Think you’re not important enough to be hacked? Think again.
Every day, regular people—students, small business owners, retirees, even IT professionals—fall victim to cybercrime. And it’s not because they’re stupid, careless, or unlucky. It’s because today’s cyberattacks are automated, convincing, and wildly effective.
In this post, I’m breaking down how cybercriminals get your info, based on real-world experience from almost three decades in IT leadership roles. I’ll also give you 5 simple things you can do today to reduce your risk—no technical expertise required.
Table of Contents
🕵️♂️ The Most Common Ways Hackers Steal Your Data
Let’s ditch the Hollywood imagery. Nobody is hammering away at your firewall by hand. Cybercriminals use automation to compromise thousands of people at once—and they’re incredibly efficient at it.
Here’s how:
🎣 1. Phishing
Fake emails or texts that mimic trusted brands like Amazon, PayPal, or Microsoft. They get you to click a link, log in, and boom—your credentials are stolen.
🧠 2. Social Engineering
You get a phone call from someone claiming to be IT support. Or HR. Or even your CEO. It sounds urgent. They need your info now. You panic. You give it.
💥 3. Credential Stuffing
If you’ve reused the same password across multiple sites, this one’s for you. Hackers take stolen credentials from past breaches (like LinkedIn or Dropbox) and try them on hundreds of other platforms. It works a lot.
📶 4. Fake Public Wi-Fi
Ever connected to “Free Airport Wi-Fi”? Sometimes it’s legit. Sometimes it’s a hacker’s laptop. Once you’re on their network, they can intercept your data.
📱 5. Malicious Apps and Extensions
Shady mobile apps or browser extensions ask for more access than they need, then abuse it. They log your keystrokes, scan your clipboard, or upload your data without you knowing.
🧩 Why You’re More Vulnerable Than You Think
You don’t need to be rich or famous to get hacked. You need to:
- Reuse passwords
- Skip MFA
- Click one bad link
- Be on the wrong Wi-Fi network
Cybercriminals aren’t targeting you—they’re targeting everyone.
They run bots that test leaked credentials from old data breaches across platforms like Gmail, Amazon, and PayPal. If you’ve ever used the same password twice, you could be exposed.
👉 Go check haveibeenpwned.com to see if your email has been in a breach. Spoiler: it probably has.
🛡️ 5 Things You Can Do to Protect Yourself
✅ 1. Use a Password Manager
I use 1Password—and I’m not compensated or affiliated with them in any way.
One of the reasons I use it is that it includes built-in support for MFA codes, so I don’t need a separate app like Google Authenticator. It syncs across all my devices and makes secure logins effortless.
Other great options include:
- Bitwarden
- Dashlane
- iCloud Keychain (for Apple-only users)
🔐 2. Turn on MFA
Multi-factor authentication (MFA) adds a second layer of protection to your accounts. If someone steals your password, they still need your phone or device to get in.
Turn this on for:
- Banking
- Social media
- Cloud storage
♻️ 3. Stop Reusing Passwords
Every account should have a unique, strong password. If one gets compromised, the rest stay safe. Password managers make this easy.
🚩 4. Be Skeptical of Public Wi-Fi
Don’t trust open networks. They’re convenient, but risky. Avoid logging into sensitive accounts when you’re on them. I have a separate article that talks about issues around wi-fi, and how you can resolve them.
🌐 5. Use a VPN—Like Cloudflare WARP
A VPN encrypts your internet traffic, making it unreadable to snoops on public networks.
I personally use Cloudflare WARP. It’s free, fast, and easy to install—not just on your phone, but on your Mac or Windows PC too.
WARP isn’t a full VPN—it doesn’t spoof your location—but it does encrypt your data using Cloudflare’s secure network.
Perfect for cafés, airports, or anywhere with sketchy Wi-Fi.
📌 I’ll be doing a full episode soon on VPNs: how they work, which ones to avoid, and how to choose the right one.
🧠 Lessons from the IT Trenches
As someone who’s spent their career in IT leadership, I’ve seen this stuff go sideways.
The most significant security breaches I’ve witnessed didn’t happen because of bad software.
They happened because of one person:
- Clicking a fake DocuSign email
- Reusing an old password
- Ignoring a security warning
Technology doesn’t get hacked—people do.
So my job as an IT leader is to make secure behaviour easier than insecure behaviour. That’s why I advocate for tools like 1Password and Cloudflare WARP. They reduce friction, and they encourage good habits.
One good decision can stop an entire breach chain.
🎬 Final Thoughts
Let’s recap:
- You are a target, even if you don’t feel like one.
- Cybercriminals count on laziness, reuse, and distraction.
- Password managers, MFA, and VPNs aren’t optional anymore—they’re essential.
You don’t have to fix everything overnight.
Just start with one thing.
🔐 Add MFA to your email.
🔑 Start using a password manager.
🛡️ Try a VPN next time you’re on public Wi-Fi.
Security doesn’t have to be scary. It just has to be intentional.
✅ Like this post? Share it with a friend.
🎧 Listen to the full episode of Tech It From Me wherever you get your podcasts from.
Or check out all episodes at techitfromme.com.
(Feature image generated with the help of DALL-E)