn’t just IT. It’s life now.

So I wanted to pull together some of the lessons, not as a checklist, but as a reflection. These aren’t things to memorise. They’re things to sit with.

They Hide Behind What We Already Trust

The most effective attacks don’t start with hacking tools. They start with trust.

The session opened with an example of fake charity websites, perfectly timed to match real fundraising events. Nothing about them looked suspicious. The domain names were similar. The branding was copied. The cause was real. But the money? It went straight into the attacker’s pockets.

This pattern repeats everywhere: fake shops, fake offers, fake ads. You search for an airline or a courier service, and the top result on a search engine is an ad, paid for by a scammer. Click it, and you’re led into a near-perfect clone of the real thing. Before you know it, you’ve entered your details, and they’ve walked away with them.

Phishing is Quiet, Fast, and Looks Normal

There was a demo showing how attackers clone login pages. It looked identical to the real one. The moment you entered your email and password, it silently sent them to a server controlled by the attacker, then redirected you back to the actual website, as if nothing had happened. No error. No clue.

What hit me was how little it takes. A single click. A moment of rushing. A sense of familiarity. And that’s the danger: phishing doesn’t look dangerous. It looks like your email login. It looks like your delivery tracking. It looks like your boss asking for help.

The Enemy Is the Rush

This one’s personal. A colleague of mine once got a text message from “our boss.” It came during a busy day, and the message said something like: “Can you send me the details of those customers? Need it now, in a meeting.”

The tone was right. The number looked Irish. And it felt urgent. So he started typing up a reply, until he paused. Something about it felt off. He checked, and sure enough, it was fake.

That pause saved him. And it reminded me of something simple: rush is the enemy. When we rush, we hand over the keys. Whether it’s clicking “enable macros” on a suspicious Excel file, or walking through a crowded street with your backpack open, the result is the same. You don’t notice until it’s too late.

That’s why attackers love urgency. They write emails that say “your package is delayed,” “your account has been locked,” “you must respond now.” They don’t want you to think. They want you to react.

Passwords Are Not As Clever As We Think

We’ve all done it. Added an exclamation mark. Swapped an “a” for an “@.” Made something like “Winter2024!” and felt clever. But these are the first things attackers try.

The session showed lists of the most common passwords found in leaks, things like “zaq1@WSX” or “1qaz2wsx.” They look complex, but they’re based on keyboard patterns. Easy to remember, and easy to guess.

Reused passwords are just as risky. If one website gets breached, your password may be sold or shared online. And if you use it on multiple sites, email, shopping, work, you’re giving away more than you realise.

The better habit? Use a password manager. Let it generate and store strong passwords for each site. Yes, it takes a bit to set up. But so does cleaning up after an identity theft.

QR Codes Aren’t Just for Menus

We scan QR codes without thinking. They’re in restaurants, on posters, even on products. But a malicious QR code can point to a phishing site, or start a download in the background.

There was an example of attackers putting their own QR code stickers on top of real ones, redirecting people to a fake payment page or malicious form.

Again, it’s not about paranoia. It’s about pausing. Check where it leads. Think before you act.

The Threats Are Closer Than We Think

Attackers don’t just pretend to be banks. They pretend to be your boss. Your colleague. Your delivery driver. They might send a job offer on LinkedIn, or a complaint email pretending to be a customer.

They’re testing the human layer. The moment we engage, answer, click, download, they start walking through the door.

Some go further, building trust over days or weeks. Friendly emails. Follow-ups. Then, at just the right moment, a malicious link. It’s social engineering. And it’s patient.

The Solutions Aren’t High-Tech—They’re Human

Here’s the surprising part: the solutions aren’t always technical.

Yes, use multi-factor authentication. Yes, install updates. Yes, block macros by default. But more than that, build a culture where people are allowed to pause. Where questions like “does this feel right?” are encouraged, not punished.

Cybersecurity isn’t about paranoia. It’s about awareness. It’s about making good decisions, not just avoiding bad ones. And most of all, it’s about protecting each other.

In Closing: What I’m Taking Away

I left the webinar thinking less about systems, and more about people. About habits. About how many attacks succeed not because we’re stupid, but because we’re busy. Because we trust. Because we’re trying to do the right thing, quickly.

Cybersecurity begins with slowing down. With paying attention to what feels off. With asking the quiet questions before taking loud actions.

And that, I think, applies far beyond the screen.

Comments

Post a Comment

Popular posts from this blog

Kids Online. Parents Offline.

By Michal Wochna
A quiet crisis we don't talk about enough At a recent school meeting, a therapist asked a group of parents to name a few apps their children use. Then a few games. Then some popular YouTubers. The room fell silent. One parent could name them all. The rest? Not a single hand. Some laughed nervously. Others looked down. It wasn't ignorance. It was distance. That moment stayed with me. Not because of the silence, but because of what it reveals. We've handed our children a digital world we barely understand. A world that shapes how they think, who they admire, what they believe is "normal". A world where they're growing up, often without us. Jakub's post, which sparked this reflection, was both honest and gentle. He didn't mock anyone. He simply described what he saw. And the comments that followed were full of the same quiet concern: parents who feel lost, or late, or unsure how to begin. Some admitted they only knew Facebook. Not a single game. Not a sin...
Post a Comment
Read more

When Should a Child Get Their First Smartphone?

By Michal Wochna
Not long ago, The Journal posed a question: “What age should children get their first smartphone?” The replies came in fast—hundreds of them. Some were thoughtful, others defensive. A few were angry. It didn’t take long for the conversation to drift from the question itself to something deeper: trust, fear, control, and the pressure modern parents feel. I've been sitting with that discussion for a while. Not to add more heat, but to try and understand what’s really going on underneath. Because this isn’t just about smartphones. It’s about the kind of culture we’re shaping—for our children, and for ourselves. What Are We Modelling? In reading through the comments, what struck me most wasn’t just the worry parents had about their kids. It was how many of us, as adults, still wrestle with the same things. People spoke about screen time, about addiction, about the temptation to check messages behind the wheel. And I couldn’t help but think: If we’re still learning to handle these too...
Post a Comment
Read more

What Gaming Teaches Us About Ourselves – and Our Children

By Michal Wochna
A while ago, I came across a video from Barnardos Ireland, hosted at Google’s Dublin offices. It wasn’t breaking news, but it stayed with me. The session was about online safety – in particular, the world of gaming and how children experience it. The title was “Plugged In and Switched Off,” which, if I’m honest, felt a little too clever at first. But the conversations it held were anything but glib. What unfolded over the 90 minutes was a slow, layered picture of digital life for kids today. It made me stop and think – not just about children, but about us adults, and what we model. We’ve come so far, yet I’m not sure we’ve grown with the tech around us. Watching and Listening Barnardos has been running online safety workshops in schools across Ireland, with support from Google. The format is simple – go into schools, talk with kids (mainly aged 8 to 12), run workshops for parents in the evenings. In the past year alone, they’ve reached nearly 40,000 children. That’s no small thin...
Post a Comment
Read more