The 5 Most Common Cybersecurity Mistakes
Cyber attacks are becoming more prevalent with increasingly damaging outcomes, presenting new cybersecurity risks to users.
But in spite of the ever-evolving threat landscape, many of the best defenses remain the same. This includes the basics like creating strong passwords and avoiding malicious links. Yet often, people take unnecessary risks due to convenience, among other factors.
This graphic shows the top cybersecurity mistakes in 2023, based on data from Proofpoint.
The Most Common Mistakes Made by Users
Below, we rank the most common risky actions that people made online in 2023, based on a survey of 7,500 end users across 15 countries:
| Risky Action / Cybersecurity Mistake | Share of Users Who Reported Taking This Action |
|---|---|
| Using work device for personal activities | 29% |
| Reusing or sharing password | 26% |
| Connecting without using a VPN at a public place | 26% |
| Responding to a message from someone they don’t know | 24% |
| Accessing inappropriate websites | 20% |
Overall, 71% of respondents said they made a cybersecurity mistake, with the vast majority doing so knowingly.
As we can see, the most common error was using a work device for personal activities followed by reusing or sharing a password. These actions were shown to be motivated by convenience, time-saving benefits, or urgency across users.
Ranking in third was connecting to WiFi networks in public spaces without using a virtual private network (VPN). This presents risks because when a user connects to public WiFi, it exposes them to potentially unsecured networks.
While most websites and services use Transport Layer Security (TLS) to encrypt credentials and personal messages, not all connections are secure.
Using a VPN can help prevents malicious actors from stealing personal information by masking a user’s location and other personal data while browsing the internet.
Top Cybersecurity Risks, According to Professionals
While the above data deals with the most common risks taken by users, the same report by Proofpoint also highlights the professional view around what risks are actually the most dangerous.
According to a survey of 1,050 security professionals, clicking on links or downloading attachments from someone that they don’t know was considered the most risky action users could take. By downloading an infected file, it exposes users to computer viruses and malware that mine a computer or device for personal data.
In addition, reusing passwords posed the second-highest security threat, followed by accessing inappropriate websites.
Overall, there is a strong degree of overlap between the top cybersecurity mistakes and the most common risks taken by users. In this way, it highlights how many respondents may be unaware of the scale of risk they expose themselves to, and the importance of using the basic tools to avoid financial losses and unwanted outcomes.
