We all have bad online habits…but often we don’t know what they are or, worse yet, we don’t know how to fix them. These bad habits can have serious consequences, though, so it’s worth your time to read through to determine the best way to break these habits that keep you safe from online security threats.
It feels like common sense that we should watch out for online viruses and be vigilant about our security to keep from having our accounts hacked.
But how exactly do we do that?
This is the part where most people get hung up.
We don’t know what we don’t know, right? What are the things we’re doing online that are security threats to us?
That’s why here I share with you 16 bad online habits that expose you to online security threats. If any of these habits are yours, then now is the time to break them!
Most Important Bad Habit
Before we get down to the nitty-gritty, there’s one “bad habit” (or rather, bad omission), that you need to fix.
If you do nothing else after reading this article, please learn this one thing.
The worst habit you can have is not using 2-factor authentication.
Not Using 2-Factor Authentication (2FA)
Are you logging onto your bank, email or investment account without verifying your identity with 2-factor authentication?
This is one of the worst bad online habits, and it needs to change.
Although no security feature is 100% secure, two-factor authentication is currently the gold standard for online security and identity verification. This is the case both in the consumer space and in the office.
2FA is the process by which, after entering a username and password, you’re only granted access after successfully presenting an additional piece of evidence to prove your identity.
This piece of evidence could be:
- A pin number sent through SMS text message to your mobile phone;
- A one time password (OTP) given through an app like Google Authenticator;
- A special 2FA security key like the Google Titan.
In this day of age, 2FA is widely adopted and most likely you’ve already been forced to use it for some accounts.
But you should take an additional step further to enable 2FA on everything from your bank and brokerage accounts, email, work systems, and everything else 2FA works with that can benefit from an additional layer of security.
Bad Online WiFi Habits
Who doesn’t love Wi-Fi? These days, we are fortunate that you don’t have to go far to find a reliable Wi-Fi connection.
But the convenience of Wi-Fi makes us all prone to careless online habits that increase risk from online security threats. Let’s go over them one-by-one.
Checking Your Online Bank Account on Public Wi-Fi
If there is one thing you shouldn’t do while connected to public Wi-Fi, it’s checking your online bank account. While convenient, public Wi-Fi networks are never secure.
Hackers love to prey on public WiFi networks…
When I say “public WiFi”, I’m talking about connecting to the internet at…
…a coffee shop,
…or even your local grocery store.
Hackers prey on public Wi-Fi networks as they have limited security and people don’t think twice about the information they send over public Wi-Fi when connected.
If you decide to log into your online bank account over public Wi-Fi and a sophisticated hacker is snooping on the network, your risk of your username and password leaking out are really high.
So, if you have the habit of checking your online bank account while connected to public Wi-Fi, you need to make some changes. This could include:
- Checking your bank account on your phone using your cellular network.
- Using a trusted VPN service to secure your connection on a public network (see #3 next).
Using Public Wi-Fi Without a VPN
Although checking your online bank account on public Wi-Fi is among the worst online habits you can have, I’m not a fan of sending any information whatsoever through public networks.
There are just too many ways hackers can use public Wi-Fi networks to steal your online information including (links to go descriptions of how these attacks work):
With a hacker playbook that extensive, it’s tempting to give up connecting to public WiFi altogether.
But that’s not feasible, so the next best option is something known as a Virtual Private Network, or VPN.
Connecting to a VPN while on a public WiFi network secures and encrypts your activity on the network.
VPNs send your Internet traffic through an encrypted tunnel making your information impossible to crack even to the most talented hacker.
Not Properly Securing Your Home WiFi Network
Although home Wi-Fi networks aren’t public, so many people turn their private home networks into public networks by not enabling an access password.
It’s now being broadcast for everybody to see and use!
If there is one thing I really hate, it’s folks freeloading off of my Internet and crashing its bandwidth. So, if you don’t have a password enabled on your wireless router, it’s time to get one!
But adding a password is only half the battle to keep your home network secure. When your router broadcasts your home Wi-Fi SSID, it invites attention from hackers with nothing but time to crack into your home network and listen in on your Internet activity.
To reduce this online security threat, go into your Wi-Fi router settings to stop broadcasting the WiFi SSID and make it invisible. It’s not a foolproof way to stop hackers, but you will no longer be the “low-hanging fruit” most hackers give their attention to.
Surfing Non-Secure Websites
While we’re on the topic of public Wi-Fi and Internet, another tip to follow that will keep you safe from online security threats is to only view websites with proper security certificates.
How can you determine which websites have security certificates and which ones don’t?
It’s as easy as looking at the URL and seeing if the website is using HTTPS versus simple HTTP. Google Chrome often warns you about these websites with a notice in the address bar that says “Not Secure”, like what you see here:
Websites with HTTPS have added security making them harder for hackers to listen in and get information you send online.
Websites with only the standard hypertext transfer protocol are unprotected and much more vulnerable to security flaws.
Never enter credit card information on a website that isn’t secured with https!
Where things can get really dangerous for you are entering your credit card information on a website with only HTTP. Hackers stake out those types of websites all the time in the hope of stealing some poor fella’s banking info.
