Breaking Down Hacklore’s

11.12.25

Blog, General

If you’ve spent any time in cyber security, you’ll know that old advice sticks around long after the risks have changed. Some of these tips spread quickly, sound convincing, and get recycled in organisations year after year… even when they are no longer helpful.

According to the Stop Hacklore website, hacklore is a blend of hacking and folklore, which spreads quickly and confidently, passed from person to person as if it were hard-earned wisdom. But like most folklore, it isn’t grounded in reality, no matter how plausible it sounds. Their goal is to help everyday people and organisations focus on the simple, fact-based steps that truly protect their data and devices

In this blog, we’re highlighting common pieces of outdated cyber security advice and replacing each one with simple, practical guidance that actually strengthens security.

Team members often worry about using Wifi outside the workplace, especially during travel or hybrid working. Older advice painted public Wifi as a serious threat, but modern devices encrypt traffic and browsers flag unsafe sites. For more staff, this isn’t a top organisational risk.

What matters more for businesses:

These steps protect organisational data far better than avoiding coffee shop Wifi.

Frequent forced password changes can often backfire. People create predictable patterns (adding a 1 or increasing a number at the end of a password by 1), store passwords in insecure places, or share workarounds.

What’s better for organisations are:

This reduces the risk and reduces admin load.

Some organisations still expect VPN use for almost everything, even when systems have moved to cloud services with built-in secure connections. A VPN has its place, especially for legacy systems, but it isn’t a universal safety net.

More valuable organisational controls include:

These reduce far more incidents than blanket VPN use.

Modern attacks don’t just target devices, they target people and access. Phishing, credential reuse and unpatched software cause far more organisational incidents than traditional malware.

Stronger organisational approaches are:

Security is layered, no single product is enough.

Telling people ‘never click links’ isn’t realistic and often leads to confusion. Staff need to use links, they just need to know how to check them safely.

Better guidance for team members:

This empowers staff instead of scaring them.

Many small and medium organisations assume attackers won’t notice them. But most attacks are automated, they scan the internet continuously for any organisations with weak controls.

What organisations can do:

Preparedness reduces downtime, size doesn’t.

If your organisation could do with a cyber security spring clean, having a Cyber MOT to understand your cyber culture, a penetration test to check any security gaps, or investing in upskilling your team members with training would be strong steps.

For more information on Hacklore’s, visit the Stop Hacklore website to replace fear with facts to make digital safety advice more accurate, actionable, and effective for everyone.