Things a cybersecurity expert says they would never do

The rise of cyberattacks has become a growing concern in recent years as the threat of data breaches, ransomware and other malicious online activities has plagued organizations and digital users.

How can you protect your personal information and privacy? CTVNews.ca spoke to a cybersecurity expert on how to better safeguard against the evolving landscape of cyber threats.

Don't: Reuse passwords

Use a unique password for each of your accounts, “especially for sites where you know a cyber criminal getting access to that information would potentially do some damage,” said Sam Andrey, managing director at The Dais, a Toronto Metropolitan University think tank focused on tech policy.

• Top science and technology headlines, all in one place

Sensitive materials include your email address, banking information, and personal files, he added.

Andrey said using a unique password for every account may feel unrealistic in a world where users have so many passwords, but password managers exist for that reason.

A password manager is a tech tool that helps users create, save and manage passwords across different online services, including web applications, online shops and social media. It makes it easier to keep track of passwords, as only one master password is needed, Andrey said.

Don't: Skip two-factor authentication setup

Andrey said two-factor authentication is one of the "best measures" available to protect against breaches to your accounts.

With a two-factor authentication (2FA) setup, a user is granted access to an application after successfully presenting two forms of identification.

This adds an extra layer of security to your account in the event it is compromised or vulnerable to malicious activity.

Don't: Skip software updates

"It's very easy to click on 'Oh I'll do that tomorrow' or 'I'll do that next time,'" Andrey said.

"It's actually more important to do [software updates] these days than it is to buy some expensive antivirus software, [keeping updated] Windows Defender and other kinds of operating systems," Andrey explained.

"Those patches and security updates fix the latest bugs and vulnerabilities that cybercriminals are taking advantage of and those things are always evolving," he said.

Don't: Use non-encrypted platforms

Andrey advised users to look for the lock symbol at the top of their browsers.

Encrypted platforms allow users to protect their information by entering it into a form that can only be read by the user who has permission to do so.

Gmail and most email programs are now encrypted by default, Andrey said.

Andrey said some messaging services, including Apple's iMessage and WhatsApp, are encrypted end to end—not even the software or provider can view the messages.

For online shopping, Andrey said users should ensure they are using a secure website before entering banking or personal information.

Do: Use a VPN when travelling

For people who travel and use public Wi-Fi networks on subways or airports in other jurisdictions around the world, Andrey recommends buying a VPN to secure your connection when you're away from home.

A VPN, or "virtual private network," is a digital tool that encrypts your internet traffic and hides your identity online. There are plenty of options available to download with varying prices and features.

• The information you need to know, sent directly to you: Download the CTV News App

Do: Be wary of scams

Don't provide login information by phone, [or] by text. Anytime anybody's prompting you to do that, it's almost for sure a scam," Andrey said. “Don’t provide sensitive information.”

Andrey said it's increasingly rare for companies to text links and users should verify the site they are entering information into to ensure legitimacy.

Check display names and emails to verify if they are correct or from the person you are expecting.

Do: Check default settings

"A lot of the times you're prompted to opt into things that you don't need. If you don't need Google holding your search history for more than six months, have them auto delete it," Andrey said.

Andrey said the same thing goes for personalized ads or location sharing. "Turn those things off because it just stores more data that is vulnerable to being misused," Andrey explained.

For sites you visit for the first time—and have no intention of coming back—be careful about what information you provide them. Most want location, cookies and to track you across the internet, reject some of those things, Andrey said.