5 Common Security Mistakes That Can Put Your Privacy & Money At Risk

Joel Lee 05-10-2012

How vulnerable are you? Ask any person who’s been robbed if it came as a surprise – I guarantee you it did. As the saying goes, the thief always comes in the night when you’re sleeping, when you’re least prepared. But even when you’re awake, you might be passively committing security mistakes, thus inviting hackers and crackers to fiddle with your things.


Privacy and money are arguably the two most important things when it comes to the whole concept of security. We all want to protect our identities, our privacies, and definitely our financials. No one looks forward to the day when they check their bank statements and sees nothing but zeroes – or even worse, negatives.

Here are some of the most common security mistakes that are committed by computer users all over the world. Neglecting any of these will open you up to a world of vulnerability and put you only one or two steps away from identity theft, malware infections, or worse.

Mistake #1: Not Updating Anti-Malware

This is one of the most prevalent security tips out there: install anti-malware software and keep it updated! Yet as widespread as it is, people still ignore it. If you’re reading this and you don’t have an anti-virus or anti-malware program setup, go and do it now! There are plenty of top-quality FREE anti-malware programs The 10 Best Free Antivirus Software No matter what computer you're using, you need antivirus protection. Here are the best free antivirus tools you can use. Read More out there. I personally use Advanced SystemCare and MalwareBytes.

But just having one isn’t enough. You have to keep it updated – not just the program itself, but also the database of potential threats. Most programs have the option for automatically updating on a schedule or whenever you open the program. Keep them up-to-date or else they won’t keep you protected against the latest and greatest threats.

Mistake #2: Not Using A Firewall

security mistakes


Few are the people who use anti-malware software. Fewer are the people who use both anti-malware and a firewall. “Do I need to use both?” you might ask, and the answer is a resounding, “YES!” Anti-malware and firewalls are not the same things. They fulfill two different purposes, thus you will need both to keep yourself as secure as possible.

Think of a firewall as like a fence whereas anti-malware software is more like a shotgun. The fence is a general-purpose protective barrier that keeps out most unwanted intruders. However, your fence will occasionally have holes that allow entry by certain thieves. The fence does a lot of the work, but the shotgun comes in handy when the fence is breached.

In the same way, a firewall will keep out most malicious intentions. However, when a particular virus or Trojan makes it through and onto your computer, that’s when the anti-malware program comes in to clean up the mess.

Mistake #3: Unsafe Email Habits

After so many years, after the introduction of blogs, instant messaging, social networking, and everything else, email is still one of the most popular ways to communicate over the Internet. It’s also one of the most frequent ways in which users fall into the hands of scammers. Losing your identity because of a sneaky email can be devastating.


Beware of phishing scams. Learn how to identify them and learn to avoid them like an angry swarm of wasps. If you receive an unsolicited email that seems sketchy, do not open it. Do not respond to it. Send it straight to the trash bin. But how will you identify a phishing scam? Look for fake phone numbers and addresses. Multiple spelling or grammar issues are often a dead giveaway, too. And if you don’t recognize the sender, always assume it’s spam.

There are lots of other email procedures you should observe to maximize your security. Here are 7 important email security tips you should know 7 Important Email Security Tips You Should Know About Internet security is a topic that we all know to be important, but it often sits way back in the recesses of our minds, fooling ourselves into believing that "it won’t happen to me". Whether... Read More . Otherwise, just stay alert and keep an eye out for fishy emails (no pun intended).

Mistake #4: Universal & Stagnant Passwords

security mistakes users make

Password security can be tricky. Not because it’s difficult to find a strong password – which can be generated for free using any number of online password generators – but because password security is inconvenient. When I type in my password to log onto Facebook, I’m not thinking about how secure my password is. I’m thinking about what I’m going to say to my friend.


And in the interest of convenience, we tend to use the same password over and over again. My Gmail password becomes my Facebook password, which also becomes my forum password, and so on. But the problem here is that if anyone discovers your singular password, they can use it to unlock the rest of your accounts. Bad idea.

The solution, then, is to use different passwords for different accounts. But don’t stop there! Once a year, you should also change your passwords to something new.

Mistake #5: Giving Away Personal Information

security mistakes

Have you ever seen a sitcom or a comedy movie where someone accidentally lets slip an important piece of information? On the big screen, it might be funny, but it’s a pain in the butt when it happens in real life–and it doesn’t always happen in idle conversation.


