Governments Digital Inclusion Initiative Without Digital Safety

On Wednesday 10 December, Minister for Digital Inclusion Liz Lloyd announced a landmark investment: £11.7 million funding 80 local schemes across every region of the UK through the Digital Inclusion Innovation Fund. These initiatives will help people book GP appointments via the NHS app, shop around for better deals on essentials like home insurance and food, and stay connected with loved ones.

It's a welcome step toward bridging the digital divide, but it's incomplete. Digital inclusion without digital safety is like teaching someone to drive while ignoring traffic rules. By encouraging people new to the internet to shop online without teaching them how to protect themselves, the plan risks exposing citizens to serious cybersecurity threats that could devastate their finances and personal security.

Government Rollout: A Positive Start with Critical Gaps

The Digital Inclusion Innovation Fund represents genuine progress in addressing the digital divide. With 80 schemes covering every region, the government is acknowledging that digital literacy has become essential for accessing public services, finding better deals, and participating in modern society.

The initiative will help people:

• Access Healthcare: Book GP appointments through the NHS app, reducing pressure on phone lines
• Save Money: Compare prices online for home insurance, energy deals, and groceries
• Stay Connected: Use video calling and social platforms to maintain relationships
• Access Services: Apply for benefits, pay bills, and interact with government online
• Find Employment: Search job boards and submit applications digitally

However, teaching people to go online without teaching them to stay safe online is fundamentally irresponsible. New internet users become prime targets for cybercriminals who exploit their inexperience and trust.

The Threat Landscape Facing Digital Newcomers

The internet has become significantly more dangerous since the early days of e-commerce. Today's threat landscape includes sophisticated attacks that can bypass basic security measures and target vulnerable users through multiple vectors.

Man in the Middle Attacks

Public Wi-Fi networks in cafes, libraries, and community centers are often the access points for digital inclusion programs. These are hunting grounds for cybercriminals:

• Unsecured Connections: Many public networks lack proper encryption, allowing attackers to intercept data
• Fake Hotspots: Criminals create legitimate-sounding Wi-Fi networks to capture login credentials
• Traffic Interception: Attackers can view and modify web traffic, including shopping sessions
• Session Hijacking: Criminals steal login sessions to access accounts after users leave

Typosquatting and Domain Spoofing

Cybercriminals register domains similar to legitimate shopping sites to trick newcomers:

• Character Substitution: Sites like "arnazon.com" instead of "amazon.com"
• Missing Letters: "gogle.com" mimicking "google.com"
• Extra Characters: "paypaI.com" using capital 'i' instead of lowercase 'l'
• Different TLDs: "amazon.co.uk.secure-login.net" appearing official

Malvertising: The Hidden Threat

Perhaps the most insidious threat facing new internet users is malvertising, malicious advertising that can infect devices through banner ads on legitimate websites:

• Zero-Click Attacks: Simply loading a webpage with malicious ads can install malware
• Trusted Sites Compromised: Major news sites and shopping platforms serve malicious ads unknowingly
• Drive-by Downloads: Malware installation without any user interaction
• Exploit Kits: Sophisticated tools that probe for browser vulnerabilities

What's Missing: Comprehensive Security Education

The government's digital inclusion training focuses on functional skills, how to use apps and websites but ignores the security knowledge essential for safe internet use. This creates a dangerous knowledge gap that criminals are eager to exploit.

Basic Network Security Awareness

Most people don't understand that their home internet security depends on more than just antivirus software:

• Router Vulnerabilities: ISP provided routers often have outdated firmware and minimal security features
• Default Passwords: Many routers ship with weak default credentials that are never changed
• Unencrypted Networks: Home Wi-Fi networks without proper WPA3 encryption are vulnerable
• IoT Device Risks: Smart home devices can become entry points for network intrusion
• Remote Access Threats: Unsecured remote management features expose networks to attack

The ISP Router Problem

Internet Service Providers typically supply basic routers that prioritize cost over security:

• Limited Filtering: No protection against malicious websites or domains
• No Traffic Analysis: Cannot detect suspicious network activity or intrusion attempts
• Basic Firewall: Simple packet filtering without advanced threat detection
• Outdated Firmware: Slow security updates leave known vulnerabilities exposed
• Poor Configuration: Default settings often prioritize convenience over security

The Enterprise Grade Alternative: Prosumer Security

While digital inclusion programs teach people to go online, they should also explain how to do so safely. Enterprise grade security features are now available at consumer prices, but few people know these options exist.

