Common Cyber Security Mistakes and Expert Advice on How to Avoid Them

Cyber Security Mistakes and Avoiding Them: Expert Advice

Despite continuous advancement in cyber security technology, data breaches continue to be ongoing issue, both on the organizational and personal level. A 2014 Pew Research Center survey found that 18 percent of adults who go online have had some element of personal information -- Social Security number, credit card data, etc. -- stolen, a 7 percent increase from 2013. A full 21 percent have been hacked on their social or email accounts.

One of the factors contributing to the rising data breach trend is the nature of how security is handled. Generally speaking, there's a human element and that's the weak point. People can freely opt to volunteer personal data to untrusted parties. They can opt not to install quality anti-virus/anti-malware software. They can sacrifice security in favor of convenience and reuse passwords, or write them down in plain sight. Users are fallible creatures, a factor that aspiring system security pros have to take into account. With that in mind, we talked to 9 IT security experts to get their perspective on the biggest mistakes to be on the lookout for.

What common mistakes people are making in managing their personal data security?

"In our consultancy we've found the most common mistakes are password re-use, lack of use of 2-factor authentication and being too open with social media. Of course is impossible to remember hundreds of passwords but services such as LastPass offers a solution for it. Some popular services such as Twitter or Gmail offer 2-factor authentication for free, most of the people fail don't even know it exists. Finally, the surge in social media is making easier for hackers to gather personal information without even having to work too hard!"

Roberto Arias Alegria on Cybersecurity Q&ARoberto Arias Alegria
IT Security Specialist

"Users typically don't understand the risk associated with certain concerns, such as password reuse and password complexity. Reusing passwords and creating easily guessable passwords tends to be the most common method of compromise. Furthermore, humans are inherently flawed, in the sense that we look for the easiest / cheapest approach to solving our problems. We often see users tricked into downloading rogue anti-virus / anti-malware software in an effort to protect themselves, but without understanding the need to validate the software's integrity."

Josh Poulin on Cybersecurity Q&AJohn Poulin
Application Security Consultant, nVisium

"One of the most common mistakes people are making in managing their personal data security is volunteering their personal information all over the Internet when they do not have to. This behavior creates a huge personal data footprint that is then stored by these organizations forever. Their storage is not always secure. Take eBay, Target, P.F. Chang's, LinkedIn, etc. as glaring examples. Compartmentalizing one's behavior and changing the way they share information limits their exposure to online threats. Information that is never exposed cannot be hacked."

Kai Pfiester on Cybersecurity Q&AKai Pfiester
Cyber Security Specialist, Black Cipher Security, LLC

"Many people seek convenience and neglect security, or take the attitude that, it won't happen to them. So, they don't use passwords or use very weak and easy to guess passwords; they use the same weak password on multiple accounts; and they share their passwords. Many people place way too much information out on social media making it easy to guess passwords, and basically allowing hackers/stalkers to profile them. Some other mistakes include not logging out of accounts, like banks, social media, etc.

People, out of convenience, and ignorance, just close the window or browser and do not actually log out. They are then surprised, and pleased the next time they seek to log into that account that it pops right up with no logon required. There are many more, but, as stated above, the bottom line is we all seek convenience over security and just don't want to believe someone would target us."

David Willson on Cybersecurity Q&ADavid Willson, Esq.
Risk Management and Cyber Security Consultant

"Posting too much information on social media sites that can be used to answer Secret Questions to reset passwords Using open WiFi as a home access point - anyone can access and use your WiFi. People have the mistaken assumption that their WiFi ends at the walls of their home. Banking from Free WiFi - it is simply to easy to find yourself in a Man-In-The-Middle attack at your local Starbucks or other Free WiFi spot. A good rule-of-thumb is only do your internet banking from home - never over open WiFi."

Paul Henry on Cybersecurity Q&APaul Henry
Senior Instructor, SANS Institute

"Using public computers at a Cafe or Library seems to be one of the biggest mistakes being made more frequently. It's understood that in emergency situations this may be the last resort, so, remembering to delete cache, passwords and history and finally closing the browser is always important to do. Then you've got the users that use the same email account/password. Having different accounts for different activities online (work, personal, play) is also something that most people aren't doing. Knowing what to expect will always be of great use when the too good to be true email comes in with the risky looking attachment."

Luis Chapetti on Cybersecurity Q&ALuis Chapetti
Software Engineer and Data Scientist, Barracuda

"I think the biggest mistakes are password related - utilizing the same password for every website and ever changing them. Another aspect is password protecting devices - simply utilizing a password on your tablet or smart phone can go a long way to protecting personal information."

Dean Wiech on Cybersecurity Q&ADean Wiech
Managing Director, Tools4ever

"Common data security mistakes include poor password choices, doing security-relevant operations on unsecured public Wi-Fi networks, not using encryption and sharing confidential, personal or financial information through unsecured email."

Dr. Engin Kirda, Co-founder and Chief Architect, LastlineDr. Engin Kirda,
Co-founder and Chief Architect, Lastline
Professor of Computer Science, Northeastern University

"Many people use the same password for every single service, sometimes online and offline. If any of these services ever get compromised, it would be trivial for a hacker to try your e-mail/username/password on any number of services. If someone has access to your e-mail account it can sometimes be possible to gain access to a bank account! If you have trouble remembering multiple secure passwords, use an app like Dashlane, where one master password can provide access to all of your sub-passwords. The app even generates secure passwords for you!

Another common mistake is to leave your computer unattended, even in a "safe" place, with no password set on it. Anybody can stride up to your computer and gain access to your data or online accounts in seconds. Before you even realize this has been done, your online personas could be completely compromised. You can easily set a password for whenever your computer's screen saver is on, which I always am sure of when I leave the office for a moment. On a mac, you can use the "Hot Corners" feature to trigger the screensaver turning on and the need for your password to be entered to use the computer again.

The final tip I have is that if you are trying to remember your password for a website on your own, it's actually more secure to use a chain of words that makes up a long password than to use a shorter combination of a word and a few numbers. For instance, dinosaureatingmuchcereal is actually better than dino123. Why? Because shorter passwords are more likely to be in so-called "Rainbow Tables", allowing hackers to more easily find your short password among a list of semi-common ones and brute force their way into your online accounts."

Zach Feldman on Cybersecurity Q&AZach Feldman
Chief Academic Officer, New York Code + Design Academy


"More online Americans say  they've experienced a personal data breach," Pew Research Center, April 14, 2014,