At sea, you’re busy, tired, and moving fast. That’s normal.

Cybercriminals like that. Because most cyber problems don’t start with “big hacking.” They start with a simple human mistake:

• clicking the wrong link

• opening a fake attachment

• sharing a code

• plugging in a USB that shouldn’t be used

And onboard, a cyber problem can become a work problem (delays, confusion, money loss) and sometimes even a safety problem.

The good news: you don’t need to be “good with computers” to stay safe. You just need a few habits.

The real danger is not the computer — it’s the trick

Most attacks are social engineering (meaning: someone tries to trick you).

They use pressure and emotions:

• “Urgent!” “Do this now.”

• “From the office / manager.” (but it’s not)

• “New crew list / invoice / delivery note.”

• “Your account will be blocked.”

• “Click here to confirm.”

If a message makes you feel rushed or worried, pause. That’s usually the trap.

The 20-second rule: STOP – CHECK – CONFIRM

Before you click a link, open an attachment, scan a QR code, or plug in a USB:

1) STOP

Ask: Why am I getting this? Did I expect it?

2) CHECK

Look for warning signs:

• strange email address (not the real company one)

• spelling mistakes / weird wording

• file you didn’t ask for

• “urgent” request that feels too pushy

3) CONFIRM

If it’s about money, passwords, codes, or access, confirm using another way:

• call a known number

• ask your officer/manager

• use the company’s normal channel

Never confirm by replying to the same suspicious email.

Your 10-Minute Daily Cyber Routine (Easy + Realistic Onboard)

Do this once per day. It’s like brushing your teeth — small habit, big protection.

Minute 1–2: Clean your inbox habits

Choose these rules:

• Don’t open attachments you didn’t expect

• Don’t click “login” links from emails

• If it’s urgent, double-check first

If you’re not sure: leave it and ask.

Minute 3–5: Protect your passwords (this is a big one)

The biggest mistake is using the same password everywhere.

Do this:

• Use a long password (easy to remember):Example: BlueOceanCoffeeNight47!

• Turn on 2-step verification (MFA) when you can.

• Never share:

  • passwords

  • one-time codes (SMS / email codes)

  • “verification” numbers

Even if the person says they are IT. Real IT will not ask for your password.

Minute 6–7: Quick phone & computer safety

• Lock your screen when you walk away (even for 1 minute)

• Don’t leave your phone unlocked on the table

• Don’t save passwords on shared computers (unless your company allows it)

Minute 8–9: USB and charging safety (simple rule)

If you didn’t bring it, don’t plug it in.

• Unknown USB sticks = risk

• Unknown chargers / cables = risk (if possible, use your own)

If you find a random USB onboard, don’t test it. Report it.

Minute 10: One “what if” check (30 seconds)

Ask yourself:

“If my phone or email got hacked today, what would they access?”

Then do one small action:

• change one important password

• turn on MFA for one account

• delete one suspicious email

• ask your officer/IT about a strange message

Small actions add up.

Common onboard scams (quick examples)

“Port Agent / Delivery” email

Attachment: “documents.zip”, “invoice.pdf”, “crewlist.doc”What to do: Confirm with your officer/agent using a known contact.

“Company password reset”

Link: “Reset now or account will be closed”What to do: Do not click. Open the real company site/app yourself.

“WhatsApp message from ‘the office’”

“We need a quick favor. Buy vouchers. Send codes.”What to do: Stop. Call a known number. This is a common scam.

If you clicked something by mistake — don’t panic

It happens. Fast reporting is the best protection.

Do this immediately:

• Tell your officer / IT contact

• Disconnect from Wi-Fi if asked

• Don’t try to “fix it quietly”

• If you entered a password, change it as soon as possible

Reporting quickly can stop the problem from spreading.