ID Theft Awareness Week: Expert Shares Five Ways to Protect Your Identity Online

Identity theft now drives much of the UK’s cyber threat landscape, with criminals exploiting phishing, data breaches and weak passwords to steal personal and business identities.

Government data shows 43% of UK businesses – around 612,000 firms –  identified a cyber breach or attack last year, with phishing the most common entry point.

The National Cyber Security Centre handled 204 nationally significant attacks to August 2025, averaging four serious incidents weekly. ID Theft Awareness Week (26-30 January) underlines that identity protection is essential for individuals and SMEs alike.

Roy Shelton, founder of Connectus Business Solutions, said: “Too many people still assume cyber crime is something that only happens to big corporations or to somebody else, but the reality is that every online account, every inbox and every connected device represents an opportunity for a criminal. The good news is that a few disciplined habits can dramatically reduce your risk and make you a far harder target.”

Here Roy shares five practical ways to protect your identity online.

1. Treat Your Inbox as a Front Door

“Email stands as the prime gateway for identity thieves. Phishing afflicted 85% of breached UK businesses, often via deceptive messages that prompt link clicks, attachment opens or data shares. These attacks prove time-intensive to detect and resolve.”

“I scrutinise every unexpected email. Check sender addresses closely, hover over links without clicking, and navigate directly to official sites or apps if doubts arise. Train teams to flag urgent payment requests, bank detail changes or process shortcuts. Your inbox merits the vigilance you apply to your physical front door.”

2. Enforce Strong Passwords and MFA

“Reused or feeble passwords hand attackers a master key. One breach exposes credentials they test across email, banking, social media and business platforms.

Generate unique, robust passwords for each vital account using a trusted manager – it sustains the practice without memory overload. Layer on multi-factor authentication everywhere possible. A code from an authenticator app or hardware key thwarts thieves even if they snag your password.”

3. Tighten Social Media Sharing

“Public profiles spill goldmines for thieves: birthdays, job titles, locations, family names or pet details that unlock security questions or fuel impersonation. Such data crafts bespoke phishing lures.

Audit privacy settings across platforms quarterly and hide sensitive info from public view. Post travel plans, valuables or work insights sparingly to avoid pattern revelation. Maintain distinct personal and professional profiles; decline unsolicited connections. Curating your digital footprint delivers high-impact protection with minimal tech demands.”

4. Secure and Update Devices

“Spotless online habits crumble against unpatched or undefended devices. Known vulnerabilities linger as open invitations until updates arrive.

Enable automatic updates for operating systems, browsers and apps to plug flaws swiftly. Deploy reputable antivirus, full-disk encryption and biometric locks on laptops and phones. Skip public Wi-Fi for sensitive work; opt for trusted networks and log out of key accounts post-use. Disable idle services. Your devices guard your identity’s core.”

5. Cultivate Habits and Expert Backing

“Tech alone falls short; disciplined routines seal the gaps. Monthly, review accounts, scan breach databases like Have I Been Pwned, and refresh ageing passwords.

Most SMEs lack bandwidth for round-the-clock security expertise. Partner with managed service providers for proactive monitoring and compliance support. Instil a culture where staff flag anomalies early, from odd emails to login alerts.”