.png)
Reality check: Cyber attacks in Nepal increased by 63% in 2024. Most were not sophisticated hacks — they were simple password thefts and phishing scams that anyone can avoid with the right habits.
The Threats You Actually Face
Most people imagine hackers as shadowy figures in hoodies running complex code. The reality is far more mundane — and more dangerous. The three attacks that affect ordinary Nepali internet users most are:
- Phishing High Risk — Fake login pages and emails that steal your passwords
- Weak / reused passwords High Risk — One breach compromises all your accounts
- Unpatched software Medium — Known vulnerabilities exploited automatically
- Public WiFi attacks Medium — Data intercepted on unsecured networks
- Social engineering Low-Med — Manipulation over phone or messages
Your Security Checklist
Go through these once. Most take under 5 minutes to set up and protect you from the vast majority of real-world attacks.
-
Use a password manager Bitwarden (free) or 1Password. Generate a unique 20+ character password for every account. You only remember one master password.
-
Enable 2-Factor Authentication everywhere Especially for Gmail, Facebook, and banking apps. Use an authenticator app (Google Authenticator or Authy) — SMS 2FA is better than nothing but can be SIM-swapped.
-
Keep Windows and apps updated Turn on automatic updates. The WannaCry ransomware — which hit hospitals globally — only worked on machines that hadn't installed a 2-month-old patch.
-
Check URLs before entering passwords Look for HTTPS and verify the domain exactly. "g00gle.com" and "faceb00k.com" are phishing sites. Bookmark login pages you use often.
-
Use a VPN on public WiFi At cafés, airports, and hotels, your traffic is readable by anyone on the same network. ProtonVPN has a solid free tier. Paid options: NordVPN or ExpressVPN.
-
Back up important data — the 3-2-1 rule 3 copies, 2 different media, 1 offsite (cloud). If ransomware hits, you lose nothing. Google Drive or OneDrive for photos and documents is fine.
Password Strength — What Actually Matters
Forget complex symbols. Length beats complexity every time. A short "complex" password is cracked in hours. A long passphrase takes millions of years:
P@ssw0rd!
Cracked in seconds
M#9kL$2pQx
Cracked in days
correct-horse-battery-staple
~550 years to crack
[Generated by password manager]
Effectively uncrackable
Phishing — How to Spot It Every Time
Phishing messages create urgency: "Your account will be suspended", "You've won a prize", "Verify your eSewa account now". Before clicking any link:
- Hover over the link — does the URL match the organisation?
- Check the sender address — not just the name, the full email
- When in doubt, go directly — open a new tab and type the website yourself
- Call to verify — banks will never ask for your password by email or phone
Nepal-specific: eSewa, Khalti, and NIC Asia phishing scams are increasingly common. These pages look pixel-perfect. Always check the URL — the real eSewa is esewa.com.np, nothing else.
Securing Your Devices
Windows
- Enable Windows Defender (it's genuinely good and free)
- Use a standard user account for daily work, admin only when needed
- Encrypt your drive with BitLocker (Windows 10/11 Pro)
Android / iPhone
- Enable Find My Device / Find My iPhone
- Use a strong PIN or biometric lock — not pattern unlock
- Only install apps from Play Store or App Store
- Review app permissions — a flashlight app doesn't need your contacts
You're already ahead: If you enable a password manager and 2FA today, you're more secure than 90% of internet users. These two steps alone prevent the vast majority of account takeovers.