These five states are the worst for data security

  • Fewer than 1 in 4 Americans consistently monitor bank and credit card statements, block pop-ups, update online passwords and watch for email phishing attempts.
  • Only 50 percent use antivirus or other internet security software on their devices.
  • In 2017, more than $16 billion was stolen by identity theft scams.
Cyber security
Scyther5 | Getty Images

Do you use the same password for multiple accounts? Have you ever lost a phone or laptop? Do you skip installing malware or antivirus software?

If you do, you have poor "cyber hygiene" — the steps you should take to maintain device health and improve online security. It also could make you a target for a cyberattack.

Most Americans do not have safe cyber habits, which includes monitoring bank and credit card statements, updating online account passwords and watching carefully for email phishing attempts.

Fewer than 1 in 4 Americans routinely practice factors that increase online security, according to a report from Webroot, a cybersecurity company, and Ponemon Research.

The company asked 4,290 respondents across the country about their online habits and ranked each state according to a cyber hygiene index. Of the 50 states and Washington, D.C., only six had good cyber hygiene scores. More than half of the states were classified as risky.

"Regardless of the region, the riskiest states index shows that many people in the U.S. are jeopardizing their safety with inadequate cybersecurity practices," said David Dufour, vice president of engineering and cybersecurity at Webroot.

Cybersecurity has become increasingly important, especially after the Equifax data breach exposed 143 million Americans. Such breaches take a financial toll: In 2017 alone, $16.8 billion was stolen by identity theft scams, according to a report by Javelin Strategy and Research.

The worst states

The five states with the worst cyber hygiene rankings were Florida, Wyoming, Montana, New Mexico and Illinois. In those states, 72 percent of respondents to Webroot's survey said they share their passwords, and nearly half never back up their data.

These statistics were surprising to Tyler Moffitt, a senior threat research analyst at Webroot. "I did not think that sharing passwords would be that bad," he said.

The states with the worst data security practices also had the direst consequences: Those states had the highest average number of people who experienced more than 10 malware infections in a single year.

Many people do not realize the importance of good security practices online until they get a virus or their identity is stolen.

"People don't take care or think about it until after they are a victim, and that's the wrong attitude to have," said Moffitt.

"If you aren't practicing good cyber hygiene, you're not practicing good identity hygiene." -Eva Velasquez, president and CEO of the Identity Theft Resource Center

In Webroot's survey, respondents reported that they suffered personally, professionally and financially after becoming a victim of identity theft. These consequences can be largely avoided by taking a few simple steps proactively.

Where to start

To make sure that you don't fall victim to a cyberattack, here are Webroot's suggestions for keeping your data safe online.

  • Use antivirus software. Paid software will work better than free software, but "it's better to run something over nothing," said Moffitt.
  • Don't use the same password for multiple accounts, especially your email, and make sure your passwords are unique and strong. No more using "password" as a password.
  • Don't share passwords. Ever.
  • Watch out for phishing attempts in your email inbox. Don't click links or open attachments from people you don't know. Delete emails that seem fishy.
  • Keep up to date with applications and operating system. Hackers are always coming up with new ways to scam people and steal identities.

Data keep growing

"If you aren't practicing good cyber hygiene, you're not practicing good identity hygiene," said Eva Velasquez, president and CEO of the Identity Theft Resource Center.

Most people think to protect only their passport, driver's license and Social Security numbers, but "if you think about your identity as a puzzle, the edges keep growing," Velasquez said, pointing out that online behavior and biometrics are now included. "We're creating that data, but we are not the owners of it."

Webroot's Moffitt said it's just as important to protect your mobile device as your laptop or desktop. He said that ultimately, hackers create ransomware for the largest pools, so he expects to see a shift toward mobile devices as they grow in popularity and use.

"In the next couple of years we're going to see a full-fledged ransomware on phones," he said. "It's something to definitely watch out for on the horizon."

More from Personal Finance
These are the ways student loans stop people from buying a house
Student loan nightmare: Some borrowers have to start over
People with massive student debt hope Trump will let them declare bankruptcy