Last Updated on March 2, 2020
If you pay attention to current events, you’re aware that data breaches occur with frightening regularity. Perhaps you can name some of the biggest breaches of the 21st century: Equifax, Yahoo, Marriott, eBay, Adult Friend Finder, Heartland Payment Systems, Target…
The list goes on, but what’s the point? You get the idea — even the world’s most venerable companies are vulnerable to digital attacks. Many have already fallen victim.
If you know how common data breaches are, you also know how likely it is that your personal information has been caught up in one. Actually, it’s almost certain that your data has been compromised multiple times. Just take another look at the names on the list above — can you really guarantee that none of those organizations had your details when they were hacked?
You can’t. No one can. The unsettling truth is that none of us has the power to control what happens to our information once it leaves our grasp. When it’s out there, it’s out there, come what may.
For this and many other reasons, it’s vital that we know how to safeguard our information in ways that we can control. And the good news is that that’s not nearly as difficult as it sounds. The building blocks of a sound digital security policy for personal data are already in place, waiting for you to arrange them properly.
Putting together that arrangement — a security symphony, really — is a lot easier when you know what not to do along the way. No matter how high your digital IQ, you’re probably making a number of preventable mistakes with your data and general digital practices.
These mistakes are easy enough to fix once identified. Without further ado, let’s review 19 of the most common mistakes people like you make online every day (and how to avoid ever making them again).
1. Working Without a Reliable Cloud Backup Provider
Every day that goes by without a complete copy of what’s stored on your primary computing device is another day that leaves you vulnerable to ransomware and other forms of crippling malware.
If you’re locked out of your device for good, or your device’s contents are corrupted by a virus or worm, you can’t simply turn back the clock. You have no choice but to start over.
That’s where reliable online backup comes in. Cloud-based backup services turn potentially existential threats to your data into mere annoyances. Evaluate your options today and make a choice that fits your needs.
2. Using the Same Password for Every Account
One of these days, someone could guess your password. It happens to the best of us.
What happens next will depend on your password management practices. If you’ve been using the same password for every account, well, it’s not going to be pretty. Once the bad guys have the keys to one of your accounts, they can get into every account that uses the same login credentials.
Make sure the number of said accounts is precisely zero by varying your passwords (that is, using a different password for every one). Keep track of each credential in a password manager. This list of the best password managers has the top options for your money.
3. Using Easy to Guess Passwords
If every password in your repertoire is some variation on your name, pet’s name, or hometown, you need a refresher course on password strength. Thanks to AI-enabled password cracking tools, hackers will have a field day teasing out your weak passwords. It won’t even be fun for them.
If you’re not sure exactly what constitutes a strong password, start with your browser’s suggested passwords. You can either use those (as long as your browser account is secure) or mimic their lengthy combinations of letters, numbers, and special characters on your own.
Alternatively, use a password generator. Some password manager products have this capability. It doesn’t really matter how you generate your strong passwords, as long as they’re not easy to guess.
4. Keeping the Same Passwords for Months or Years on End
Cycle those passwords! The best practice is to change your login credentials no less frequently than once per month and more for really sensitive accounts. It only takes a moment of your time and could prevent a serious compromise of your personal data.
5. Declining the Option to Use Two-Factor Authentication
Two-factor authentication is a simple security measure that will make you less vulnerable to digital compromise. Instead of one login credential, like a password, accounts utilizing two-factor authentication require two credentials. Most often, that means a password plus a unique code generated whenever you try to log in and sent to a separate account (like your email account or smartphone SMS suite).
Two-factor authentication stymies opportunistic hackers — those not holding you hostage or controlling your smartphone or email suite already. Take advantage of it whenever and wherever it’s offered.
6. Failing to Use a Reputable Anti-Malware Suite
Think twice before using the anti-malware program pre-loaded to your operating system. It might not protect you from the complex array of threats to your personal and professional data. Read unbiased reviews to find the best option for your money, and don’t hesitate to pay a little more if you decide that’s what’s best for you.
7. Putting Off Browser and Operating System Updates
Be honest, you snooze those update reminders more often than you care to admit.
Keep doing it, if you must. You’re only hurting yourself.
Well, yourself and everyone else you come in contact with online. Which is to say, a lot of people. Do the right thing and execute those updates as soon as possible.
8. Not Using a Virtual Private Network When Not on a Secure Home Network
Even at home, you’re vulnerable to snoopers and bugs. Out in the wild, the danger is even greater. Make a practice of using a VPN whenever possible, especially on insecure public WiFi networks that don’t require passwords to access.
If you encounter a website that doesn’t seem to work properly with a VPN, consult an IT professional before deactivating this security feature — sometimes, the risk isn’t worth it.
9. Connecting to Insecure WiFi Networks
About those insecure WiFi networks: They’re bad. Don’t connect to them without first encrypting your data using a VPN or other means. If you’re staying at a hotel that asks guests to use public WiFi, ask the front desk staff if it’s okay for you to use the staff WiFi’s guest network.
