Bad internet habits you should break today

Occasionally, I get to collaborate on academic investigations that shape my viewpoint on the overall threat landscape. In the cybersecurity industry, threat reports and industry research are part of what drive our security strategy. That being said, research that only lives on paper has limited value for our customers, so when I had the opportunity to work with Professor Marc Dupuis, I wanted to learn about the most common vulnerabilities people’s habits create—so that we can make sure our personal cybersecurity product prevents as many threats as possible.

A whopping 65% of adults worldwide have been victims of cybercrime. We all know of the danger. Either we or someone we know has had an account hacked, has accidentally downloaded malware, or has even had our digital identify stolen. I wanted to understand the primary areas people are leaving themselves exposed.

In collaboration with Professor Marc Dupuis at the University of Washington, we conducted a survey of 1,002 individuals to understand their use and non-use of cybersecurity tools.

This study found, that the three riskiest things you do online that you shouldn’t are the following:

  • Use Google/Facebook to automatically log into accounts
  • Check email or bank accounts while on public wifi (without a VPN)
  • Use the same device for accessing business and personal accounts

 Let’s unpack each one.

  1. Still committing password faux-pas

People seem to be getting the hint to use strong passwords or passphrases – make them long, use different character types, and never reuse them. What’s interesting is that almost half of our study respondents use Facebook or Google to automatically log in to other accounts. Password behavioral findings:

  • 11% share passwords
  • 16% use personally identifiable information (PII) as part of their passwords
  • 48% use Facebook or Google to auto-login to other accounts

Why this is risky:

Reusing and sharing passwords makes it easy for hackers to break or steal one password and access multiple accounts. Your personal information like date of birth, address, pet or child names are all easily discoverable online. If you use any as part of your password then you’re securing yourself with guessable (or public) information. Although it’s convenient to use Facebook and Google to sign into sites, if your account were ever compromised, the attacker could get into all your linked accounts.

  1. Using insecure wifi

Public and shared-credential wifi (think hotels or coffee shops where the same credentials grant many people access to a single wifi network) are tempting when your connection speed is suffering. Resist the urge unless you use a virtual private network (VPN)! Worse, though, is using that insecure connection to do especially vulnerable activity online. Here’s what survey takers do:

  • 33% access their online banking while on public wifi
  • 66% check their email while on public wifi

Why this is risky:

Public wifi is inherently insecure and makes your web traffic vulnerable to interception.  Meaning, if you are browsing to your bank account or email, someone could potentially intercept your activities online, gain access to those account, or infect the device you are using.

  1. Use personal devices for work, or vice versa

If you read cybersecurity news, it’s not uncommon for employees to have personal files stolen when their company suffers a data breach. It’s happened in Baltimore and Florida and becomes especially painful when your employer’s security oversight exposes your own personal data.  Equally bad: if your personal device pokes a hole in your workplace security. Despite this, our respondents admitted that:

  • 61% use their personal computer for work activities (emails, accessing files, etc.)
  • 54% use their personal phone to check work email or files
  • 30% have just 1 phone for both business and personal use

Why this is risky:

This cross-functional use of the same device for work and personal increases the likelihood of infection or compromise. People tend to be less careful when they are doing casual things online. If your device is infected while web-browsing, and next you access work email or documents from that same device, both your personal and work worlds are at risk. It’s still risky even if you only do it occasionally.


Now is a great time to do a security self-exam. At a minimum, ask yourself the following questions: do you have a password manager with a robust master password? Do you use multi-factor authentication? Do you use a VPN? And do you have software that serves as malware prevention?

If you need more motivation, this year the average cybercrime victim lost $5,228, or the equivalent of three working days. An ounce of prevention will pay huge dividends later.

If you’re wondering what you can do to boost your online security hygiene, we’ve got experts you can call for consultation. It’s part of why we’re more than a VPN, more than anti-virus.

We’re your digital bodyguard.