The Columbia University cybersecurity researcher argues that ordinary users need clearer, more practical online-security advice as scams, phishing and digital threats grow increasingly sophisticated.

Steven M. Bellovin, a computer-networking and security researcher who has taught at Columbia University since 2005 and previously served as a fellow at AT&T Labs Research, has released a new book arguing that much of today’s cybersecurity advice is either too technical, too outdated or simply unhelpful for ordinary users. Don’t Get Hacked! Protecting Yourself at Home aims to provide practical, jargon-light guidance for people trying to secure their phones, laptops and online accounts. The book has been made freely available online under a Creative Commons BY-NC-ND license.

Bellovin says most cybersecurity books are written either for professionals or by non-experts recycling obsolete wisdom. His new volume targets neither chief information-security officers nor intelligence officials, but everyday users navigating scams, passwords, software updates and the hazards of modern internet life.

The book challenges several pieces of conventional advice that have become internet folklore. Bellovin dismisses the elaborate password rules imposed by many websites as largely counterproductive, arguing instead for long, memorable passwords and password managers. He also adopts a more skeptical tone toward antivirus software, suggesting that modern operating systems may already provide sufficient protection for many users if they are kept properly updated.

Throughout the book, Bellovin stresses what security professionals call “threat models”—understanding what one is protecting and from whom. Rather than demanding perfect security, he advocates “caution, not abstinence”, warning that users should not sacrifice the usefulness of technology in pursuit of impossible invulnerability.

The work covers subjects ranging from phishing and web browsers to artificial intelligence, privacy, internet-connected gadgets and recovering from identity theft. Several chapters also address the heightened risks faced by activists, minorities and other groups that may attract disproportionate online harassment or surveillance.

Bellovin’s credentials lend weight to the project. He co-authored one of the first books on internet security in 1994 and has spent decades at Bell Labs, AT&T and in government advisory roles shaping modern cybersecurity policy and infrastructure.