Scribbling your passwords on a notepad. Forgetting to lock your computer. Using unknown wi-fi networks...the list goes on and on. We all do these things from time to time, most often inadvertently. Sometimes we know we shouldn’t take risks online but do anyway, due to convenience or an attitude of “it won’t happen to me.” Yet bad online behaviors can have some very real consequences. In this post, we look at some of the worst internet offenses out there and share what you should be doing instead.
Behavior #1: Selecting Obvious Passwords
We’ve all been warned about this one may times, yet poor password security is one of the top internet offenses. As many studies have shown, people tend to choose weak passwords. Things like 1234, ABCD, birthdays of themselves or loved ones. We all know choosing an obvious password is bad, yet many internet users choose passwords that are guessable at best, and downright obvious at worst. Weak passwords make it too easy for cybercriminals to guess or hack, and subsequently gain access to your personal details and accounts.
Cybercriminals may gain access to passwords in a variety of ways:
- Buy Them on the Dark Web: The most common (and easiest) way to get passwords is to buy a list off the dark web. If your password has been compromised at any point, it’s a real risk that it might be out there floating around for sale in the internet’s underbelly.
- Brute Force Attack: An attack conducted via automated software, which tries all combinations available until it gets yours right. With today’s technology, these attacks are alarmingly successful and faster than you would imagine. One site reports that any password under 12 characters is vulnerable to being hacked in only 6 hours!
- Dictionary Attack: A dictionary attack works by trying a prearranged list of words, like you’d find in a dictionary. Many people simply combine words to make passwords, and this attack is sure to find any of these.
- Phishing: Phishing refers to the process of getting information out of you without your knowledge (and of course, without your consent). For example, a phishing email could tell you there is something wrong with your account and point you to a site to go fix it. This site might be a fake, built to resemble a legitimate company’s site. Then, once you enter your details, the criminals have them and can access your account.
When it comes to passwords, there are more risks than just your unique password being discovered. Here are a few more things to take into consideration.
Selecting Obvious Passwords…And Using Them Across Sites
Almost as bad as using weak passwords is the habit of using the same password across various sites. If someone accesses your password and you’ve used it in multiple places, they have access to even more of your accounts and personal details.
...And Sharing Them
Most of us know by now it’s not a great idea to share private passwords via email (or a messenger, like Slack). When you’re in a rush it can be easy to just send it over fast, but it’s a risky idea as your email could be intercepted or compromised in the future.
What To Do Instead
Use strong passwords. Strong password guidelines include the following:
- Don’t select obvious things like your name, birthdate, or anything that would be easy for someone to guess or find online
- Include a mix of charters and letters, both uppercase and lowercase, as well as numbers and symbols
- Make passwords long
- Don’t use sequential letters or numbers, or memorable keyboard paths
These days, most sites will tell you if your password is strong or not while you’re creating it. Many password managers also suggest passwords to help you stay secure as possible. For additional password protection, make sure to use a unique password across different websites you visit and logins you create. When you need to share, share passwords privately and securely using a password manager. When it comes to the security of your password, be sure to use a tool designed to keep you safe - and which uses encryption.
Behavior #2: Thoughtless Data Storage
We all have a lot of data these days. Whether we want to or not, it's a byproduct of our digital lifestyle. Some of this data is collected without our consent or knowledge (via implicit opt in by browsers and advertisers), some of it is so omnipresent we don’t even stop to think about it (email content, for example), and some of it is stored out of convenience, without much thought given to what the risks might entail (for example, storing passwords in your browser).
Data storage is often convenient, which is why many internet users are prone to this bad behavior. Storing details like passwords or credit card information can help us log in faster and avoid headaches...at least until something goes wrong. Saving or syncing files to the cloud is similarly convenient; it seems great until something goes wrong.
As a VPN company we talk a lot about securing data in transit (being sent over the web), but just as much attention needs to be given to data at rest (data stored locally on a machine or in the cloud as its final destination, but not inherently secure). There are myriad threats to data at rest, from hackers and snoops to someone stealing your laptop or finding a dropped phone that has sensitive details saved. Many people do not know how to secure data and engage in risky behaviors such as sharing devices or profiles.
Using cloud storage can be safe and secure (and again, convenient), but it can also be a dangerous practice if not done carefully! Some cloud providers are not secure, and if you are uploading private documents without a secure connection, you could also be putting yourself at risk for interception.
What To Do Instead
It’s important to think about secure data storage. Do not save passwords or details on shared logins or machines where someone could access them. When choosing a cloud provider, be sure to pick a legitimate provider with actual security protocols, and someone you can trust.
Behavior #3: Being Careless on Public Wi-Fi
We’ve written about the dangers of public wi-fi networks many times before. These networks are often secured poorly or not secured at all, and public wi-fi security is generally poor, making these networks dangerous for internet users who connect. This means being “careless” on public wi-fi encompasses a variety of things.
Connecting to Public Wi-Fi Without a VPN
...or other form of internet security or security software. We've said it before and we’ll say it again. The answer to the question “is public wi-fi safe” is “no.” It is generally not safe, and thus absolutely essential to use a VPN every time you connect to an unsecured or public wi-fi network. A VPN encrypts your connection to secure it, so even if it is intercepted nothing is visible. It also prevents the network from seeing what you are doing online and collecting this data on you.
Conducting Private Transactions on Public Wi-Fi
Another bad habit is to log into personal or sensitive accounts on public wi-fi (without a VPN!). It's best to learn how to secure wi-fi, but in general it’s not a great idea to log into accounts such as bank accounts or enter private details. Think of it this way: if you’re viewing the news or something benign on a public network and it’s intercepted, it’s not a huge deal. However, if you’re sharing bank details or conducting a private search and the information is intercepted, it is.
What To Do Instead
If you are trying to figure out how to use public wi-fi safely, a VPN is the number 1 way to improve public wi-fi safety. Additionally, avoid accessing private accounts or sensitive information while using public wi-fi.
Behavior #4: Neglecting Software Security
Software security involves a couple of things; both ensuring you don’t download any app or software containing malware from untrusted sites, and ensuring all software is updated frequently and as soon as possible.
Don’t Download Software from the Wrong Site
You may know the software name and know that it’s a safe product overall, but if you download it from a third party or unofficial site, you may be introducing vulnerabilities into your system.
Don’t Trust Unknown Applications or Sites
When it comes to software security best practices, it’s essential to be sure you are visiting sites and installing applications you can trust. With so many scams on the rise and malicious software out there, there are more software security issues than you might expect. It's essential to research the applications you are going to download and ensure they are a safe (and legitimate) choice.
Failing to Update
Whether you ignore software updates on purpose or mistakenly miss them, failing to make updates in a timely fashion can be a costly mistake. While software is often updated to introduce new features and functionality, it is often updated to address bugs or vulnerabilities in the code as well. This means if you fail to update, you fail to keep yourself protected from the latest threats and risks.
What To Do Instead
Follow all software best practices, which center around downloading or accessing from trusted and known sites. Go directly to the manufacturer's site when you are downloading software. Keep your applications and software up to date, and always install updates when prompted.
Behavior #5: Ignoring Internet Security
The internet is a dangerous place! Even basic browsing can be risky business, and there are many missteps you may take online. If you aren’t thinking about your internet security and aren’t taking active measures towards internet protection, you may be putting yourself at increased risk. The following are some internet security “no-nos” you should avoid:
- Not Using HTTPS: Websites that begin with https indicate a secure connection. If there is no “s,” the site is not secure and you shouldn’t connect.
- Not Using 2FA (Two Factor Authentication): Two factor authentication refers to the process of verifying your login to a site with a second source, and in doing so adding a layer of security for your accounts.
- Not Using A VPN: If you connect to the internet without a VPN, your online security is surely at risk!
- Neglecting to Secure Your Home Network: This can include using the default settings and passwords on your router.
- Not Checking Default Privacy Setting: These days, a practice called implicit opt-in is very common. It's likely you may be sharing or revealing more than you’d like to, as a provider has configured their terms so you are automatically agreeing.
- Giving Access to Apps: Allowing access to microphones, cameras and other tools that may be unneeded by a specific application can allow them unnecessary access to your personal device.
What To Do Instead
To employ the best internet security possible, it’s first essential to be aware that risks exist. Once you are aware of the threats out there, you can take active measures to combat them. Among these measures are always using https; using two-factor authentication; using a VPN; and checking up on all your settings for applications and programs.
Behavior #6: Revealing Private Data
Do you know what data your device is sharing about you? One major bad internet habit revolves around transmitting or sharing data – even if you’re not aware of the fact it’s happening! Many mobile phones and their applications ask for blanket permissions to access other data on your phone, which is often wholly unnecessary. Location services are often turned on by default, collecting information on your whereabouts you likely would prefer not to share. Features like airdrop can also allow people to access your phone unwittingly.
Another big no-no is neglecting to lock your computer or phone. This seems like a no-brainer, but can lead to unauthorized parties gaining access. Other choices, like oversharing on social media or personal sites like blog sites, or accepting friend requests or emails from strangers, can similarly lead you astray. These information privacy blunders can lead to dangerous consequences.
What To Do Instead
Adjust app permissions so that apps only have access to the exact thing they need, and do not have extensive access to files or location on your devices. Be wary of apps that ask for more permissions than seem reasonable, such as accessing your contact lists, your phone or location services.
A VPN for Internet Security
As you can see, it’s all too easy to participate in bad behaviors on the internet. With so many threats to internet security out there, it’s important to be aware of the risks. It’s also important to adjust your online behavior to safeguard yourself and protect your online security. While a VPN is not a cure-all for web security, it does provide the absolute best internet security. A VPN encrypts your internet connection to secure it, and in doing so protects you from a wide variety of risks – even if you practice some of our bad behaviors above from time to time. Give a VPN a try today!