10 Of The Worst Cybersecurity Mistakes You're Probably Making Right Now

The blue screen of death looms large in the cultural mishmash of modern tech-adept consumers. The screen is a simple prompt signaling to its user that the device cannot fix whatever error has befallen it on its own. The crash of a computer could be a sign your CPU is failing after years of hard use, but hardware failing or operating unexpectedly can often come from a cybersecurity breach, too. Cybercriminals make up a huge contingent of the overall volume of theft and illicit activity affecting individuals today. The FBI's 2023 Internet Crime Report noted losses totaling more than $12.5 billion in cybercrime complaints. The figures included a 22% increase in monetary losses and a 10% rise in the number of complaints made.

Cybercrime is hard to quantify in many ways, though. Aggregated figures showcase the total damage it can do, but that says nothing about the personal loss a successful phishing attack or Social Security number theft brings to your life, finances, and more. The harsh reality is that many tools cybercriminals use to access sensitive information (and thereby steal identity documents, money, or other assets) are simple and therefore relatively easy to thwart. Sophisticated attacks are part of their playbook, but in many cases the easiest approach is the best approach. No matter where a cybercriminal lands on this scale, if you're targeted, these 10 mistakes can make their job a whole lot easier. Shoring up these areas can therefore help you defend yourself against incursion with far greater success.

Gatekeeping your critical information with quality passwords is a key feature in any good cybersecurity regimen. Strong passwords that include capital letters, symbols, and broken up words — if any complete words at all — can help make it more difficult for cybercriminals to gain access to your credentials. This is a feature of internet usage that virtually everyone knows, and plenty of online systems force users to introduce these kinds of security measures into their profiles as they set up accounts. Even so, around 13% of Americans use the same password for every online account they set up, and 44% of users rarely change their passwords (although about a third of internet users engage in monthly refreshes).

The revolving door of alarming statistics surrounding password strength and a lackadaisical approach to securing online resources is never ending. Failing to incorporate strength-building features into your passwords makes them immensely simple to crack, and opting not to change passwords until prompted is a great way to find yourself as the victim of a cyberattack. The worst thing you can do with password management, however, is the singular use phenomenon. If a criminal gains access to a single online resource you own, they can move from account to account, accessing potentially every online tool you manage. Credit card accounts, bank logins, and investment portfolios are just the start here.

Software updates are a nuisance at the best of times. A study from Carnegie Mellon University published in 2020 found that while installing an update as soon as it's released is the most optimal decision for protecting your security, participants only installed security updates 54% of the time (and 65% of those updates were delayed). Plenty of reasons contribute to users' hesitancy to install security patches and other updates when they're released. For one thing, updates have come to represent little tweaks to the user experience (subtle font changes, moved features, and sizing adjustments, for instance) that make the device feel less familiar. Kaspersky found that more than half of respondents to its survey noted a preference to wait and see if issues are reported after an update is released, while 50% also admitted to hitting "remind me later" and simply forgetting about the task as a result of their busy lifestyle.

No matter your reasoning, delaying a crucial security update leaves you vulnerable to attack. These installations help shore up found problem areas in the software of your phone, tablet, or computer (among other devices). Installing updates is a routine part of any digital tool's life cycle, and delaying or opting not to integrate updated software entirely is a great way to put yourself at risk. This is a simple practice that everyone can bring into their device management routine, and it's one that can make a big difference moving forward.

Backing up your digital information may not sound terribly important. Your computer probably isn't going to fail today, tomorrow, or next year, but all hardware fails eventually — often years down the line, but sometimes far sooner. There's no predicting a hard drive's long term functionality, and once a computer bites the dust it will take a professional to extract the key pieces of data that you decided not to save elsewhere, assuming that they can actually access the drive at all — it's not always possible. Backing up your data allows you to rest assured that a failure in your system won't massively impact your present and future needs. In the same way that you save your work intermittently when writing a paper for class or strive to reach a checkpoint in a video game, a data backup functions as a waypoint for retaining access to your critical information.

Having a data backup isn't just about eliminating failure issues, though. Beginning in May 2017, the WannaCry ransomware attacks locked users out of roughly 230,000 computers around the world, demanding payment in Bitcoin before owners could get access to their data again. It's unclear whether those who paid the ransom were granted access to their systems, but what is certain is that a compartmented backup of your computer would allow you to simply ignore these threats, albeit through gritted teeth and a healthy dose of anger over the loss of your device.

Phishing threats are far more widespread, nuanced, and dangerous than you may expect. There's even a subset of phishing attacks known as whaling because they target high value assets specifically (like corporate CEOs and senior executives or extremely wealthy individuals). In its simplest form, phishing involves unsolicited contact designed to extract some kind of sensitive data from you. You might receive a text from an unknown number or one disguised as a bank, a delivery company in your area, or a phone provider (sometimes these attacks are known as smishing).

Cybercriminals using phishing techniques are looking for a response. They might send you a link and seek to get respondents to click on it, taking them to a page of their own design that will try to capture card numbers or other sensitive details. Following these links can also expose you to secretive downloads that place malware on your system, giving the hacker access to your device. Phishing threats account for a huge volume of cybercrime today, it's the most common format and estimates suggest that 3.4 billion phishing emails are sent on a daily basis. The aim is to make off with login credentials and other details that can be used for more expansive criminal activity. By underestimating the sophistication and lengths that phishing attackers can and will go to, you make yourself vulnerable to their clandestine approaches.

Part of the power that phishing has over victims is the enticing links they send. Perhaps it appears to be a juicy news story about some hot topic, or a call to action that threatens negative implications for your bank account or investment portfolio. Clicking on links that you don't fully understand or can't trust is a recipe for pain later on. Another key link feature to keep in mind is the difference between long and short links. Link shortening is a legitimate practice that helps tidy up URL components, but it can also be used to hide a malicious website in a seemingly safe and trustworthy link.

