12 mistakes that can get your data hacked – and how to avoid them

Posted on August 24th, 2018 by in How-to.

Along with the unprecedented convenience of the Internet has come the increasing risk of hacks and identity theft. Every day there are new examples of an individual or organization suffering a major cyber-attack, and each attack offers a warning to the rest of us. For instance, after the University of Michigan had three of its Facebook accounts hacked, they published a detailed breakdown of what happened. Their case study illustrates how one weakness can compromise an entire system.

As more of your data gets uploaded to the web, it is more important to safeguard yourself. We’ve compiled 12 of the most common security mistakes that could compromise your data.

1. Reusing the same password

While using the same password for all your accounts is convenient for you, it is even more convenient for hackers. Cracking one password would be enough to expose all of your data. Each account you own should have its own strong password. Given the difficulty of memorizing dozens of passwords, we suggest you use a reputable and encrypted password manager.

2. Not activating two-factor authentication

In the worst-case scenario where a hacker learns your password, two-factor authentication (2FA) can still prevent them from accessing your account. With 2FA enabled, any login to your account will require your account ID, your password, and a special code, typically generated by an app on your phone. (Note: 2FA that relies on sending you an SMS is still not secure. See the recent Reddit hack.) A strong, unique password paired with software or token 2FA is the best way to secure your data.

3. Clicking on links or opening attachments from uncertain sources

Phishing is one of the most effective ways hackers can penetrate security. A phishing attack is an attempt to trick you into giving up your credentials or downloading malware onto your device. The University of Michigan hack mentioned above began with phishing on Facebook Messenger. The infamous 2016 hack of the DNC began with a phishing email. If you receive a message from an unknown person asking you to click a link or download an attachment, inspect the URL and file closely. Sometimes the phishing email may even seem to come from somebody that you know. If anything seems suspicious, contact the person to verify they sent the email.

4. Not having an anti-virus or anti-malware program

Having a reliable anti-virus or anti-malware program installed on your device is one of the basics of preventing online hacks. There are numerous services that will protect your device from malicious URLs, ransomware, and other threats. Many operating systems such as Windows come with free anti-virus included (Windows Defender).

5. Skipping software updates

Developers release software updates in response to identified security vulnerabilities. If you are running outdated versions of programs, you are putting your data needlessly at risk. This applies to computers and mobile devices. To ensure you do not miss any updates, we suggest you enable these applications to update themselves automatically when possible.

6. Not using HTTPS

It may seem like a small change, but the “S” at the end of the hypertext transfer protocol (HTTP) can make a big difference to your online security. The “S” means you will force the HTTP protocol to go through another protocol, the secure sockets layer (SSL), which will encrypt and transport your data more safely. Sites without HTTPS can expose your data to anyone monitoring their traffic. Fortunately, the EFF has a downloadable app that will force sites to use HTTPS whenever possible called “HTTPS Everywhere.”
For those looking to add additional security, consider using a VPN to secure your internet data.

7. Not turning off AirDrop or Bluetooth

Unless you are actively sharing files or paired with another device, your Bluetooth and AirDrop networks should always be turned off. Bluetooth exploits like BlueBorne can allow hackers to connect to a device undetected and then take control of it, even forcing it to send out sensitive data. However, this is only possible if your Bluetooth connection is left on. As a bonus, keeping Bluetooth turned off will improve the battery life of your device.

8. Using public WiFi without a VPN

Even if you know who is running the network, public WiFi networks are rarely secure. They often lack proper protection protocols, leaving you exposed to man-in-the-middle attacks or WiFi sniffing. Both MITM attacks and WiFi sniffing can give hackers a window into your browsing history and let them read your keystrokes. Even worse, neither of these attacks is particularly complicated. But a very easy solution is to set up a VPN which will hide your data from attackers.

9. Not setting a screen lock or password protection

To protect your data, physical security is just as important as network security. Smartphones and laptops go with you everywhere, meaning there are lots of opportunities for intruders to access them. Never leave your device unattended and set a password to help ensure hackers cannot install malware on your computer.

