As tech-savvy as we tend to be these days – relying heavily on the internet for everything from communication, information and productivity to entertainment, shopping, and banking – many Americans admit to being lackadaisical when it comes to cybersecurity.
This is according to the results of a recent survey conducted online by the Harris Poll, commissioned by Aura, a leading digital security company, that found a disconnect between awareness of cybersecurity threats and behaviors that invite the risk.
For example, half of those surveyed admit to downloading software or files from third party sources without knowing their origin. Nearly three-quarters of victims of past online fraud say the used the same password for multiple accounts, while 51% concede they open emails from senders they don’t recognize.
These potentially dangerous online habits extend to social media, too, with about half of respondents admitted to accepting friend requests on social media from people they don’t know, tagging their location in photos posted on social media while they’re on vacation, and clicking on hyperlinks in social media posts.
And issues seem to be getting worse, perhaps because of spending even more time online since the start of the pandemic. According to a report published by the FTC, total fraud losses cost Americans about $3.3 billion dollars in 2020, an increase of 54% year over year.
Take heed to these following four common yet risky behaviors, and how to avoid them:
1. Using the same password on multiple accounts
While convenient, avoid using the same password for your online activities, because if a service is hacked and your password is exposed, cybercriminals will no doubt try it on another of your accounts.
(With that massive Yahoo! breach a few years ago, stolen email passwords were often found to cross-reference with users’ bank accounts.)
Not only should you use different passwords for all accounts – and reputable password manager apps are a handy way to remember them all – but you could also try to use a passphrase instead of a password. In other words, a sequence of words and other characters, including numbers and symbols.
Also, make it harder for hackers to access your data by adding a second layer of defense. Two-factor authentication is highly recommended for all your online activity, such as your web mail, online banking, cloud accounts, and so on, which means you not only need a password or passcode (or biometrics logon, such as a fingerprint or facial scan), but you will also receive a one-time code notification to your mobile phone that you will need to type in.
► Two-factor authentication: Why you shouldn’t rely on texts to sign into account
2. Downloading software from third-party sources without knowing its origin
Whether you’re on a computer, smartphone or tablet, stick with reputable app stores to download software to your device.
Yes, there are official stores integrated into your operating system, such as the Windows Store, Mac App Store, Google Play (for Android devices), and AppStore (iPhone, iPad). While nothing is 100%, apps at these stores have been vetted by gatekeepers, to ensure there isn’t anything harmful.
Apple won’t let you install apps to your iPhone or iPad from other app stores, in fact, but most other platforms allow it. Android users, for example, have the freedom to download from third-party stores or even “side load” programs offline, such as transferred from a microSD card or USB cable connected to a PC. That’s not a great idea, as it opens you up to even more risk.
On a related note, stick with app developers you know and love.
If you’re curious about a new app or game, though, don’t ever be the first to download it. Wait until ther
e are several thousands ahead of you and read reviews and comments – just to err on the side of caution. Why be a Guinea pig? Read the terms and conditions for each app, too, and be suspicious if a calculator wants your location or a racing game asks for access to your microphone and camera, as examples.
As an extra layer of defense, have good anti-malware (“malicious software”) on your devices (see next tip).
3. Opening and engaging with emails from senders you don’t recognize
Often referred to as a “phishing” scam, these are authentic-looking emails that appear to be from your bank, Internet Service Provider (ISP), favorite online store, IRS, or other organization, with the intent to “lure” you to a site that asks you to verify your personal or financial information.
On mobile devices, these might be referred to as “smishing” messages, since they’re phishing for your private information sent to you via SMS (text message).
What does the sender want? To defraud you.
And it’s on the rise.
During the pandemic, emails may have looked like they’re from legitimate organizations like the Centers for Disease Control and Prevention or World Health Organization, plus with government stimulus packages to help people and business make ends meet after being furloughed or laid off, fraud tied to government benefits spiked considerably last year.
In the first quarter of 2021 government benefits fraud was up nearly 3,000% year over year, says the Federal Trade Commission.
And, with more people working remotely, there is an expanded landscape for social-engineering scams, particularly impersonating human resources or executives at one’s organization.
To avoid falling victim to a phishing scam, look closely at the email sender and ensure it is a legitimate address. Know that companies (like your bank) and the government will never ask you to urgently confirm financial details with you in this manner. When in doubt, contact the institution with a phone number you already have for them, and not with one provided in the message.
Reputable anti-malware protection on your devices can identify, block, quarantine, delete, and report any suspicious activity.
Aura, for example (from $10/month), provides proactive digital security, alerting you to threats like malware, fraud alerts, a VPN (Virtual Private Network) for anonymous browsing, password manager, identity theft insurance, and more (depending on the subscription level).
On a related note, set all your software, including your operating system, to automatically install updates, so you don’t have to remember to do so.
4. Using public Wi-Fi
While free public Wi-Fi hot spots seem to be everywhere – restaurants, libraries, airports, and hotel lobbies – you’re putting your information at greater risk compared to using a private network.
In fact, you might think you’re joining a legitimate network, like “Miami International Airport Wi-Fi” when in fact it’s a fake (“rogue”) network setup by someone nearby, who’s trying access your info.
Even if it’s a legitimate hot spot, those who provide free Wi-Fi can (and often) collect and sell data about your browsing habits.
► Why college students need to use a VPN: How to pick the right one
Another misconception is a public Wi-Fi hot spot is safe if there’s a password required, often given out by the establishment. It’s not much safer than not having a password if it’s freely given out to everyone indiscriminately.
Instead, while using your laptop on the go, consider your smartphone’s cellular connection by creating a personal hot spot (which counts towards your mobile phone’s data plan) or wait until you get home on a private network.
If you absolutely must use free public Wi-Fi, at least run a VPN to browse anonymously, and avoid conducting any financial transactions.