Prosumer Router Benefits

Devices like the Ubiquiti UDM Pro offer enterprise grade protection at the price point of a gaming router:

• Intrusion Detection/Prevention (IDS/IPS): Real-time monitoring and blocking of malicious network activity
• VLAN Segmentation: Isolate IoT devices from personal computers and smartphones
• Advanced Filtering: Block malicious domains, countries, and suspicious traffic patterns
• VPN Server: Secure tunnel back to your home network when using public Wi-Fi
• Traffic Analysis: Detailed visibility into network usage and potential threats
• Automatic Updates: Regular security patches and threat intelligence updates

Pi-hole and DNS Filtering

Network-level DNS filtering provides another layer of protection that digital inclusion programs should teach:

• Malware Domain Blocking: Prevent access to known malicious websites before they load
• Phishing Protection: Block fraudulent sites attempting to steal credentials
• Advertisement Filtering: Eliminate malvertising vectors while improving browsing speed
• Typosquatting Prevention: Detect and block common domain spoofing attempts
• Parental Controls: Age-appropriate filtering for households with children
• Privacy Enhancement: Block tracking domains and data collection

The National Security Dimension

Digital inclusion without security education doesn't just harm individual users, it weakens national cybersecurity by expanding the attack surface available to hostile actors.

Building National Resilience

When millions of new users go online without security knowledge, they become:

• Botnet Participants: Infected devices used for distributed attacks
• Information Vectors: Sources of personal data for social engineering attacks
• Economic Targets: Victims of fraud that funds further criminal activity
• Infrastructure Weaknesses: Entry points for attacks on critical systems
• Disinformation Amplifiers: Unwitting spreaders of false information

The Collective Defense Model

Cybersecurity is most effective when everyone participates in defense:

• Shared Threat Intelligence: Network-level filtering benefits from collective detection
• Reduced Attack Vectors: Fewer vulnerable targets means fewer successful attacks
• Economic Deterrent: Higher costs of attack reduce criminal profitability
• Early Warning Systems: Distributed monitoring improves threat detection
• Community Resilience: Local networks that can function independently during attacks

What Digital Safety Education Should Include

A comprehensive digital inclusion program should pair functional training with practical security education that empowers users to protect themselves online.

Essential Security Concepts

Digital newcomers need to understand these fundamental security principles:

• Password Security: Creating strong, unique passwords for each account
• Two-Factor Authentication: Adding an extra layer of account protection
• Secure Browsing: Recognizing HTTPS encryption and certificate warnings
• Email Safety: Identifying phishing attempts and suspicious attachments
• Software Updates: Keeping devices and applications current with security patches
• Social Media Privacy: Understanding what information to share publicly

Practical Home Network Security

Beyond basic digital literacy, users should learn how to secure their home networks:

• Router Configuration: Changing default passwords and enabling WPA3 encryption
• Change Router's DNS: Cloudflare for Families (1.0.0.3), Quad9 (9.9.9.9)

- Cloudflare for Families (1.0.0.3) — blocks malware and unwanted ads

- Quad9 (9.9.9.9) — blocks access to malicious websites

• Guest Networks: isolate visitor access from home devices on their own VLAN
• IoT Security: Properly configuring smart home devices and place them on their own VLAN to isolate them from the home network
• VPN Usage: VPN back into the home router when outside of the home can apply the same protections as when within the home network

- Cost: Free with mobile VPN clients

- Benefit: Encrypts traffic, applies home protections remotely

• Backup Strategies: Protect important data against ransomware
• Incident Response: Steps to take when security is compromised

Advanced Protection Tools

Digital inclusion programs should introduce users to advanced security tools:

• Ad Blockers: Browser extensions that prevent malvertising or PiHole (free)
• VPN Services: Commercial or self-hosted options for public Wi-Fi protection
• Password Managers: Tools for generating and storing secure passwords
• Antivirus Software: Real-time protection against malware
• Backup Solutions: Automated data protection against ransomware

International Best Practices

Other countries have successfully integrated cybersecurity into digital inclusion programs, providing models the UK could adapt.