10. Not encrypting the data on your device

Setting a password on your devices is a good first step, but pairing it with device encryption is the best way to secure your data if your device is lost or stolen. It is important to note that device encryption and setting a password are not the same thing. While both require a password, device encryption is a separate, additional step that prevents anyone from accessing data on your device without your password. Most Android and iOS devices come pre-loaded with encryption programs while Windows and Mac both support it.

11. Not using encrypted means of communication

The Snowden revelations revealed that most of our means of electronic communication is subject to mass surveillance, including phone calls, SMS, and email. By using communication services that are equipped with end to end encryption, such as Signal or Proton Mail, you can ensure that no one other than the intended recipient of your message can access it.

12. Sharing too much information on social media

Hackers can gain a lot of information simply by looking at your social media. Some of this information can then be used to reset passwords, apply for credit cards, or create more convincing phishing emails.
The best option would be to set your Facebook profile to private.

Otherwise, think twice when posting anything that contains the following information:

  • Names of family members (especially your mother’s maiden name)
  • Your date of birth
  • Where you were born
  • Where you went to college
  • Names of pets
  • Old or current addresses
  • Details about daily routines

Hackers can use any of these to target you or to answer your security verification questions.

These are just some of the steps that the average person can take to significantly reduce the exposure of their online data. As more and more of your sensitive data is handled online, knowing basic cyber security skills becomes critical. None of these fixes require advanced knowledge of computers or programming, just a little discipline and attention to detail. Of course, even if you implement all of the safeguards we suggest here, we cannot guarantee you will be 100% secure — but you will have made it significantly harder for an attacker to access your data.

Best Regards,
The Proton VPN Team

Follow us on social media to stay up to date on the latest Proton VPN releases: Twitter Facebook | Reddit

Get a free Proton Mail encrypted email account

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

5 comments

  1. Monjaro

    “Not having an anti-virus or anti-malware program”
    LOLWHAT?! Using such software is a major mistake! The truth is that all anti-virus companies cooperate with local special services. In Russia “Kaspersky Lab” closely cooperates with FSB and everyone knows this. In other countries, other companies are forced to cooperate with special services. People install software with a closed source code that has access to file system and has unlimited privileges. What kind of fool have you to be to voluntarily agree to add a fat backdoor into your system? I’m just shocked and still don’t believe that I read such advice in your blog! WTF. Just install Linux and forget about all this bullshit.

  2. John

    What a bullshit!! What evidence do you have by writing “everyone knows this”. Who knows? You?!! On what basis? Your auntie told you that?!! Maybe you are the fan of American Google of Facebook that spy everyone!! If you hit a store or a restaurant guys at Google know this by sending a message to evaluate a place. They know everything even though you do not reveal any info. How wil you call that?
    Kaspersky many times disclosed American NSA spying software and malware. They are cooperating with both FSB and INTERPOL/EUROPOL. So what?
    Read this, maybe you will learn something and stop writing nonsense bullshit:
    https://www.csoonline.com/article/3219848/vulnerabilities/show-the-proof-or-cut-it-out-with-the-kaspersky-lab-russia-rumors.html
    https://www.tomsguide.com/us/kaspersky-safe-to-use,news-25516.html
    https://www.dw.com/en/germany-no-evidence-russia-used-kaspersky-software-to-spy-on-us/a-40915126

  3. Cody

    Or use Telegram which is currently protecting dozens of millions of russians and iranians , two countries with hugely represive governments trying to crack it yet they haven’t done it, whereas Signal and Whatsapp backup/ send your messages to uncencrypted servers owned by Google and Apple – which will cooperate with governments if requested.

    Real time protection and privacy, not just “buzz”.

    See this interesting thread: “Signal and Wahstapp failed to protect Michael Cohen messages”

    https://twitter.com/zackwhittaker/status/1032685368485851136

  4. Reaver

    That’s right Cody, I do use Telegram and now a feel safe. Ditched whatsapp long ago.

  5. Gopher

    Signal sending chats to Google servers unencrypted? What kind of propaganda are you reading? Any source on that?
    Sorry, Telegram is not secure at all, see:
    https://security.stackexchange.com/questions/49782/is-telegram-secure

Comments are closed.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN