While those of us relish on the conveniences of the Internet, cyber-criminals relish on the increased opportunities to commit fraud, identity theft, and other crimes. Below are six of the most common poor online security habits that so many of us are guilty of. By giving up these habits, you'll be on your way to a much safer online experience. How many of these poor online security habits are you guilty of committing?
Re-Using The Same Passwords
We've heard it all a million times. Don't use the same password on more than one site. Yet, 61% of us continue to do so. Of those, 91% of respondents claim to understand the risks of reusing passwords across multiple accounts, but 59% admitted to doing it anyway 1 . I know, I know. It's so hard to remember multiple passwords. I don't want to get locked out of my accounts. There's nothing on my accounts worth stealing. This type of thinking is the very reason why compromised passwords are responsible for 81% of hacking-related breaches 2 .
No matter your excuse, the reality is that when you use the same password for multiple sites, you're making it super easy for hackers to steal your personal information. Data breaches are at an all-time high. The damage a breach can do to your reputation, your credit, finances, and identity is devastating, even if you don't think you have anything worth stealing. Use a robust and unique password for each site that you use. If you're worried you might not remember it, use Google's Free Password Manager feature on Chrome and remember only your Google password moving forward. Not only will they remember and input your passwords for you, but they'll also suggest a strong, unique password that won't be easily cracked. This brings us to the next poor security habit that needs to be given up...
Using Weak Passwords
Each time a major company is breached, data analysts uncover the same information. People continue to use the same terrible passwords. The advice seems to go in one ear and out the other at passwords like "12345" and "password" continue to top the list of most common passwords each year. I get it, passwords are hard to remember, but did you know that a password with up to 8 characters can be cracked almost instantaneously? With so many tools available to store your passwords, there's no excuse to use a weak password.
Your password should be long, strong, and unique with a combination of upper and lowercase letters, numbers, and symbols. Never use things like your date of birth, name, or other professions within your password. For help, check out Guardio's tips on creating a strong password that you will remember.
Automatically Granting Permissions
A common misconception is that you MUST grant any permission a website, app, or browser extension requests if you want to proceed. Because of that, many of us mindlessly give permissions and trust that our information will be handled wisely. This is not the case.
Mindlessly granting permissions leads to abusive push notifications that can quickly render your browser useless, sharing much more information than is needed, poor storage of your personal data, misuse of your data, and so much more. This puts so much more of your information at risk. Data breaches happen every single day. Always read the small print BEFORE granting apps, websites, or browser extensions permissions so that you know exactly what you're authorizing and why.
Clicking Links in Unsolicited Emails
Phishing remains the top method used by cybercriminals to conduct their attacks. Most phishing attacks include an email with a link asking you to do something, like "change your password" or "update your billing information. They'll appear to come from a legitimate company and urge you to act quickly. The top two companies cybercriminals emulate are Microsoft and Amazon 2. As most people do business with one or both of these companies, an email from one of them typically catches our attention. When you sign in or "update your information, "you're actually providing cybercriminals with your personal information that they sell or use to commit fraud.
Phishing attacks are becoming so sophisticated that they're even fooling email filtering. Never open emails if you don't know who they're from. Avoid following links unless you're confident they're genuine. Instead of using links in emails when you think it's legitimate, manually type the URL into your address bar instead of using the link in the email--this adds an extra layer of protection in case a phishing attempt is especially sly. Make sure to educate yourself on phishing scams using Guardio's guide: Phishing Explained.
Not Applying Updates
Software updates seem to come at the most inopportune times. I get it. Five minutes before an important Zoom meeting is definitely NOT the time I want to be alerted of a new software update. It's okay to click the "Remind Me Later" option if it's truly a bad time, but if you value your safety and the privacy of your online data, make sure to apply the update as soon as you can--and not several days or gasp weeks later.
These updates include important patches that fix performance and security issues. From the moment the update is released, hackers can easily see what security weaknesses were fixed and exactly what was wrong with them. This allows them to immediately create and distribute malware that specifically targets those who haven't applied the updates. If you're someone who puts off those updates because it isn't a convenient time, this means you are the intended target.
Browsing Without Added Protection
Many of our devices come with fundamental security features, but those alone are not enough. Traditional antivirus software works by removing threats after your computer has already been infected, but browser protection tools stop threats before they enter your computer and have a chance to cause (sometimes irreparable) damage. They also catch threats that other solutions miss, like scams, clickbait, and much more. In addition, to live browser protection, Guardio also offers account monitoring so you can be the first to know when your information has been involved in a data breach.
Check if your information has been leaked