Don’t let that happen to you!
Bad Habits with Your Passwords
I’m sure all of us have either been a victim or had a friend whose bank account, email, or social media password was stolen.
It’s far too common, so let’s cover the bases on how you can break terrible password habits and keep them secure.
Avoid Easy to Guess Passwords
The fact that the most common password found in data breaches is “123456” tells us that we all need some training on making strong passwords!
If you’re also thinking that your name in combination with your birthday and an exclamation mark will keep your bank account secure, guess again!
Do yourself a favor and use this password checker to get immediate feedback about how strong or weak your password is.
You see, once a hacker has information like your username for your bank account, they will search out personal information about you online and use what they know to guess generic passwords you might use.
When you’re creating the best passwords are long, have a mix of letters in both upper and lower case, including numbers and symbols, and most importantly, have no ties to your personal information.
Wondering how you’ll ever remember such a thing? Signing up for a good password manager app will help.
Recycling Passwords Across Multiple Accounts
You could have the strongest password in the world, but if you recycle the same password across multiple accounts…
…you’re doing something wrong.
Let’s just say a hacker manages to sniff out you entering your username and password to your Facebook while connected to Public Wi-Fi.
If you’re like everyone else who recycles your password for everything including your bank accounts, this hacker just stumbled onto a goldmine of information.
Hackers can also target large websites that everyone uses to steal passwords too. Big department stores and even credit bureaus get hacked!
They don’t need to always steal passwords from you to score big.
Any single password will never be fully secure, but you can greatly reduce risk from online security threats by having a separate password for each online account you have.
A password manager like the recommended Dashlane app will help keep all your passwords organized and secure for you.
Writing Down Your Passwords
Hackers can’t access the notebook or sheet of paper you use to write down your passwords, right? So that must mean it’s a great way to stay safe.
Unfortunately, it’s not.
(and it could get you fired)
Research suggests that it is quite common for people to write down passwords and what they are for both at home and at work.
While that makes remembering each unique password so much easier, there are a number of downsides to this practice of writing down your passwords in a personal notebook.
In many cases, you can lose your job for jotting down work passwords.
It also doesn’t take much effort for a colleague or someone from the cleaning crew to stumble upon your passwords and rat you out to management or worse, access your private information without your consent.
Most people feel a lot easier about writing passwords down at home, but can you really trust your roommates not to snoop through your personal information?
You’re also discounting the risk from burglars as well. Your passwords in the hands of a burglar are as big a score they could ever hope to get when robbing your home.
The easy solution here is to refrain from writing down, and this is exactly how a password manager app works. The point is to keep all that information locked up and safe from prying eyes.
Bad Online Habits at Work
In my time working in corporate America, I’ve noticed that people can be really sloppy at keeping themselves safe from online security threats at the office.
Let’s go through the common bad online habits you can have at work.
Not Locking Your Computer at Work
I probably have to get up between 5-10 times every day while I’m at the office. Before going off to get a coffee, eat lunch, or use the restroom, I always remember to lock my computer.
Imagine the damage someone could do to me should I leave my computer unlocked. Should someone hold a grudge against me, it would be so easy for that person to send an embarrassing email to my company’s CEO or cc my entire company in a nasty note without my knowledge.
It’s also very likely the information displayed on your screen is confidential, especially if you work with clients.
So, to protect yourself and also maintain confidentiality, you should always lock your computer screen when walking away.
Clicking on Links in Unrecognized Emails
Email phishing scams are still a big problem, despite a company’s IT Department always trying to beef up security.
You receive an email that looks legit, comes from a company you recognize, and asks for you to provide sensitive information like your work usernames and passwords.
Whenever you encounter an email that asks for sensitive information or asks you to click on a link, you should always consider it as a phishing scam and report it to your company’s IT Department.
Some clues to determine if it is phishing, apart from the request to provide sensitive information, are the sender’s name may be mistyped and the email isn’t even addressed with your name.
Everybody is at risk of falling for these scams (even smart people), so I recommend implementing something like the STOP method to defeat email phishing scams.
These are just a couple of ways to spot out a phishing scam.
It doesn’t matter if you use Yahoo email, Gmail or one of the many alternatives to Gmail out there, phishing scams are a big problem.
The bottom line: be skeptical when asked to provide sensitive information over email.
Bad Personal Device Security Habits
Enough about work.
There’s also plenty of bad online habits you can also make in your personal life as well. These are the top two habits you should be mindful of and break.
Not Keeping ALL Software and Apps Up to Date
It’s often the case where I’m busy working on my computer and whenever a notification informing me that important software updates are ready to be installed on my computer, I dismiss it entirely.
This is a bad online habit of mine that I’m trying to break and you should too if you also have this problem.
Software updates are essential for thwarting online security threats because they repair security holes present on your system.
Hackers are consistently looking out for security holes and writing code to target vulnerabilities with malware. All it takes is for you to view infected data and hackers can then have access to your private information.
So, whenever you are notified to update software on your computer, your anti-virus, mobile phone, and anywhere else you run software, use it as an opportunity to take a break.