The best practice for browsing the web is to always be suspicious of links that bring you anywhere you don't have a decent preconceived notion of. On the computer, if you hover your mouse over linked text it will show the link address down in the bottom corner of the browser. For instance, this article on our site about every major web browser will show up with a link beginning with the website's name. If for some reason it appeared to be directing you to a short link with just a few letters, you would be right to raise your ears a little. Taking care when following links, either in communications sent directly to you or on the internet, is a great way to ensure that you aren't exposing yourself unnecessarily to online threats.

Working while on the go is a staple of the contemporary digital life, and public Wi-Fi is a big part of that. Whether you're a coffee shop writer or a sales executive who frequently flies or takes the train while compiling slides for your next presentation, working outside the office allows you to tap into inspiration wherever it might be found. However, there's a shady side to the realm of public Wi-Fi that users simply can't ignore.

Because of its widespread rollout, internet users expect to see public networks in all manner of businesses, from McDonald's restaurants to department stores. Sophisticated cybercriminals prey on this expectation, and have been known to occasionally set up their own networks in coffee shops and other areas near a business that mirrors the basic layout of the commercial enterprise. If you sit down in Ted's Coffee House and see a Wi-Fi network called "Ted's Coffee," you'd be forgiven in simply assuming that the business set it up to give customers a nice additional feature. But you can't be sure that a scammer isn't behind the scenes, infecting every connected device with malware and creeping into the data contained within. If you are going to connect to a public network, try to only do so when the connection is encrypted or use a VPN to help create a bit of additional security for your system. More importantly, never use a public network to transmit sensitive data or log into an account that houses important files or information (especially if you're a single-password adherent!).

Bringing news, information, and connection right to your fingertips and allowing you to pay for goods without carrying your wallet, the modern smartphone is a technical marvel. But all that technological goodness means nothing if it's not secured. 

While your home might sport a shared computer, the phones in your home are likely only serving individual people. You set up widgets and apps on your phone that adhere to your lifestyle needs and entertainment interests. Included in this layout is a bevy of personal applications and saved passwords that connect users seamlessly to things like their bank accounts, email folders, and workplace data. All kinds of important information is hidden within your mobile device. And if you don't secure the tool with a password, PIN code, or pattern passcode then it's ripe for the picking. If a criminal can lift your phone from a table, purse, or pocket, they have access to every bit of your sensitive data without having to do any additional work. Considering how much information is stored on cell phones today, it's no wonder why criminals target them so often. Using lock screen protection tools helps secure your personal information behind an additional wall that's typically quite difficult to crack.

The webcam hack is a well-known trope in movies and television these days. Nobody will be surprised anymore to hear that hackers can gain access to a computer's camera and snoop on the activities of the person sitting in front of it (even if they don't think it's happening to them). That's why many computers built today introduce a rudimentary privacy screen into the camera's housing. Closing the physical door to the lens means that even if a hacker were able to break into your computer and turn your camera on, they won't be able see what's going on in your home.

But a concrete barrier to viewing isn't the end all be all, far from it. video snooping isn't surprising, but some users might be shocked to find that even if the camera isn't actively transmitting video, it can still capture audio and send it elsewhere. Cybercriminals can therefore tap into the microphone of your computer and listen for key conversations. You might call out your credit card number to your partner when booking flights or share key insights into your life that make their way into security questions on your banking app (perhaps the name of your first pet). Disabling your microphone when it's not actively being used, and knowing that it can be accessed remotely by hackers in the first place will put you a step ahead when it comes to shoring up cybersecurity concerns in your digital life.

Two-step verification is the process of layering up cybersecurity protection with practices that will (ideally) force you to use two separate devices to log into sensitive accounts. When signing in somewhere, the two-step process forces you to retrieve a code and plug it into the system. Often, this will be in the form of an email or text message, but using code generator tools can also play a role here. The basic premise holds that requiring access to another account or device in order to attain authorization to log in means that cybercriminals who have breached some aspect of your digital life (but crucially, not all of it) can't continue to weasel their way through your online accounts.

Google notes that two-step verification procedures can eliminate "100% of automated bot attacks," while shoring up your protections across the board. Many people might opt to skip two-step verification tool because they add a hurdle to the process of logging in to sites and accounts that they frequent. It can be a hassle to always need to retrieve a code to get into your banking profile or log into a workplace email account. But the use of this system can massively reduce your risk of becoming a victim of cybercrime, and it's worth the extra step.

Last but certainly no less pernicious, is the false belief that cybersecurity breaches and data insecurity on the whole is only an issue of large magnitude. You may think hackers only target large corporations to steal long lists of client information, but they also target thousands of consumers through phishing schemes to gain access to intimately personal and very important details. Small attacks happen every day, too, and can be just as damaging to you. If you're only on the lookout for big ticket items, you're bound to miss the smaller breaches that come your way and can inflict their own damage and pain.

There's a tendency to think that only major breaches are worth protecting yourself against. In the personal sphere, this might be akin to the mindset that your bank account requires added security, by Facebook or Twitter profiles don't need this extra layer of protection. The reality is that our digital lives are messy, complicated, and overlapping. Information found in one corner of your digital identity can assist in the capture of resources elsewhere. You may have sent a picture of your credit card to a family member to use in buying something online, or shared a password in a direct message on Instagram with someone you were collaborating with. All your interactions add up, and a breach somewhere can easily transform into one that affects everything. Getting out of this mindset is critical for protecting your personal information.