Staying safe online is hard. The average person has little understanding of the many ways they can be targeted, or of the controls they can use to make themselves harder to hack.

But I was pleasantly surprised last month to find the younger generations a little savvier. Dozens of year five and six kids threw up their hands to recount stories of how scammers had tried to con them during a presentation I gave to a primary school in Melbourne’s south.

Most of those stories are related to Fortnite – a video game that seemingly counts every other kid in Australia among its 125 million players – and that was the context in which I spoke of cyber security. These digital natives are growing up in a world where amorphous digital thieves plying for their personal information and passwords is normal.

Click to download our kid-friendly Fortnite security tip sheet

Flashing banner ads, pop-ups, and scammy direct messages and posts that confound some of us seem boring and obvious to them.

Take Dylan – this switched on fifth-grader was targeted by scammers while playing Fortnite.

The bad guys spoke to him over in-game voice chat in a bid to convince him to disclose his game account details, promising to deposit a free stash of the in-game Fortnite currency known as V-Bucks.

I asked him what he did next. “I ignored them, played a few rounds, beat them, then left.”

Dylan was just one of the many kids who appeared cool and unflustered in the presence of such attacks.

Children are by no means immune to compromise; I’ll bet my last dollar that a targeted attack would net all of them (except perhaps for remarkable six-grader Annabelle, who spotted and called bluff on a tailored social engineering effort).

This means they, like us, must take the time to learn how to use the cyber security defences at their disposal to help protect themselves.

These defences can make the user experience a little more clunky, but they are immensely powerful and will send all but the most dedicated hackers looking elsewhere for victims.

A great defence to start with is switching on two-factor authentication for any of your accounts that offer it. I also recommend using a reputable password manager such as LastPass or 1Password.

The best defence is inside your head

Online defences are easier to use than ever thanks to concerted efforts by the cyber security industry over the last decade. But they are still more stick-and-clutch than driverless car.

Ultimately, you are your best defence.

As the driver, you need to look out for threats on the road. This requires a mindset that is likely much more skeptical than what you employ in the physical world.

This mindset requires distrusting the unexpected, regardless of its source. Consider phishing messages – these can bear few hallmarks of a scam, and almost perfectly replicate trusted brands and organisations.

They can be fluent and free of typos and appear to come from organisations you know, use, and trust. They may even start as a benign conversation (such as romance scams) in a bid to build rapport with victims.

Your best defence here is to adopt the skeptical mindset and worry less about the classic hallmarks of a scam.

This means ensuring messages with links, attachments, bank accounts, and phone numbers are expected before using them, and verifying those that are not using official websites or trusted search engines such a Google or Bing.

This advice seems unwieldy because it is. There is no glossing over this fact. But it is the best way to defend yourself against continually evolving online threats.

And with it you will build experience and cyber security savvy – something our kids seem to already have in spades.