Even as digital threats become more sophisticated, the most common causes of cybersecurity breaches remain surprisingly simple: bad habits.
According to Adam McManus, a cybersecurity expert based in Toronto, “Human error is still the weakest link in the security chain.”
In this article, we highlight the most frequent, and avoidable, cybersecurity mistakes people make every day, based on McManus’s real-world experience working with both individuals and organizations.
Reusing Passwords Across Multiple Platforms
Despite years of warnings, password reuse continues to be a major issue. When one site gets breached, attackers test those same credentials on other services — a method known as credential stuffing.
Tip: Use a password manager to generate and store unique, complex passwords for every account.
Source: freepik.com
Clicking on Phishing Links
Phishing scams are more sophisticated than ever, often disguised as emails from trusted sources like banks or popular delivery services. “A single careless click can compromise an entire network,” warns McManus.
Tip: Always verify the sender’s email, inspect URLs carefully, and never share login information via email.
Delaying Software Updates
Outdated software is a hacker’s playground. Security patches are often issued after vulnerabilities are discovered and disclosed publicly, which means delay equals risk.
Tip: Enable auto-updates on your devices and regularly update apps, browsers, and operating systems.
Using Public Wi-Fi Without a VPN
Logging into accounts over unsecured public Wi-Fi — whether at a café, airport, or hotel — is a dangerous move. Attackers on the same network can intercept traffic and harvest login credentials.
Tip: Use a reputable VPN when accessing sensitive data on public networks.
Giving Apps Excessive Permissions
McManus cautions users against granting apps more access than necessary. “You’d be surprised how many apps collect data they don’t actually need,” he says.
Tip: Review app permissions regularly, and uninstall apps that seem suspicious or overly invasive.
Storing Passwords in Unprotected Formats
From sticky notes to Excel files named “My Passwords,” many users still keep credentials in places that are easily accessed or stolen.
Tip: Store all login information in an encrypted password manager, not in plain text or unsecured files.
Source: freepik.com
Failing to Use Two-Factor Authentication (2FA)
Many people still skip 2FA, assuming a password is enough. It’s not. “2FA is one of the simplest and most powerful tools available to everyday users,” says McManus.
Tip: Enable 2FA for all critical accounts — especially email, cloud storage, and financial platforms. Use an authenticator app for added security.
Expert Takeaway: Security Is a Habit, Not a Product
Adam McManus, cybersecurity expert in Toronto, emphasizes that digital safety is less about advanced tools and more about consistent, smart behavior.
“Security is a mindset. You don’t need to be technically skilled – you just need to be proactive.”
Whether you’re managing a business or simply browsing from home, good habits are your best defense.