In the world of video games, a vast majority of the perpetrators for hacked accounts are close friends or relatives of the account holder. You give your password to them so they can play on your account, then they stab you in the back and steal it. This could happen with Gmail, Facebook, or any other account that you share.

Or you might accidentally show your credit card number or social security number to someone. You might think it’s okay since that person is your friend, but you can never be too sure.

The best policy is this – if you don’t want the whole world to know about it, it’s best to keep it to yourself. That applies to passwords, PIN numbers, SSN numbers, CC numbers, home addresses, and anything else that could count as personal information. Keep your guard up.

Each and every one of the security mistakes listed in this article has the potential to really screw up your life. Sure, maybe you’ve shared your account with someone before or you’ve been using the same password for ten years and nothing bad has happened to you. Great! I’m glad that you’ve been so fortunate. But there are times when I’ve left my front door unlocked and I haven’t been robbed–that doesn’t mean it was a smart move.

Avoid making these mistakes and your personal security will be much stronger. You owe it to yourself. Stay safe and stay alert.

Image Credits: Panic Button Via Shutterstock, Firewall Via Shutterstock, Password Via Shutterstock, Credit Card Via Shutterstock

Related topics: Anti-Malware, Firewall, Online Privacy, Password, Phishing.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Anonymous
    November 6, 2012 at 12:45 pm

    that will really help me improve my security tactics

  2. Anonymous
    October 19, 2012 at 11:23 pm

    Thank you guys for a very good article! It was helpful, even for a computer veteran like myself! "When you snooze, you lose", as they say! The most important aspect of security is staying vigilant, all of the time!

  3. Mike
    October 12, 2012 at 12:09 am

    Whats funny is rite after i read this i checked malware bytes to see if it was up to date and it wasnt thnx for the info my friend haha i am now updated

  4. AP
    October 11, 2012 at 8:58 am

    One must empty cache and instead of clicking on 'X' close button should sign out, I have found these two very common mistakes made by most of the people.

  5. Anonymous
    October 9, 2012 at 11:42 pm

    This is very informative and an eye opener. i thought i use to do enough using simple but different passwords for different accounts but now i know am not doing enoungh.

  6. Denny Lawton
    October 9, 2012 at 4:23 am

    Many grammatical and back to front errors in 'Tip of the Day'. What's going on? Perhaps someone needs to speak to the writer!

    • Joel Lee
      October 9, 2012 at 3:34 pm

      Did you post this in the right article? I'm not sure what you're talking about.

  7. Igor Rizvi?
    October 8, 2012 at 6:46 pm

    Good thing i put this in pratice,and its still working,5 years now

  8. Nohl Lyons
    October 8, 2012 at 6:41 pm

    I know I'm guilty of at least 2 of these. sigh.

  9. mister.teche
    October 8, 2012 at 6:17 pm

    A very informative article Joel. Another mistake I see people making all the time is logging on their email, Facebook, etc g-d forbid your bank account on public computers, e.g. library or internet cafe. Don't do it! There's no telling if there are key loggers on them. No matter how long strong your password it, it will be compromised by the key logger. If you must use a public computer to check check email/Facebook and the like, be sure to change the log on password (on a trusted computer of course).

    • Joel Lee
      October 8, 2012 at 6:20 pm

      Oh man! I can't believe I forgot to mention public computers. Using any sort of login form on a public computer is risky. The best practice to just avoid it altogether.

      Thanks for reminding me of that!

    • Jay Maynard
      October 9, 2012 at 11:26 am

      It doesn't even require a keylogger. When you log on to these sites using https encryption, those sites drop a session cookie into your browser so the site can identify you. These cookies are sent in the clear with no encryption. These cookies can be grabbed by anyone else on the network. One of the first applications to do this was Firesheep, an extension for Firefox. Simple as start Firesheep, start capture, click on a captured cookie, and now I'm logged into your account, as you. With full account privileges. Other applications now do this. This is known as "side jacking". If this were your e-mail, an attacker could probably see all the other accounts you used this e-mail to sign up for. Log onto those sites, select "Forgot password", etc. ALL your accounts could be compromised in no time. In other words, NEVER log on to any account that is password protected, from a public network.

  10. Toad
    October 8, 2012 at 5:05 pm

    Don't agree with "stagnant" passwords rational.

    If a brute-force is ongoing, my changed password has the same probability of immediate exposure as my unchanged password would have had.

    AND, the act of changing the password exposes that communication to examination.

    Therefore, an existing STRONG password should be left alone.

