The online world opens up many doors to great things, but it also lets in some less pleasant elements. From malware to spam, to scammers, to phishing and identity thieves, they are all to be avoided online.

However, they are always lurking, and you may not always realize that your behavior online is inviting these types of security threats or just making it really easy for them. There are innocent mistakes we all make online, but the more aware you are of the risk factors, the easier it is to avoid them. Here are 10 security mistakes you are making online.

  • You are putting all your business on social media

The best thing about being on social media is that you can learn anything about anyone.

The worst thing about being on social media is that you can learn anything about anyone.

While having a one-stop-shop for any information you want to know about a person is extremely convenient and makes a lot of things easier, it’s also a major mistake when it comes to security.

While certain categories of information are obviously not to be disseminated or made public (Social Security Numbers, PINs, bank details, etc.), other seemingly innocuous information can actually be a security risk, as well. Something as simple as your mother’s name, your pet’s name, your alma mater, etc. can be a tip-off for answers to security questions or they can be used to steal your identity.

  • You’re logged into your Google account at all times

Look, Google is great, don’t get us wrong, but when you’re logged into your Google account at all times, that’s a lot of information Google has on you. From your location to your search terms, to the time you spend online, other sites you log into, etc. Google receives enough information to create a pretty accurate profile. That in itself is not dangerous, per se, but you have no idea what that information will be used for, long-term. For now, it will almost certainly be used to target you for more accurate advertisements.

  • Your password is not strong enough

You probably already knew this one, but your password is weak. If you’re using a loved one’s name, birthday, a phone number, or anything easily traceable like that, it’s weak. If it’s a real word, it’s still weak. If it’s 1234567, it’s a miracle all your accounts haven’t already been hacked.

Passwords are easier to hack than you realize, and we’re not just talking about people who know you inputting known details about you and trying to guess, either. Hackers will either decode or brute-force their way into your accounts from thousands of miles away, so don’t be surprised when you receive an email letting you know that you’ve apparently logged into your account on a device in Russia.

  • Logging into public, unsecured Wi-Fi

The first thing they should teach you, when getting a portable device that can connect to the internet, is not to connect to public Wi-Fi. Yes, it’s really tempting, especially when you’ve run out of data, you have an emergency, or you’re stuck somewhere waiting, like at the airport, for example. However, unsecured Wi-Fi networks can lead to a host of security issues.

Because public Wi-Fi networks are typically not password-protected, they are not secured, and anyone can connect. That means that potentially, any information you send through this channel can be viewed and accessed by third parties. The last thing you want is to do your internet banking or send other sensitive information via public Wi-Fi.

  • You click on links from unknown sources

Have you ever gotten strange emails from people you’ve never heard of? Or worse, from people you know? Or from companies and institutions? Sometimes, they’re innocuous, but other times they ask for information, money, or re-authentication, and they provide a helpful link.

Should you click it, you will be taken to an unsecured site that is either seeking to steal your details, such as log-in details and password, or looking to share malware. A lot of the time, they will even masquerade as a legitimate website in order to get you to click and input your details. That’s why you need to be extra careful about where you click.

  • You aren’t using a password manager

And speaking of passwords, do you do that dreaded thing of using the exact same password for every account? It may be easier to remember, but it’s a major security risk. Just think about it: all a hacker needs to do to access all of your accounts and unravel your life is to guess ONE password. If they have that, they can let themselves into whatever they want and wreak havoc.

Using a password manager means that you don’t have to remember multiple impossible passwords – just one good one to let you in, and then you have access to all your other ones.

  • Not using two-factor authentication

But at the end of the day, even a humble password can’t do everything; for maximum security, you may require two-factor authentication. And if you’re not using it, that means that someone can theoretically hack into your account while you’re sleeping, and you won’t see all the emails about it until the next morning, leaving the hackers plenty of time to do damage.

Two-factor authentication means that in order to authenticate yourself and log into your account, you require a password and a phone number, for example. That way, only the person who is in possession of the number can log in. Of course, even that is not foolproof, as phones can be stolen, but it’s more secure than not having.

  • Not checking your privacy settings

Most people don’t realize, but your devices don’t actually come with default settings that protect your privacy to the best of their ability. In fact, depending on the device, you may discover that the default setting is to track your location or send information about you. The same is true for social media platforms and other sites or groups you participate in.

Whenever you get a new device or sign up for a new account, service, platform, or group, check your privacy settings and make sure that your information is locked down. Not doing so can lead to inadvertent leaking of information you do not want to put out there.

  • Ignoring your anti-virus warnings

This one may be obvious, but don’t ignore the annoying warnings your anti-virus gives you. Raise your hand if this is you: you’re browsing happily, minding your own business, and your anti-virus starts making obnoxious sounds, alerting you of a perceived threat. However, you’re used to your overly sensitive anti-virus, so you ignore it and chug right along.

That’s your mistake, right there – as irritating as it is, you should be paying attention to the warnings you are receiving. At times, they will be very real threats that you may be missing because of complacency.

  • Surfing dubious websites

A good rule of thumb is that any website you visit should have the padlock locked in the left-hand side of the address bar – that indicates that the website is secure. Any website that does not display the little locked padlock is not a website that should be trusted. Untrustworthy sites can be hosts of spam, malware, or phishing scams, so if you can avoid it, it’s best not to navigate to risky sites. Usually, your browser or anti-virus will let you know that the connection is not safe and that you should click away.


As great as the internet is, it also comes with some drawbacks, especially in the form of security risks. There are a million and one ways in which spammers and scammers can infect your computer, steal your information, or otherwise harm you, and you may be failing to protect yourself, without even realizing it. Seemingly innocuous behavior, like posting on social media or using a Google account may lead to some unfortunate situations where your security is compromised, so it’s better to be aware and protect yourself as much as possible.

This article was written by Sarah Teston of broadbandsearch.net. Sarah enjoys writing and educating others about the internet. She’s interested in all the different things that we do and don’t know about the internet now and in the future.