Do you make these security mistakes and put yourself at greater risk for successful attacks?
How much of your personal time do you spend online? The answer may be a lot more than you think. One recent study estimated that Brits spend five hours on average each day glued to their screens, not including work time. It found that those aged 16-24 spend over 2,500 hours per year on Instagram alone.
In fact, we’re all shifting more and more of our lives online and into the cloud. We shop, stream video content, manage our bank accounts, socialize with friends and family, share photos, track our fitness and even speak to our doctor via a range of innovative user-friendly apps today. And we do so from a variety of devices – from the trusty household PC to tablets, smartphones and wearable gadgets.
All of this has implications for security. As the number of passwords, devices and accounts mounts up, our ability to keep track of all of these digital assets declines. Some of us resort to quick fixes like recycling passwords, which only makes things worse. Others might ignore security warnings altogether and carry on regardless.
Time for action
Human error like this is endemic. At work, it’s responsible for an estimated 82% of all corporate data breaches. But the same complacency and lack of security know-how can also bleed into our personal lives, putting our data and devices at risk. One research team found 24 billion stolen username/password combinations circulating on cybercrime marketplaces this year.
In short, we must get better at managing security risks, and that begins with understanding and mitigating the most common impacts of human error.
Top digital security mistakes to avoid
1. Clicking on links and opening attachments in unsolicited messages
Otherwise known as phishing, these missives can travel over email, text, social media, or messaging services like WhatsApp. They’ll usually spoof a legitimate sender like a bank and require an urgent response from the recipient. Doing so will usually lead to a covert malware download, or else the user will be tricked into handing over sensitive personal and possibly financial information. Always be skeptical of unsolicited messages and don’t click on links or open attachments in them. Check separately with the sender about the content of the message.
2. Skipping updates
Computer and device updates are a vital way of keeping systems secure. That’s because they’re the manufacturer’s way of delivering the most up-to-date software possible. Sometimes they’re issued to fix a specific vulnerability which hackers are taking advantage of in real time to hijack devices and accounts.
It pays to have automatic updates switched on for all software, browsers and operating systems.
3. Plugging in random USB drives
Removable media may not be as popular as it was several years ago. After all, most of us use cloud storage now to transfer data around. However, it can still be an effective transmitter of malware if plugged in to your machine.
For starters, never use a thumb drive that’s not yours.
RELATED READING: How safe is your USB drive?
4. Using and reusing weak passwords
This is one of the most common security mistakes users make, as evidenced by the stats above. Weak passwords are short, and easy for hackers to guess or crack. They’ll use them to hijack that account and possibly any others you share the same credentials with.
Passwords – or even better, passphrases – should be long, strong and unique. Use a password manager to keep them secure and easy to recall.
5. Failing to enhance logins with 2FA
Increasingly, organizations are forcing their staff to use multi-factor, or two-factor authentication (2FA). It’s used to add an extra layer of security on top of passwords because it includes a second “factor” like an SMS code or facial scan, that the hackers will find it harder to steal or replicate. But many of us fail to apply it to our personal systems.
Turn on the MFA option for all of your online accounts.
6. Failing to back up
Regular backups are another mundane but essential security step that many of us neglect. That can cause trouble if hackers manage to access and encrypt all of our data, demanding a ransom in return for the decryption key.
Backing up regularly, with one copy offline, can insulate you from this kind of extortion, and any accidental data loss.
7. Getting distracted
One of the main problems of having our digital world one click away on our mobile devices is that many of us may be distracted when out and about. That can lead to mistakes being made. It takes just one misplaced click on a link in a phishing email to land you in big trouble.
When you’re looking at your screen, give it your full attention. Even better, don’t click through on any emails or messages if you’re not sure where they came from.
8. Using and sharing work devices for personal use
The new era of remote and hybrid working means many of us now spend more time logging on to work whilst at home. Unfortunately, that makes it more tempting to use the corporate device for personal tasks like shopping, internet downloads, gaming or streaming content. This might put your employer at risk, and potentially your job, if malware ends up on the machine, and hackers can access corporate networks and apps.
Try to separate work and play by only using the corporate machine for work business. Log on for fun stuff with your own laptop, smartphone or tablet.
9. Being complacent
One of the biggest challenges with security is that users are likely to think everything is OK, until it’s too late. We trust the companies we do business with and the technology providers whose products we use every day. But that can breed a false sense of security.
Take time out to look at the security settings of your devices, and read articles like this one to get better informed about the main risks – and how to manage them.
10. Not using security software on all devices
Many of us appreciate the value of reputable security software. But how many have installed it across all of our devices? Often that leaves smartphones and tablets exposed to malware hidden on websites, in phishing messages and in mobile apps.
Our digital lives are increasingly important to us. We should protect them by giving digital security the time and attention it deserves. Find a vendor you trust and ensure all PCs and devices are protected.
by Phil Muncaster, ESET