You definitely won’t regret it in terms of the benefits you receive in added security.
Not Checking Privacy Settings on Apps/Websites
This is a big mistake everyone makes when downloading free apps and services.
For example, there are plenty of free VPNs out there that claim to do everything that paid VPNs can. The catch is free VPNs generally make money from selling your data to marketers and ad agencies (read more about free vs paid VPNs)
Remember that nothing in life is truly free. So, when you come across an app or a service that markets itself as “free,” ask yourself:
What’s in it for them?
Most likely, the terms and conditions of use, which most of us agree to without giving a second’s hesitation, make it clear that you sign-off on giving the service full authority and rights to keep, analyze, and sell your data.
Bad Online Habits Related to Finance
Finally, let’s wrap up here on bad online habits you may have that can leave your wallet exposed to online security risks.
These are the online security threats that can cause some of the worst damage.
Giving Personal Banking Information on an Incoming Call
Among the latest scams out there are phishing over the phone where someone will convince you to provide your bank, debit or credit card information.
“How would I ever get tricked into doing that?”
Well, so many people already have and they probably would have felt the same as you before getting scammed.
Phishers have become really sophisticated in their tool kit to where they can manipulate caller ID to make themselves appear as if they are calling from a reputable institution.They’ll wait to call you until they have information like your address, and parts, if not all, of your credit card and social security number.
With those details in hand, they sound legit and when they ask for your pin number, so many people give it without question to find out later scammers went to town racking up expenses on their debit card.
How can you avoid this scam?
Remember that banking institutions never ask for your pin number and you should always be skeptical when someone asks for your private banking info without you initiating the call.
Note: although not technically a scam, even automated services have risks. In early 2022, Plaid settled a $58 million lawsuit related to how they collected and misused your banking data.
Not Taking Advantage of Mobile Payment Apps to Buy Things
Payment apps have yet to really take off in Western countries, but using mobile payment apps like ApplePay and Google Wallet are already widely accepted globally and you should start using them.
Well, the primary reason is mobile payment apps are far more secure than using your debit or credit card.
Whenever someone steals your debit or credit card, they can do a whole ton of damage to your bank accounts before you notice and you then have to go through the painful process of filing a claim with fraud protection.
When paying with mobile payments apps, you always have the benefit of two-factor authentication like your thumbprint or Face ID.
Credit cards don’t have this same protection.
Secondly, when using mobile payment apps, the store where you shop doesn’t get your credit card information. This makes you even less exposed to potential theft.
Not Checking Your Free Credit Report
You’ve likely heard of identity theft and the dangers it poses to you and your online security. The best way to protect yourself from identity theft is to check your free credit report.
Whenever you apply for a loan or a new credit card, the lender or credit card institution will do what is known as a “hard pull” on your credit report.
The same goes if someone steals your identity without you knowing. So, you can always ensure no one is taking out loads of cash under your name when reviewing your credit report.
You are entitled to one free credit report every 12 months with the three nationwide credit reporting institutions in the US (those being Experian, Equifax, and Transunion). Keep in mind that these credit bureaus aren’t your friend, they offer this free credit report because the government has forced them to by law.
If you do the math, you see that you can check your free credit report once every four months to ensure there is no suspicious activity on your record. And if you know that you’re the type of person that won’t remember to check, there is value in using a good identity monitoring service.
BE CAREFUL! Watch out for organizations that claim to pull your credit report for free and are not Experian, Equifax, and Transunion. Most likely they will do the service for free but then charge your account later on without you knowing. This happened to me until I noticed the activity on my bank statement.
Not Reviewing Your Bank Statement for Suspicious Spending
Do you regularly check your bank statement for suspicious purchases and deductions? You may just discover recurring expenses that are costing you lots of money over a long stretch of time.
After discovering my bank account was being regularly charged by a credit report service that originally marketed itself to me being “free,” I learned to check my bank statement as often as I could.
Not only will checking your bank statement help you determine if you’re being scammed, but you can also use it to monitor for suspicious activity.
Although banks and investment institutions have fraud departments that watch over your accounts, I don’t imagine they are able to stop every thief. Reviewing your bank statement will help ensure that the occasional thief that gets away didn’t steal from you.
Stop These Bad Online Habits!
Here I shared 16 bad online habits that you need to break today.
We covered everything from bad habits we have when using Public Wi-Fi, proper password etiquette, and bad habits to break at work and in your personal life.
Ultimately, the goal is to reduce the odds for hackers to steal your private information and bank account details.
While we covered a lot, we still didn’t chat about smart devices we carry in our home like Google Home, Alexa, Facebook Portal, and Nest among others. Most people aren’t aware of all the ways that Facebook tracks you!
Is it possible they are always listening and storing that data?
Developers behind these products say that isn’t the case and I wouldn’t be overly alarmed…
But that isn’t to say that the companies behind these products aren’t vulnerable to a security breach to where your home smart devices can leave you exposed.
My final thoughts of advice are when setting up smart devices in your home, if possible, create a single account for them that isn’t linked to your other accounts or banking information. That way if there is a security breach, hackers will only discover an unlinked account keeping you and your many accounts secure!