13 Common Cyber Security Mistakes to Avoid For Individuals

Living in these modern times, the internet has become a ubiquitous part of our lives. We do everything online now, from shopping to paying bills to socializing with friends and family. Thanks to small, powerful and portable devices such as smartphones and tablets, we can do anything from anywhere, at any time.

Even when we aren’t in front of a device, we might still be permanently logged into our email or social media accounts. By being connected to the digital world 24×7, we leave ourselves exposed to a variety of cyber security threats, which can create catastrophic results in our real world.

Though we only usually hear about high-profile cyber-attacks on large corporations, high-end brands or well-known web platforms because it gets the most headlines, cyber-criminals also target businesses and organizations of all types and sizes… and they target you, the private individual. Why? Because your personal information is valuable and can be sold.

This can result in personal, financial and data loss, identity theft, your reputation being tarnished and even legal troubles. You can put the blame on the skill and ingenuity or morals of the cyber-attackers, but much of it is on the failure of private citizens to take the necessary precautions to protect themselves.

There are still a vast number of people who are leaving themselves wide-open to an attack, simply because they make the same common cybersecurity mistakes that are easily exploited. Here is a rundown of the top mistakes that you can avoid to keep yourself safe.

1. Thinking it Won’t Happen to You

The first and the most important step to prevent yourself from being a victim of cybercrime is to shift your mindset. Despite hearing about breaches of big businesses and compromised personal data in the news regularly, many of us think that “it won’t happen to me”.

When it comes to securing our lives online, that attitude is our biggest downfall. It isn’t a matter of IF a cyber-attempt will be made on you, but a matter of WHEN.

According to Statistics Canada, the number of reported cybercrime saw an alarming growth each and every year and most of the cases remained unsolved. Data compiled by law enforcement from across the country showed that there were 32,968 cyber-related violations in 2018. The violations being committed could involve emails, text or social media platforms.

2. Poor Judgment, Lack of Awareness, and Lax Attitude Towards Cybersecurity Practices

It’s often said that the weakest link in the system is the humans that use it. When people aren’t aware or fail to recognize the warning signs and ignore basic cyber security best practices, they are willingly exposing themselves as targets to cyber-criminals, who are more than happy to oblige.

Despite their lax attitude towards online security, many people say that a personal data breach would be worse than a physical home break-in. Physical goods can be easily replaced, but the theft of your identity, your reputation, credit score or financial loss might be more difficult to recover.

Secure yourself with knowledge and training. Get access to information regarding cyber-threats and learn how to implement best practices to remain safe online. Be vigilant about your security.

3. Weak Passwords and Re-using Passwords Without Two-factor Authentication

If one were to interview any of the cyber security experts in the industry and ask them what the biggest mistake that users make when it comes to protecting their online assets, every one of them would have passwords at the top or near the top of their list.

Referencing a report from the 2017 Verizon data breach investigation, it was estimated that about 80% of all breaches are the result of weak password security. When your passwords aren’t strong and complex enough, you expose yourself to brute force attacks. Using special software, it’s also been estimated that a good hacker can break two-thirds of all passwords in existence today in only a few minutes.

This is why you should use strong and complex passwords, randomized with a combination of case-sensitive letters, numbers, and symbols. After evaluating over 5 million passwords that were leaked on the internet discovered in various data breaches, it was found that nearly 10% of people still used passwords from this list of the most common and worst passwords.

Even if your passwords are strong, you should never re-use the same passwords for multiple accounts. All it takes for an attacker is to crack your password and gain access to your other accounts, such as your online banking and bill payment.

It’s akin to a thief having a single key to enter your house, steal your car and open your safe. The internet is like a bad neighbourhood known for high incidents of cyber break-ins and data theft. You need to have a more vigilant mindset and focus on security rather than convenience.

Manage Your Passwords and Add an Extra Level of Security

Use a good password manager to help you remember your strong and unique passwords for each of your accounts. There are many available for randomly generating, managing and storing of your passwords – and they can remind you to change them at frequent intervals, which security experts also advise.

