• United States



5 worst cybersecurity habits with catastrophic consequences

Oct 09, 20175 mins
Backup and RecoveryCyberattacksCybercrime

Users are harming themselves with little or no cyber protection.

cybersecurity ts
Credit: Thinkstock

Smoking cigarettes. Drinking too much alcohol. Over-spending. Too much snacking and overeating. Dining on fast food. Those are some of the worst personal habits, according to Reader’s Digest.

Those tendencies, and their consequences, are obvious. So is quitting them, which can lead to a healthier and happier life.

Bad cybersecurity habits, however, aren’t as obvious — yet they can have devastating effects.

Here’s a look at the worst ones people fall into and the harm they cause.

5 of the worst cybersecurity habits

Lax attitude

“The chances of getting hacked are so low that I don’t need to bother with learning about cyber protection.” Wrong.

The Equifax hack alone may have affected more than 55 percent of Americans over the age of 18. The Yahoo hack put all 3 billion of its users at risk. Cyber crime is soaring. A ransomware attack occurs every 45 seconds.

“My employer will take care of it for me.” Wrong again.

Plugging into the corporate network only increases the cyber risk and exposes a user to more perpetrators.

Users should take security seriously and learn something about it. If not, then they’re neglecting their cyber safety and they’ll pay for it.

No email protection

Not using protection — namely two-step verification — is taking a big risk.

Email theft is one of the biggest cyber crimes. The major hacks making headline news have led to a massive number of stolen login IDs and passwords for sale on the dark web.

To protect users from hackers who have access to stolen identities, most email apps, including Gmail, Yahoo Mail, AOL Mail, and Outlook, offer two-step verification.

With two-step verification turned on, an email app requires an extra code when a user logs in. Each time a user enters their login ID and password, the email app texts them a secret code. To gain access to their email, a user must enter this code.

When a hacker tries logging into the user’s email account, they are stopped in their tracks because they don’t have the secret code.

The problem with two-step verification is that it requires a user to turn it on. Most users are either unaware of this or too lazy to spend 5 minutes to flip the two-step switch on for their email account. As a result, their email accounts are wide open to hackers.

Clicking on hyperlinks in emails

Ninety-one percent of cyber attacks and the resulting data breaches begin with a spear phishing email.

A spear phishing attack — essentially a fake email — might pretend to be a customer support representative asking a user to click a link to change their password for security.

Or an imposter might look like a CEO who is asking one of her employees to click and send a wire transfer in order to pay a customer.

An authentic-looking email can appear to be coming from the IRS, asking a user to click a link in order to receive their refund.

The remedy? Don’t click on any suspicious hyperlinks contained in emails. The consequences of clicking on a fraudulent link can be tragic.

Poor password practices

Weak passwords make it easy for hackers to guess correctly or use simple password-cracking tools to access email and other user accounts. People know this, but regardless the most popular password in use today is 123456.

To compound the weak passwords, people reuse them. People are too lazy to create unique passwords for each of their accounts. Instead, they use the same easy-to-crack password for all of their apps.

Cyber fatigue is growing at an alarming rate, and hackers are capitalizing on this phenomenon. Once a cyber thief figures out that a user’s password for all their accounts is “admin” (one of the most popular passwords for Equifax users who were hacked), it’s game over.

If that’s not bad enough, users have a tendency to share their passwords. They might tell their spouse, children, siblings, friends or co-workers what their cool password is. Or they might even brag about using 123456 and not getting hacked (yet).

Some people write their password on a piece of paper and leave it out in the open for anyone to see. Sharing passwords multiplies the problems of weak and reused passwords.

No data backups

Ransomware — a malware that infects computers and restricts their access to files, often threatening permanent data destruction unless a ransom is paid — has reached epidemic proportions.

The damage costs in connection to ransomware are predicted to reach $5 billion globally in 2017, up from just $325 million in 2015.

A ransomware attack can result in the permanent loss of important personal and business data.

The best way to thwart a ransomware attack is to back up files. The FBI, the media, vendors and governments globally have been warning people about the dangers of not backing up files.

Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data,” states the FBI in a 2016 Public Service Announcement.

Despite the ransomware and other cyber threats, most computer users are still not backing up their data — and the loss can be devastating and costly.

Fixing bad cybersecurity habits can be as easy or as difficult as fixing bad personal habits. The first step is often the most important one. So, take action today, and turn on two-step verification or back up you files. Do something. If you do nothing, the results can be catastrophic.

Visit to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.