    • Joel Lee
      October 8, 2012 at 5:21 pm

      You're assuming that rotating passwords is meant to defend against a brute force attempt. It's not. Read my response to Mike Merritt's comment to see why rotating every once in a while is a good thing.

      And if it's a STRONG password that you want, then rotate from one strong password to another strong password. It's not that hard.

    • dragonmouth
      November 13, 2012 at 8:31 pm

      The longer you leave a password (weak or strong) unchanged, the longer it is exposed to cracking attempts. Granted, it may take longer to crack a strong password but it WILL be cracked. It is not a question of IF, but of WHEN.

  11. Jay Maynard
    October 8, 2012 at 11:41 am

    "Or you might accidentally show your credit card number or social security number...."

    Or you're just an a$$hat who shouldn't have access to technology, because you're a danger to yourself.

  12. druv vb
    October 8, 2012 at 7:56 am

    Nice article to shed light on mistakes commited online. The first 2 mistakes are computer security related. The last 3 mistakes are user safety related. These "habits" should be avoided by anyone using the Internet. It should be on a notice board at every Internet access client!

  13. Ahmed Khalil
    October 8, 2012 at 4:25 am

    every body know this issues but we still do these mistakes

  14. Scott
    October 7, 2012 at 5:02 pm

    Re: #4 (Passwords):

    With so many people (or *hopefully* many people) using password managers these days -- I use LastPass myself -- there is certainly no excuse for *not* having a long, complex password for all sites one visits.

    BUT.... LP demands that the user remember the password. (From their site: "Please remember that LastPass never knows what your LastPass master password is - you are the only person who knows it. If you lose or forget your master password, we can not recover it for you. So, it is critical that you never forget your LastPass master password.")

    This might suggest that the password manager's master password is the new 'weak link' in this whole scenario, since people might not be willing to come up with a master password that's quite as strong as the 30, 40, 60, 80 character passwords that LP can effortlessly create and manage for users' other online accounts. Yes, using something like LP means that now only *one* password (the master password) really needs to be memorized. Still, someone who routinely uses LP's super-long passwords for their online accounts might nevertheless be tempted to use a more easy-to-remember, quick-to-type "b0b$m1+h" type of password for LP itself.

    Just saying that it's one situation where Joel's concern about people opting for convenience over security might require attention.

  15. Arron Walker
    October 7, 2012 at 12:25 pm

    It bugs me that people are still using passwords like 12345 >_>

    If you have trouble remembering lots of different passwords, have a system to make new ones up. If you do forget it, and can't retrieve it, you'll have a finite amount of options, even if it's still around 30 of them.

    Another good practice is to use punctuation marks in your passwords, e.g. # or @. Even just adding one on the end of a generic word makes your password that much more secure.

    • Joel Lee
      October 7, 2012 at 3:56 pm

      Good advice. Here's a great technique I use that only requires me to memorize one password but generates a unique password for every site and service you use:

  16. Edwin Williams
    October 7, 2012 at 12:15 am

    Super informative! It's amazing how many people don't put up a firewall or have multiple passwords.

  17. Scott
    October 6, 2012 at 10:24 pm

    I'm using the built-in firewall with Windows 7. Is this considered a good firewall ?

    • Joel Lee
      October 7, 2012 at 4:16 am

      The Windows FIrewall in Windows 7 is pretty good. I use it as my main firewall and I haven't run into any problems yet. Just remember to pair it with a good anti-malware program.

  18. kendall sencherey
    October 6, 2012 at 5:36 pm

    that will do me a lot of good with my security.

  19. Mac Witty
    October 6, 2012 at 3:58 pm

    Don't we get a security problem when a lot of places use Twittter and Facebook log in? If you get hold of someones inlog you can the log in to a lot of places?

    • Joel Lee
      October 7, 2012 at 4:15 am

      That's one drawback to using a "master account" or "master password" for a bunch of different services. Once it's compromised, it can spiral out of control pretty fast.

      That's one reason why I don't use Facebook to log into anything (if I can help it).

