cybersecurity mistakesOn the morning of Sept. 28, after waking up and refusing to get out of bed, I excitedly checked my phone and saw an unopened email. (Don’t judge: it’s a highlight of my day.) It turned out it was a data breach notice from textbook rental company Chegg, saying that some of my data, including my hashed Chegg password and email address, “may have been acquired by an unauthorized party.” And that’s how my morning began to unfold, three days before National Cybersecurity Awareness Month kicked off.

The good news? Timing-wise for this cybersecurity post, it was perfect: inspiration had finally fallen into my lap, and I was going to beat that massive writer’s block that had obstructed me from writing a more inspired draft of this post for days. The not-so-good news? The inspiration came at the cost of hackers who may now have my private, personal information in their hands. And the inspirations for this cybersecurity post didn’t stop there. Later, after coming into the office and sharing some exciting plans for the weekend, I found out that Facebook had been hacked, putting me at the receiving end of a notification that my Facebook account may be at risk as well. Talk about an eventful, rollercoaster morning full of ups and downs.

Before I became a writer at NextAdvisor and surfed the net for all things cybersecurity for work purposes, conceptually, I knew that cybersecurity was important – somewhere in the back of my mind, anyway. I was also confident that my cybersecurity practices were pretty stellar, but the truth is that everyone has cybersecurity vulnerabilities. As I have learned more about cybersecurity and as the number of data breaches have continued to rise, I’ve realized that my past practices were truly not stellar. Finding out that I was a victim of two breaches in one day reminds me of that. In honor of National Cybersecurity Awareness Month and my wants to better shield you from cybercrimes, I now present some cybersecurity mistakes I’ve made that you can learn from.

4 cybersecurity mistakes I’ve made

Not reducing my attack surface

When I logged onto my Twitter account on Sept. 28, I ran into a headline, courtesy of Bloomberg, that pretty much summed up my inner anthem at the time: “Data Breach Risks Reminding Chegg Clients of Old Accounts.” That’s because I, too, had forgotten about my Chegg account until the data breach notice greeted me in my inbox. I hadn’t used Chegg in about two years, but when I was active on the site, I used its service only once – to sell a textbook for $12.72. My Chegg emails have since been pushed down to the bottom of my inbox, becoming relics of my school years as I continue my trek into the workforce.

After learning about what happened, I realized I made one major cybersecurity mistake: I didn’t reduce my attack surface, meaning I kept all of my old, inactive online accounts open. By allowing my inactive account to live on, the data I shared with Chegg continued to be stored in its servers, acting as another potential way for hackers to steal my personal data. Instead, I should have closed my old account, along with other online accounts from my past.

Moral of the story? Get rid of your old, inactive accounts. Or, at the very least, update your passwords and make time for a cybersecurity tune-up.

Using public Wi-Fi with no apprehensions

Before I relay this two-section airport saga to you, can I just begin by saying how stressful it is to be a traveler in an airport? Between reorganizing suitcases, digging through my jumbled purse for my passport, running from terminal to terminal and getting yelled at in security lines, I get extremely lazy when I finally get some downtime – that period of relaxation between getting out of the security checkpoint and cramming myself into a jumbo jet. That’s when I usually found myself at a gate or a coffee shop, gleefully making the most out of what I considered to be one of the best luxuries of airports: free public Wi-Fi.

The two signs I usually looked for when selecting a Wi-Fi network included picking a network that had a legitimate-sounding name associated with wherever I am (e.g., SFO Wi-Fi) and any network that had ”free” in the name. As you may have guessed, it’s a good idea to not do what I did. Not verifying the network name with proprietors of establishments could have ended badly: this habit could have potentially led me to connect to an evil twin, a fake hotspot that appears to be legitimate, allowing a hacker to monitor my activities. That’s definitely not a situation you would want if you were to access your bank account or other sensitive information while you’re using this type of Wi-Fi. As such, do yourself a favor and ask authorized proprietors to verify network information before you connect. Better yet, use your data or your phone as a mobile hotspot. These options might cost more, but they can amp up your security and allow you to better protect yourself and your information.

You can also consider using a VPN, something that encrypts your web traffic, to connect to a network. Similar to public Wi-Fi, there are a number of free VPNs, but not all of them are as trustworthy as they seem. Need help finding the right VPN for you? Our guide to picking the best VPN can help.

Not-so-great password practices

Have you been trying to figure out ways to memorize your many online passwords? Did you then resort to selecting passwords made up of consecutive numbers that are easy to guess? Did you then realize that maybe this wasn’t a good idea, leading you to resort to just using one password to make things easier and more convenient for you?

For reasons related to my privacy and security (and possibly pride), I won’t be confirming or denying if I personally went down this rabbit hole and carried out these password practices. But based on my learnings from my research as a writer at NextAdvisor, I’ll spread these words from the wise: do create strong passwords and do use different passwords for each online account. Remembering all of these unique, long passwords is hard, but that’s where a password manager could become one of your best friends, since these programs and services enable you to store your passwords in an encrypted account. Think of a password manager as a digital safe — it only needs one password to open it (that’s the one you need to remember).

Sharing too much on social media

I am excited when I’m on social media. When I first got a Facebook account in high school, I vaguely remember posting too many messages across people’s walls in one week. Besides the fact that these posts may have conveyed that I was a bit too eager about being on Facebook, they could have also communicated some sensitive information that I wouldn’t want going out to certain folks. For example, a seemingly harmless message, like “see you in journalism class,” could tell stalkers that I’m in a journalism class, arming potential criminals with more info that they could draw on and use against me (e.g., she’s enrolled in a journalism class, and it looks like she may go to so-and-so school, based on other information). Additionally, I loved to let people know when I was on vacation. After all, who doesn’t enjoy sharing their favorite photos and new vacation spots? While these actions may seem harmless, oversharing can reveal your personal identifying information and even be used against you by scammers. For example, criminals may have carried out a kidnapping scam by researching information on social media to fool my loved ones.

Don’t follow in my footsteps. Instead, understand when you’re sharing too much on social media. Pay close attention to your privacy settings and avoid posting personal identifying information, location updates and information that you wouldn’t want to get into the wrong hands.

Learn from my cybersecurity mistakes

Though I tried to make this post as entertaining as possible, cybersecurity, at its root, truly is a serious matter. In fact, it can be likened to public health. Not only can cybercrimes hurt you if you aren’t careful, but they can hurt others as well. If your device or website is hacked, for example, cyberattackers could draw on this vulnerability to carry out malicious attacks on your family members or friends.

Now that you’ve learned from some of my cybersecurity mistakes, stay tuned for more cybersecurity posts coming your way this month via our Cybersecurity Matters series. You can also keep up with our technology blog for more information on how to stay safe online.