Lastly, enabling two-factor authentication wherever possible is always recommended. Two-factor authentication is where websites or web services require a password, then followed by a second authentication such as a one-time security code sent to your phone.

4. Not Installing Software Patches or Updates Right Away

When you get a system message to download the latest security patch and restart your computer or mobile device, do you drag your feet and think, “Ah, I’ll do it later. I’m in the middle of <insert activity>”? Bad idea.

Not installing the necessary updates or patches for your Windows or Mac operating system, Android or iOS, Java, Adobe Flash, web browsers, or anti-virus, anti-malware and Microsoft Office program, etc. is a giant invitation for cyber-criminals to gain access.

Often times, security updates or patches from popular programs are released immediately after a new cyber-threat has been identified in the wild, wreaking havoc. Even with anti-virus or anti-malware running in the background, you may still be vulnerable because you may not have the very latest definitions files to identify and inoculate the new virus or malware threat.

Always find out more information about why an update or patch was released (an update could address several vulnerabilities), then download and install it… or risk a potential data breach.

Also, set your system notifications to automatically download and install system updates or at the very least, set it to notify you so you can manually download and install the system updates.

5. Replying to Unsolicited or Phishing Emails

We all think we’re intelligent and tech-savvy enough to not to fall for solicitations from Nigerian princes or a multitude of other phishing scams, but according to the government’s own Get Cyber Safe website, 80,000 people take the bait and get “phished” every day by sharing their personal info.

So the next time you receive a phishing email that says you won a lottery or a prize, to click here to avoid paying fines from tax authorities, a warning from your financial institution because there is something wrong with your account, some bogus job offer or to watch a video that will shock you, delete it immediately.

Even with spam filters set up to catch these kinds of messages, many still make it through to your inbox. Never click on any attachments or links from unsolicited emails. You should only click on email links from trusted contacts IF you’re expecting a message from them. But even so, always check the sender’s info for both the name and email address that you recognize and contact them to confirm they sent it.

If you’re unsure about whether it’s really your bank, credit card company or the CRA that sent you the message, you can always contact them in person or directly over the phone.

6. Downloading Unverified Email Attachments, Apps or Unsolicited Software

If you receive an unsolicited email from someone you don’t know, and that message asks you to download an attachment or to install an app you’ve never heard of, you know by now that it’s a good idea to delete the message right away.

But what if the message is from someone you know? If you’ve ever received what looks like spam from a friend, acquaintance or family member in your Gmail, Yahoo or another webmail account, the sender’s account could have been compromised.

It’s best to make it a habit never to open any attachments from anyone unless you were expecting that person to send it and have confirmed it beforehand. For example, communications with a business partner or a client. Even then, there are other ways to share documents online like Google Drive, Dropbox, and other cloud-based platforms.

Everyone has probably encountered the annoying pop-up warning that your computer will be at risk unless you download their anti-virus software immediately. Or maybe it’s some cool app or game you should download and play.

How do they know you don’t already have anti-virus or anti-malware installed? It’s a well-known ploy to get you to install their virus or spyware posing as software to protect you. Make sure you actually have legitimate, up-to-date anti-virus and anti-malware installed with a pop-up blocker to keep these cyber-attempts from being displayed on your screen.

7. Browsing Questionable Websites

That’s an interesting cat website full of funny cat photos and videos. Despite all those ads and pop-ups, it seems pretty innocuous, right? How about this music download site you just stumbled upon? Can you even legally download this music for free?

Maybe it’s nothing, but untrusted websites could be full of spyware and any links you click on could install malware onto your system, which could compromise your banking information, credit cards or worse.

If you want to stay safe, it’s probably best to surf on reputable sites from known brands. Usually, the safest and most secure sites will appear at the top of the Google search results. But if you’re in doubt, it’s best to get out (without touching anything first).

8. Clicking on Shortened URLs

You’ve probably seen many shortened links and even clicked on a few of them, but did you really know where you were being redirected to before you clicked?

Long, ugly URLs are often shortened to a few random characters to make them look prettier. For example, a bit.ly or a TinyURL link. You’ll also see this with Facebook updates or Tweets. Using a short link essentially hides the real website URL and if you click on one, you could be clicking on malware.

