Cyber Security That Focuses on What Actually Goes Wrong

There’s a certain kind of security advice that makes people sigh. The common: don’t reuse passwords, don’t reuse PINs, use a password manager, or add another layer of protection.

Most people have heard it all before. So often, in fact, that it starts to feel like background noise. Something you know you should do, but never quite get round to. I get it. I really do.

Security basics are rarely exciting. They don’t feel clever or cutting-edge. In reality, they feel like admin. And admin is easy to put off when you’re busy running a business or just getting on with life.

But there’s a reason these “boring” habits get repeated so often. Not because the industry enjoys nagging people, but because they’re still the most common way things go wrong.

A Conversation That Properly Landed

A while back, I was at a networking event listening to Tony Sales, who spends most of his time talking about fraud, explaining how people actually get caught out.

One example stuck with me. A fraud tactic that’s doing the rounds in the UK right now involves watching someone unlock their phone. That’s it. Someone observes your PIN. Later, your phone gets stolen. Sometimes your wallet goes too. From there, it doesn’t take much imagination to see how things unravel.

If your phone PIN is the same as your card PIN, cash machines are suddenly fair game. If it’s the same PIN protecting your banking app, access becomes frighteningly easy. One small overlap turns into full access.

What hit me wasn’t that this was some genius criminal mastermind. It was how ordinary the setup was. How many people reuse a PIN because it’s easier to remember. How many assume, “That’ll never happen to me.”

A Slightly Awkward Admission

I work in cyber security. And at that point, I realised I’d done exactly what I tell people not to do.

One of my cards shared the same PIN as my phone. That meant if someone had seen me unlock my phone and then nicked it, I’d have been in serious trouble. And yes, that’s extra embarrassing when security is literally your job. So I changed it immediately.

I’d finally stopped treating the risk as abstract. I’d actually asked myself, “If someone got hold of this, how bad would it really be?”. That’s the question most people don’t pause to ask themselves.

Why People Roll Their Eyes at the Basics

When people push back on security advice, it’s usually because it feels inconvenient. Maybe their response is, “I’ve got too many passwords already”, or “I can’t remember all that”, or even “I don’t want another app”.

And to be fair, there’s some truth in that. Security does add friction. It asks you to slow down, think ahead, and build in extra steps. But that friction exists for a reason.

The irony is that the same people who roll their eyes at basic habits are often the ones who assume security failures are always highly technical. That hackers need to break in using complex tools and advanced exploits. In reality, most breaches don’t start that way at all.

How People Actually Get In

We do plenty of technical audits and detailed assessments. And time after time, the way attackers get in is so basic. As simple as: reused passwords, weak PINs, one account opening the door to everything else, or someone clicking a link because they’re rushing or distracted. 

This is because we’re all human. When you’re busy, tired, or juggling too much, convenience wins. Shortcuts creep in, and “I’ll sort that later” becomes permanent.

That’s why the basics matter so much, because they reduce the blast radius when something goes wrong.

Layers Matter More Than Perfection

Good security isn’t about making yourself untouchable. That’s not realistic. It’s about layers.

If one thing fails, does everything fall over? If someone gets one password, do they get the lot?
If one device is compromised, can it be used to empty the house?

When passwords and PINs are reused, the answer is often yes. When they’re separated, managed properly, and backed up with extra checks, the damage is contained. A bad day stays a bad day, not a disaster.

Why the Advice Never Changes

People sometimes ask why security professionals keep saying the same things. The honest answer is simple: because the same mistakes keep happening.

Fraud is rising in the UK. This is due to attackers being patient and predictable. They wait for the easy gaps, and the easy gaps are usually human ones. You might feel like you’ve heard the advice too many times. But the people who ignore it are the reason it keeps being repeated.

The basics work. Boring as they are.

One Last Thing

If there’s one habit I rely on now, it’s this: When I set a password or a PIN, I pause and ask, “If someone got hold of this, how bad would it actually be?”

If the answer is “pretty bad”, it gets its own protection. I’d rather deal with mild inconvenience now than a proper mess later.

The basics aren’t beneath you, and they’re what quietly keep things standing. And if you’re rolling your eyes as you read this, you’re probably exactly the person they matter most for.