  20. Mike Merritt
    October 6, 2012 at 3:50 pm

    Can anyone tell me the reason for regularly changing a password. What's called "stagnant passwords" in #4 above ??
    Assuming that your passwords have not been compromised - then, of course, in that case, yes, change all the related ones.
    But .... annual changes like: Last year for gmail I used "mother654%%" and this year, for no reason, I have to change it to "045father##". Why ??? What's the advantage ? Except the big disadvantage that I now have to remember a new password - and stop remembering the old one.
    A "cracker" is going to use a discovered password within a day or so - so am I hoping that he discovers it on Dec 31st, and my annual change occurs on Jan 1st before he can use the old one ???
    === Some EXPERT needs to tell me why !!! ===

    • Joel Lee
      October 7, 2012 at 4:14 am

      Sometimes your password will be compromised and you won't know it. But here's the kicker: even if a hacker (or hacking network) retrieves your password information, they may not use it right away. It's possible that they'll keep it stored away so they can exploit it later.

      For example, some hackers will hack into big name online video games and steal a bunch of email / username / password combinations. Then they'll save these details until the future when another big name video game comes out--then they'll use those saved details to hack a bunch of accounts at once.

      That's just one example, but you can see how it would be useful to rotate your passwords every once in a while. The more frequent the better, but anywhere from 6-12 months should be okay.

  21. Steve
    October 6, 2012 at 1:40 pm

    The biggest risk to my security is poor practices at the sites I do business with. I've had my password leaked at Stratfor, LinkedIn, and several others. How can we as users force the sites to publish the results of their internal security audit?

    • Joel Lee
      October 7, 2012 at 4:11 am

      As a user, you can't really enforce anything. You could contact them and ask them for those results, but they don't have to agree. At best, you can disconnect your account and move your business elsewhere, but that's rarely practical.

      As a general rule, you should never trust an Internet company to keep your passwords safe. They might leak them; they might be hacked one day. Always keep yourself safe by practicing good security habits.

  22. Harish Jonnalagadda
    October 6, 2012 at 9:11 am

    Very true! I've seen countless instances where my family members would just install the anti-malware, and then think that the job is done.

    • Harish Jonnalagadda
      October 6, 2012 at 9:12 am

      Could you recommend a good Firewall solution for Win7? I was using Windows Firewall quite effectively and ZoneAlarm before that, but want to try something new.

      • Richard Borkovec
        October 6, 2012 at 3:48 pm

        You could use the Comodo Firewall and their DNS service as well. From what I've read on them, they're harder to set up, but are very secure.

      • GrrGrrr
        October 6, 2012 at 5:02 pm

        Comodo free firewall. It's the best available in Free.

        Else go for Outpost Firewall, best in paid

      • Joel Lee
        October 7, 2012 at 4:09 am

        I use Windows Firewall so I have nothing else to recommend. However, I've used Comodo products before (Dragon browser and Unite VPN) and Comodo has impressed me with quality. Like Richard and GrrGrr have said, you could try their firewall.

  23. Adrian Rea
    October 6, 2012 at 7:29 am

    I suppose the first mistake that people new to computers or overwhelmed by a new purchase is that some think a computer that is straight from the factory must be secure as no outside influences may have touched it!
    The final mistake is in computer disposal - Whether you sell on, recycle, place in a burning building or drop from 22,000 feet your hard drive can still contain data. Simply deleting it won't help, bashing it with a big hammer will only releive tension and write wipe methods are standard but recently have been thought to be flawed. The best ways are to encrypt the data when using your PC, removove the hard drive before you pass the PC on and take it to a reputable recycler who can wipe it professionally or degauss it to render the plates useless.

    • Joel Lee
      October 7, 2012 at 4:08 am

      You make some very valid points. You should never assume that your computer is safe unless you've gone through measures to make it safe yourself. And yes, before you dispose of stored memory, always clear it or encrypt it first.

  24. Anne
    October 6, 2012 at 1:57 am

    Using your mother's maiden name as a password or security code - with marriages, deaths or other info available online or sharing your genealogy is risky. Make up a mother's maiden name if asked for one.

  25. Eric S
    October 5, 2012 at 11:16 pm

    I usually use a CC on line not my bank card. It's easier to have the CC company go after people. Some banks will tell you there is nothing they can do about it.

    • Anthony Monori
      October 6, 2012 at 12:44 pm


  26. Kavita
    October 5, 2012 at 11:13 pm

    how you get such a load of info...i would have never known that...

    • Dimal Chandrasiri
      October 6, 2012 at 4:55 am

      experience I guess.

      • Joel Lee
        October 7, 2012 at 4:07 am

        Lots of experience and lots of research. I've screwed up my personal security so many times that I won't ever do it again!

    • Harish Jonnalagadda
      October 6, 2012 at 9:10 am

      I know! Joel writes some of the most informative articles.

    • AP
      October 11, 2012 at 9:00 am

      Well's common sense.