To avoid this, use the built-in link preview that most of the popular link shortening services will have by default. You just have to alter the shortened URL to preview it.

TinyURL example (these are not real URLs):

ie. https://tinyurl.co/abc123 to https://preview.tinyurl.com/abc123

Each link shortening service will have its own different parameters you need to add to preview its shortened links.

If you don’t want to memorize all the different preview parameters, you can also use an online service like GetLinkInfo.com or download a link preview Chrome extension or Firefox add-on for those browsers.

9. Sharing Too Much Personal Information Online

One of the biggest mistakes people make online is not thinking about what the consequences would be if their personal data is taken out of their control and released into every nook and cranny of the internet to be used and abused by nefarious parties.

These days, people reveal way too much of their personal information online, without even a second thought about the possible implications. They do that in their social profiles, in their social posts, on forums and websites everywhere. They think there is privacy protection on these various platforms, but once they’ve been breached and compromised, your information is out of your hands and into those who would use it for their own personal gain or use it against you.

It is critical that you stop and think clearly before you post anything online, especially anything too personal and revealing. Once it’s posted, it is on the internet forever and you won’t be able to do much about it after the fact.

10. Not Using Anti-malware or Anti-virus Software on Your Computers and Devices

Why should someone use an anti-virus or anti-malware software? Is that even a serious question?

First, what is the difference between a virus and malware?

Generally speaking, a virus is a piece of code that can replicate itself to infect your computer and corrupt your system or destroy your data. Malware is an umbrella term that covers a variety of malicious software, including trojans, worms, adware, spyware, ransomware and also, viruses.

No matter how smart you are or how carefully you browse on the internet, there are just too many cyber-threats out there these days and security software is important to have as your second line of defence… right behind your good judgment, awareness and vigilant attitude towards cyber security best practices.

11. Using Public Wi-Fi or an Unknown Internet Connection

When we are out in public or traveling, we often just use whatever Wi-Fi or internet connection that is available. Sometimes it’s because we’re out of data or just don’t want to use our own data plan.

But because these public Wi-Fi networks are not secure, you should never use these types of untrusted connections to access personal information, make online payments or purchases, etc. They are much more vulnerable to online breaches.

Even worse, cyber-criminals know users who go to a local cafe for a drink, often like to use the Wi-Fi to work or to browse the internet. Some of these hackers will sniff the coffee shop’s network to capture data or some will create an access point with malware and try to lure you into their trap. As soon as you join their network, they could be stealing your passwords and other personal data.

If you want to pay your bills, check your financial statements or do some online shopping, do it from home where you know your network is safe and secure.

However, when you are traveling abroad, it might be difficult or impossible to find secure public Wi-Fi networks to access. This is why you should use a VPN for travel.

What is a VPN? In a nutshell, a Virtual Private Network is a connection method that is used to add security and privacy to public networks like Wi-Fi hotspots. A VPN will hide and change your IP address, mask your location and encrypt data transfers. VPNs use advanced encryption protocols and secure tunneling to encapsulate online data transfers.

In fact, you should always use a personal VPN on every public Wi-Fi network other than your home network.

12. Using Unknown Devices Such as USB Flash Drives

Sometimes you want to move files from one device to another and sometimes you want to back up your important files quickly. But you should always be careful when inserting someone else’s USB drive into your computer.

You’d never think to pick up something that’s dirty and just laying it around and insert it into your ear, would you? So, you should never just insert a random thumb drive that you found into your computer. If you don’t know the origins of the flash drive or it isn’t brand new out of the package, then it could have potentially have a virus or malware in it.

Remember, one tiny, little infected drive can take down an entire corporate-sized network.

13. Leaving Your Webcam Vulnerable to Attack

Webcam hacks can be a very scary violation of one’s privacy. You should be familiar with whether your webcam is active or not and know how to disable it. Just covering it up with tape will not stop your webcam from recording audio. Once a hacker has control of your webcam remotely, they can spy on you and secretly record you for personal or financial gain.

Final Thoughts

So there you are, 13 of the most common mistakes people make online and now you have the awareness and knowledge to avoid them and keep yourself safe and secure.