Estonia's Cyber Security Strategy

Estonia treats cybersecurity education as a fundamental digital right:

• Universal Coverage: All digital literacy programs include security training
• Practical Focus: Hands-on training with real security tools
• Community Approach: Local cybersecurity volunteers support education
• Continuous Updates: Programs adapt to emerging threats
• Government Integration: Security education tied to public service access

Singapore's Digital Literacy Programme

Singapore's national program combines digital skills with cybersecurity awareness:

• Integrated Curriculum: Security concepts woven throughout digital literacy training
• Age Appropriate Content: Different approaches for seniors, adults, and youth
• Industry Partnership: Private sector expertise supporting public education
• Measurement and Evaluation: Regular assessment of program effectiveness
• National Coordination: Unified standards across all digital inclusion initiatives

Australia's Stay Smart Online

Australia's approach emphasizes practical protection for vulnerable users:

• Simple Messaging: Clear, actionable advice without technical jargon
• Real-World Scenarios: Training based on actual scam attempts and fraud cases
• Community Champions: Local experts providing ongoing support
• Resource Sharing: Free tools and guides for self-directed learning
• Incident Response: Clear guidance on what to do when security is compromised

The Economic Case for Security Education

Including cybersecurity in digital inclusion programs isn't just about protecting individuals, it makes economic sense for the nation.

Cost of Cybercrime

The economic impact of cybercrime on digitally inexperienced users is substantial:

• Direct Financial Losses: £485 million in authorized push payment fraud annually
• Identity Theft Recovery: Average £1,200 per victim in time and money to restore credit
• Lost Productivity: Time spent dealing with malware infections and data breaches
• Healthcare Costs: Stress related health impacts from financial fraud
• Reduced Digital Adoption: Fear of cybercrime discouraging internet use

Prevention vs. Recovery Costs

Security education is significantly more cost effective than dealing with cybercrime aftermath:

• Training Investment: £50-100 per person for comprehensive security education
• Tool Deployment: £20-50 per household for basic security software
• Infrastructure Upgrade: £300-800 per household for prosumer-grade network security
• Fraud Recovery: £1,000-5,000+ per incident in time and financial losses
• Long-term Confidence: Secure users continue digital adoption and economic participation

Immediate Actions for Households

While we advocate for comprehensive government action, households can take immediate steps to protect themselves as they go online through digital inclusion programs.

Router Upgrade Priority

The single most effective security improvement most households can make:

• Assess Current Equipment: Check if your ISP router supports WPA3 and has recent firmware
• Research Alternatives: Consider prosumer options like Ubiquiti UDM Pro or ASUS AX6000
• Professional Installation: Many local IT services can configure advanced security features
• Ongoing Maintenance: Ensure automatic updates are enabled and monitor for alerts
• Network Segmentation: Use VLANs to isolate IoT devices from personal computers

DNS Filtering Implementation

Network-level protection that works for all connected devices:

• Cloud Services: Configure router to use Cloudflare for Families (1.1.1.3) or Quad9 (9.9.9.9)
• Pi-hole Deployment: Set up local DNS filtering with curated blocklists
• Unbound Integration: Add recursive DNS for privacy and performance
• Custom Lists: Block additional categories based on household needs for use with Pi-Hole/Adguard
• Monitoring Tools: Track blocked requests to understand threat landscape

VPN for Public Wi-Fi

Essential protection when accessing the internet away from home:

• Home VPN Server: Configure router to provide secure tunnel back to home network
• Commercial VPN Service: Choose reputable providers with no-logging policies
• Always-On Configuration: Automatically connect VPN when joining public networks
• Kill Switch: Disable internet if VPN connection fails
• Split Tunneling: Route only sensitive traffic through VPN for better performance

Conclusion: True Digital Inclusion Means Safe Inclusion

The government’s £11.7 million Digital Inclusion Innovation Fund is a crucial investment in bridging the digital divide. But digital inclusion without digital safety is incomplete inclusion, leaving vulnerable users exposed to sophisticated cyberthreats

Teaching people to shop online, book medical appointments, and access government services without also teaching them to protect themselves is like providing driving lessons without traffic safety education. The internet has become as essential as roads for modern life, and both require safety knowledge for effective use

The threat landscape facing new internet users is real and growing. From malvertising on trusted websites to typosquatting attacks on shopping sites, cybercriminals specifically target inexperienced users who lack security awareness. Without comprehensive protection, digital inclusion programs risk creating more victims rather than empowered citizens

The solution isn’t complex or expensive:

• Basic security education
• Practical training on modern protection tools
• Integration into digital literacy programs

Countries like Estonia and Singapore have proven that integrated digital literacy and cybersecurity education works. Britain has an opportunity to lead the world in truly comprehensive digital inclusion programs that empower citizens not just to access online services, but to do so safely and confidently

The alternative is a digitally divided society where only the technically sophisticated can safely participate online, while vulnerable users remain exposed to fraud, identity theft, and privacy violations. That’s not digital inclusion, it’s digital discrimination