How to stay safe online: 6 common cybersecurity mistakes

From sending emails to scrolling through social media, our lives are very much online. Every click, login, and piece of information we share builds our digital footprint, one that requires constant protection from online threats like scams and malware. Implementing best practices to stay safe online can feel overwhelming, but don’t worry — we’re here to help!

We asked two of our experts to walk us through the all-too-common cybersecurity mistakes people make online, and what to do instead. Read on to learn more about which habits you should drop for good, and how to start this year with a safer, more secure online life.

Mistake #1: Using the same password everywhere

Reusing passwords is one of the most common cybersecurity habits we all should drop, says Sriram Karra, senior product manager of sign-in security. This seemingly innocuous habit can create a dangerous domino effect. For example, say you use your Gmail password on another platform and that platform suffers a breach — then, your Google Account also becomes vulnerable. “No matter how strong our online security is, a breach of a third-party website can compromise your Google Account if you’re reusing passwords,” Sriram says.

What to do instead: Never reuse passwords; instead, use Google Password Manager to make it easier to generate and keep track of unique sign-in credentials. In addition, “pay special attention to picking a strong and unique password for your Google account, because if that Google account gets compromised you can also lose access to other accounts,” Sriram says. “Many websites send password reset links to your registered email. This means if someone gains access to your Gmail, they could easily take over your other accounts by resetting their passwords.”

You can also add passkeys to your Google account, which will allow you a safe and simple way to sign into your account using your device’s biometrics or PIN. And as other services add passkey support, start using them for a convenient and password-free sign-in experience.

Mistake #2: Neglecting software updates

It might be tempting to ignore those annoying software update reminders, but our experts caution against it. “Allowing regular software updates is actually the second-most crucial security practice after using a password manager,” says Christiaan Brand, group product manager of identity. These updates often contain vital security patches that fix vulnerabilities attackers exploit. Delaying them leaves your devices, data, and privacy at risk.

Plus, if you procrastinate on updating, many software updates have a way of forcing themselves eventually, often at inconvenient times. This can disrupt your workflow or downtime, and sometimes even lead to application crashes or temporary loss of functionality.

What to do instead: Prioritizing timely software updates is essential for maintaining a healthy and secure digital life. Regularly update your devices’ software, ensuring you benefit from the latest security patches and protections. Platforms like Android and ChromeOS provide most system and security updates automatically to ensure your devices stay up-to-date against emerging threats, providing a proactive defense mechanism without you having to do anything.

Mistake #3: Overlooking 2-Step Verification

Another crucial online security mistake is neglecting to turn on 2-Step Verification, a security feature that adds a step during sign-in to help prevent someone from accessing your account unless you allow it. “Adding a second step of verification can cut down many kinds of attacks, including 100% of automated bot attacks,” Sriram says. Yet, users often ignore setting up this simple and effective feature.

What to do instead: Turn on 2-Step Verification by following these instructions for your Google Account. Once it is on, 2-Step Verification sends prompts to your phone to allow log-in attempts. It adds an extra layer of protection, making unauthorized access to your account a significantly more challenging feat. It’s like having a second lock on your digital door — a small inconvenience for a significant boost in security.

If you are at a higher risk due to your profession, online presence, or personal circumstances, you can opt into our Advanced Protection Program.

Mistake #4: Not setting a screen lock PIN on your mobile device

“It might seem like a hassle, but configuring a screen lock on your device, even if it seems unnecessary, is crucial for protecting your data,” Christiaan says. This simple step safeguards your information from unauthorized access and accidental triggers, bringing peace of mind and reinforcing good security habits.

Not all screen lock PINs are created equal, however; Sriram says to avoid using weak PINs with easily identifiable patterns like 1234. “These methods may seem convenient, but they pose a significant security risk if your phone falls into the wrong hands,” he says.

What to do instead: Choose a strong screen lock option, like a complex password or biometric authentication, which uses fingerprint or facial recognition — Google Pixel phones, for example, offer convenient and secure biometric options. If you lose or misplace your phone, Google’s Find My Device tool helps you locate and secure it. And even in trusted locations like your home or office, you can choose when and how long your phone stays unlocked.

Mistake #5: Clicking on suspicious links

Cybercriminals often disguise malicious links as legitimate ones, making it difficult to discern truth from deception. “It’s hard to advise never clicking on things or only clicking on links from trusted senders,” Christiaan acknowledges, because in today’s digital landscape, malicious links can come in the form of legitimate-looking emails and seemingly harmless posts on social media. But if you’re not careful, all of these can be a gateway to malware and data theft.

What to do instead: Stay vigilant; be wary of any links you click on, even ones that look legitimate. For an extra layer of protection, make sure to enable Google Enhanced Safe Browsing, which identifies and warns against a list of known phishing and malware sites that is updated in real-time. By leveraging this tool, you actively shield yourself from threats that could compromise your security. It’s like having a personal online security guard keeping an eye out for you while you browse.

Mistake #6 Not having a password recovery plan

Forgetting your password or misplacing your phone — a crucial part of a two-factor authentication system — can happen to anyone. “These are normal occurrences, and we have robust automated Account Recovery to deal with them,” Sriram assures us. But if you haven’t set up a recovery plan before they happen, you can be caught stranded without access to your account for a long time.

What to do instead: Create a recovery plan before you need it, so when the time comes you won’t be locked out of your account. You can add a recovery email address or phone number so Google can contact you if you get locked out of an account. Be sure to set up your account with sufficient verification information to make sure it is up to date for a smoother recovery process. Like a spare key, Google’s account recovery options give you the tools to regain access, even if you lose your password or device.

By following our experts’ advice and using Google’s powerful tools, you can build a strong digital defense and navigate the ever-changing digital landscape with confidence.