Along with the unprecedented convenience of the Internet has come the increasing risk of hacks and identity theft. Every day there are new examples of an individual or organization suffering a major cyber-attack, and each attack offers a warning to the rest of us. For instance, after the University of Michigan had three of its Facebook accounts hacked, they published a detailed breakdown of what happened. Their case study illustrates how one weakness can compromise an entire system.
As more of your data gets uploaded to the web, it is more important to safeguard yourself. We’ve compiled 12 of the most common security mistakes that could compromise your data.
1. Reusing the same password
While using the same password for all your accounts is convenient for you, it is even more convenient for hackers. Cracking one password would be enough to expose all of your data. Each account you own should have its own strong password. Given the difficulty of memorizing dozens of passwords, we suggest you use a reputable and encrypted password manager.
2. Not activating two-factor authentication
In the worst-case scenario where a hacker learns your password, two-factor authentication (2FA) can still prevent them from accessing your account. With 2FA enabled, any login to your account will require your account ID, your password, and a special code, typically generated by an app on your phone. (Note: 2FA that relies on sending you an SMS is still not secure. See the recent Reddit hack.) A strong, unique password paired with software or token 2FA is the best way to secure your data.
3. Clicking on links or opening attachments from uncertain sources
Phishing is one of the most effective ways hackers can penetrate security. A phishing attack is an attempt to trick you into giving up your credentials or downloading malware onto your device. The University of Michigan hack mentioned above began with phishing on Facebook Messenger. The infamous 2016 hack of the DNC began with a phishing email. If you receive a message from an unknown person asking you to click a link or download an attachment, inspect the URL and file closely. Sometimes the phishing email may even seem to come from somebody that you know. If anything seems suspicious, contact the person to verify they sent the email.
4. Not having an anti-virus or anti-malware program
Having a reliable anti-virus or anti-malware program installed on your device is one of the basics of preventing online hacks. There are numerous services that will protect your device from malicious URLs, ransomware, and other threats. Many operating systems such as Windows come with free anti-virus included (Windows Defender).
5. Skipping software updates
Developers release software updates in response to identified security vulnerabilities. If you are running outdated versions of programs, you are putting your data needlessly at risk. This applies to computers and mobile devices. To ensure you do not miss any updates, we suggest you enable these applications to update themselves automatically when possible.
6. Not using HTTPS
It may seem like a small change, but the “S” at the end of the hypertext transfer protocol (HTTP) can make a big difference to your online security. The “S” means you will force the HTTP protocol to go through another protocol, the secure sockets layer (SSL), which will encrypt and transport your data more safely. Sites without HTTPS can expose your data to anyone monitoring their traffic. Fortunately, the EFF has a downloadable app that will force sites to use HTTPS whenever possible called “HTTPS Everywhere.”
For those looking to add additional security, consider using a VPN to secure your internet data.
7. Not turning off AirDrop or Bluetooth
Unless you are actively sharing files or paired with another device, your Bluetooth and AirDrop networks should always be turned off. Bluetooth exploits like BlueBorne can allow hackers to connect to a device undetected and then take control of it, even forcing it to send out sensitive data. However, this is only possible if your Bluetooth connection is left on. As a bonus, keeping Bluetooth turned off will improve the battery life of your device.
8. Using public WiFi without a VPN
Even if you know who is running the network, public WiFi networks are rarely secure. They often lack proper protection protocols, leaving you exposed to man-in-the-middle attacks or WiFi sniffing. Both MITM attacks and WiFi sniffing can give hackers a window into your browsing history and let them read your keystrokes. Even worse, neither of these attacks is particularly complicated. But a very easy solution is to set up a VPN which will hide your data from attackers.
9. Not setting a screen lock or password protection
To protect your data, physical security is just as important as network security. Smartphones and laptops go with you everywhere, meaning there are lots of opportunities for intruders to access them. Never leave your device unattended and set a password to help ensure hackers cannot install malware on your computer.
10. Not encrypting the data on your device
Setting a password on your devices is a good first step, but pairing it with device encryption is the best way to secure your data if your device is lost or stolen. It is important to note that device encryption and setting a password are not the same thing. While both require a password, device encryption is a separate, additional step that prevents anyone from accessing data on your device without your password. Most Android and iOS devices come pre-loaded with encryption programs while Windows and Mac both support it.
11. Not using encrypted means of communication
The Snowden revelations revealed that most of our means of electronic communication is subject to mass surveillance, including phone calls, SMS, and email. By using communication services that are equipped with end to end encryption, such as Signal or ProtonMail, you can ensure that no one other than the intended recipient of your message can access it.
12. Sharing too much information on social media
Hackers can gain a lot of information simply by looking at your social media. Some of this information can then be used to reset passwords, apply for credit cards, or create more convincing phishing emails.
The best option would be to set your Facebook profile to private.
Otherwise, think twice when posting anything that contains the following information:
- Names of family members (especially your mother’s maiden name)
- Your date of birth
- Where you were born
- Where you went to college
- Names of pets
- Old or current addresses
- Details about daily routines
Hackers can use any of these to target you or to answer your security verification questions.
These are just some of the steps that the average person can take to significantly reduce the exposure of their online data. As more and more of your sensitive data is handled online, knowing basic cyber security skills becomes critical. None of these fixes require advanced knowledge of computers or programming, just a little discipline and attention to detail. Of course, even if you implement all of the safeguards we suggest here, we cannot guarantee you will be 100% secure — but you will have made it significantly harder for an attacker to access your data.
The ProtonVPN Team
To get a free ProtonMail encrypted email account, visit: protonmail.com