Looking for advice on how to protect your home and office from cyberattacks? A good place to start is with the people who do this work every day on behalf of the US government.

The folks at the National Institute of Standards and Technology (NIST) have created a simple Cybersecurity Basics page that boils down the technical information in its four-volume Digital Identity Guidelines to a set of clear guidelines for small business owners and managers. The most recent guidelines were published in August 2024, and the agency is currently sifting through thousands of comments from security-minded professionals offering suggestions for the next edition.

Also: I clicked on four sneaky online scams on purpose - to show you how they work

(For those who are willing to dive into the full report, you'll find some good advice for IT pros and service providers in the "Passwords" section of Appendix A. This content will be especially helpful if you are trying to convince your IT department to stop forcing regular password changes.)

For a simpler, more practical collection of guidelines, try the Secure Our World website, run by the Cybersecurity & Infrastructure Security Agency (CISA). It's targeted at an audience of consumers without a technical background, which makes it a solid source of information you can share with friends and family to help them deal with common threats.

Also: Stop paying for antivirus software. Here's why you don't need it

I've gone through the latest versions of all these documents and compiled a list of seven rules to follow when it comes to passwords.

1. Make sure all your passwords are strong enough

What makes a password strong?

• It's long enough