Or, use your phone’s hotspot. Even this is not ideal, but it’s more secure than a network with hundreds of random machines connected at any given time.
10. Allowing Your Machine to Automatically Connect to WiFi Networks
You should be able to change your WiFi settings to prevent your machine from automatically connecting to WiFi networks. Do this as soon as you think of it (like, now). It only takes one malicious connection with one bit of undetected malware to compromise your device’s security for good.
11. Allowing Images to Appear in Email Bodies
Email images are common malware vectors. That’s why many email suites don’t allow them to be shown in image bodies without first getting your permission.
If you can manually control this security setting, make sure it’s at the highest permission level. If you can’t, think about switching to a more secure email suite. You can’t afford any surprises on this point.
12. Clicking Links in Emails Without Confirming Authenticity
Email links are just as sketchy as email images, if not more so. One of the most common email scams in the land is the old “spoofing link” — the link that points to what looks like a legit website, only to take you to a fake site built exclusively to rip you off.
Well, you and other unsuspecting clickers, but who’s counting. Enter your password or Social Security Number or whatever else the site asks you to enter and you’ve just willingly given it to someone who’s up to no good.
13. Sending Sensitive Information Via Email, Even When the Recipient Is a Trusted Contact
Sometimes, the bad guys don’t even make you click out of the email. They ask you for your password or account number right in the body, and you give it to them without giving it a second thought.
Fortunately, this mistake is especially easy to avoid. Make it your personal policy never to give out passwords or account numbers or any other sensitive information by email, no matter how well you know and trust the requester.
14. Falling Prey to Misleading Advertising Gimmicks
Newsflash: those “urgent system messages” that pop up without warning in your browser are scams. All of them. Do whatever you can to avoid clicking anywhere within those windows unless you relish the thought of a spyware program logging your every keystroke for the next year.
15. Failing to Keep Comprehensive External Backups
Comprehensive external backups are just as important as comprehensive cloud backups. Set a backup schedule that works with everything else you’ve got going on — say, overnight once per month. Keep those thumb drives or external hard drives somewhere safe and secure, like a locked, fireproof cabinet.
16. Failing to Encrypt Sensitive Data on Your Computer or Cloud Accounts
Do you know your computer’s encryption settings? Could you even explain what encryption is if pressed?
Us neither. But that doesn’t excuse everyone who cares about digital security from employing it. If you’re not sure how to go about this, talk to your company’s IT lead or its third-party security provider.
17. Using Cloud Service Providers With Known Security Vulnerabilities
You probably wouldn’t eat at a restaurant that just made local headlines for a vicious rash of food poisoning. Why should you work with a cloud service provider that’s known to cut corners on security?
You shouldn’t. And, if you care about protecting your data, you won’t. Believe it or not, there are still a few cloud service providers that haven’t fallen victim to a major data breach yet.
18. Accepting External Media From People You Don’t Trust
Don’t plug in that random thumb drive!
Seriously, don’t. It could have malware on it. Use media with an unbroken chain of custody only and don’t loan your own media out to anyone (even those you trust).
If you must use an external driver of unknown provenance, run a malware scan on it before plugging it into your machine.
19. Not Understanding What Service Providers and Their Affiliates Are Legally Permitted to Do With Your Data
Five simple words: Read. The. Terms. Of. Service. The service providers in whom you entrust your data intend to use that data in more ways than you likely realize. Very often, they sell or give your data to third parties, some of which play far looser with it than you’d like.
It’s critically important that you understand how this messy game is played and know what, if anything, you’re entitled to do to interfere.
Fool Me Once…
“Fool me once, shame on you. Fool me twice, shame on me.”
Translation: Everyone gets a pass for the first mistake, but they’d better learn from it. Repeat mistakes aren’t so easily excused.
How does this apply to what we’ve learned today? Simple: It’s pretty much certain that you’re making one of the 19 mistakes described herein. Your digital track record is probably a bit less clean than that if we’re being honest with ourselves.
But no one ever told you, not so directly and forcefully at least, that these missteps were in fact mistakes that could jeopardize your digital data. You could be forgiven for not taking proactive measures to safeguard your online presence.
The operative word is could, of course. Now that you know the deficiencies of your digital defenses, it’s on you to shore them up posthaste. The bad guys certainly won’t wait for you to take your time.
Perfection Is Elusive
One last thing before we part ways. Correcting these digital mistakes is important. You and your data will be safer and more secure if and when you address them all.
However, and this is important: You must have no illusions that these are the only mistakes you can make with your digital data. Nor that correcting them will ensure a lifetime of risk-free surfing and shopping. In the digital age, “risk-free” is not a thing that anyone, anywhere, can guarantee. Anyone who tells you otherwise is selling bunk.
So, go out and plug the gaps in your digital security posture, but keep a watchful eye for those who wish you harm. You never know when they’ll make their moves.