In today’s digital world, much of our lives unfold online. Every interaction, login, and piece of information we share contributes to our digital footprint, which requires continuous protection from potential online threats such as scams and malware. While implementing best practices to safeguard ourselves online may seem daunting, fear not! We’re here to provide guidance.
To shed light on prevalent cybersecurity mistakes and offer practical alternatives, we sought insights from two experts. Read on to discover which habits you should steer clear of and how to fortify your online presence for a safer and more secure digital experience.
Mistake #1: Reusing the same password across various platforms
Sriram Karra, senior product manager of sign-in security, emphasizes the importance of abandoning the practice of using identical passwords across different accounts. This seemingly innocuous habit can trigger a dangerous chain reaction. For instance, if a platform where you use your Gmail password experiences a breach, your Google Account would be at risk as well. “Regardless of our robust online security measures, reusing passwords can compromise your Google Account if a third-party website is breached,” Sriram explains.
What to do instead: Steer clear of reusing passwords and leverage Google Password Manager to effortlessly generate and manage unique sign-in credentials. Furthermore, pay special attention to selecting a strong and distinct password for your Google account, as compromising this account could result in losing access to other accounts, Sriram advises. Additionally, consider incorporating passkeys into your Google account to enable secure and hassle-free sign-ins using your device’s biometrics or PIN, offering a convenient password-free sign-in experience as more services adopt passkey support.
Mistake #2: Neglecting software updates
While it may be tempting to dismiss persistent software update prompts, our experts caution against doing so. “After utilizing a password manager, ensuring timely software updates ranks as the second most crucial security practice,” says Christiaan Brand, group product manager of identity. These updates frequently contain vital security patches designed to address vulnerabilities exploited by attackers. Delaying updates exposes your devices, data, and privacy to potential risks.
Moreover, procrastination in updating often results in forced updates at inconvenient moments, potentially disrupting your activities and leading to application crashes or temporary loss of functionality.
What to do instead: Prioritize regular software updates to maintain a secure digital environment. Ensure your devices receive system and security updates automatically, a feature offered by platforms such as Android and ChromeOS, safeguarding your devices against evolving threats without requiring manual intervention.
Mistake #3: Overlooking 2-Step Verification
Failing to activate 2-Step Verification, a security feature that introduces an additional step during sign-in to deter unauthorized access, constitutes a critical online security oversight. “Enabling a second verification step can mitigate various types of attacks, including all automated bot attacks,” Sriram highlights. However, many users tend to disregard setting up this straightforward yet effective security measure.
What to do instead: Activate 2-Step Verification by following the instructions for your Google Account outlined here. This feature sends prompts to your phone to authorize login attempts, significantly bolstering your account’s protection against unauthorized access. For individuals facing heightened security risks due to professional backgrounds or personal circumstances, the Advanced Protection Program is an option.
Mistake #4: Not setting a screen lock PIN on your mobile device
Christiaan underscores the significance of configuring a screen lock on your device to safeguard your data, emphasizing its role in preventing unauthorized access and inadvertent triggers, ultimately instilling good security practices.
However, not all screen lock PINs offer equal levels of security; Sriram advises against using weak, easily identifiable PIN patterns such as 1234, despite their apparent convenience, due to the potential security risks if your phone falls into the wrong hands.
What to do instead: Opt for a robust screen lock method, such as a complex password or biometric authentication employing fingerprint or facial recognition, available on devices like Google Pixel phones that offer secure and user-friendly biometric options. Additionally, in the event of losing or misplacing your phone, utilize Google’s Find My Device to locate and secure your device. Additionally, in trusted locations like your home or office, specify conditions for when and how long your phone remains unlocked here.
Mistake #5: Clicking on suspicious links
Cybercriminals frequently cloak malicious links as legitimate ones, making it challenging to discern between truth and deception. According to Christiaan, it’s difficult to entirely avoid clicking on links or to rely solely on links from trusted sources given the modern digital landscape where malicious links can be disguised as authentic emails and innocuous social media posts. However, failure to exercise caution can pave the way for malware and data breaches.
What to do instead: Stay vigilant and exercise caution when clicking on links, even those that appear genuine. For added protection, activate Google Enhanced Safe Browsing, which identifies and warns against a continuously updated list of phishing and malware sites. By leveraging this tool, you proactively shield yourself against potential threats that could jeopardize your security, essentially having your own personal online security watchguard while browsing.
Mistake #6 Not having a password recovery plan
Instances of forgetting your password or misplacing your phone, which plays a pivotal role in a two-factor authentication system, are normal and can be addressed through robust automated Account Recovery, notes Sriram. However, failing to establish a recovery plan beforehand can leave you locked out of your account for an extended period if such events occur.
What to do instead: Create a recovery plan proactively to avoid being locked out of your account when critical. You can add a recovery email address or phone number to enable Google to contact you in case of an account lockout. Additionally, ensure your account is equipped with adequate verification information by following the steps outlined here to streamline the recovery process. Much like a spare key, Google’s account recovery options empower you to regain access in the event of password loss or device misplacement.
By heeding the advice of our experts and leveraging Google’s robust tools, you can erect a formidable digital defense and maneuver the ever-evolving digital landscape with confidence.
