Unless you live under a rock (without WiFi), you’ve probably heard by now about the leak of over 100 private celebrity photos. Some of the violated A-Listers include Oscar-winning actress, Jennifer Lawrence; Sports Illustrated model, Kate Upton; and Grammy Award-winning artist, Rihanna. Investigators are still trying to figure out for certain the exact methods that were used to obtain these photos, but here are the 5 most common reasons:

1. Weak passwords

Weak passwords are cited as one of the top 20 internet security vulnerabilities by the SANS Institute. Even the most juvenile hackers could figure out “password” or “abc123″ without using any advanced programs.

How to avoid vulnerability: You should have a password with a variety of numbers, unique characters, and uppercase and lowercase letters. While it would be ideal to have a password such as “Dah$78rGebehes&fHJE1″, you probably wouldn’t remember it if your life depended on it. Instead, try using a password you’re comfortable with and changing it around bit. For example, if you were thinking of using your street name as a password, such as “ridgewoodlane”, try something a bit more complicated (but easy to remember), such as “il1ve0nRidgew00dLanE”.

2. The same passwords used across multiple accounts

If an attacker manages to gain access to a user’s login credentials by breaching a particular website, they could try using the same password throughout other online accounts.

How to avoid vulnerability: It may seem like a pain to use a different password for each account, especially if you have 5 different email addresses, 3 Twitter accounts, and a unique Facebook account for both yourself and your dog, but would you rather face the negative alternative? Maybe it wouldn’t be a big deal if a hacker logged into your Fluffy account, or that old email address from 10 years ago that you barely use, but it can become serious if they discover your banking information, personal address, or social security number. Of course, you could write all of your passwords on a piece of paper, but you’re still at risk if that paper gets into the wrong hands. Plus, when you’re on-the-go, you might not remember to bring the list of passwords with you.

The easiest and safest way that I’ve found to access multiple passwords is through the Norton Identity Safe. It’s accessible through any device with a web browser, so even if you’re at an Internet Café or a hotel business center, you still have access to your website logins, credit card details, and other important notes. Anyone who has a valid Norton account and its associated online Vault password can access the Norton Identity Safe website.

3. Keeping the same passwords after a giant security breach

After a large-scale security breach, one might think that the public would be inclined to change their passwords. However, it has only been a few months since the widespread Heartbleed bug, and a recent report from the Pew Research Center stated that fewer than 4 out of 10 people who knew about the vulnerability changed their passwords in response to the bug.

How to avoid vulnerability: Stay up-to-date with the latest viruses and security breaches by following security blogs or downloading trusted security software.

4. Simple “Forgot My Password” answers

During the 2008 presidential election, Alaska’s former governor, Sarah Palin, had her email account hacked. The culprit simply looked up biographical details such as her high school and birth date and input them into email account recovery fields for forgotten passwords.

How to avoid vulnerability: In addition to choosing more difficult security questions, you can enable two-factor authentication on websites and applications that provide it. In other words, when you log into an account with your password, an email or text message will be sent to you containing a second temporary authentication code. In this case, even if your password is compromised, an attacker would still have to gain access to the secondary authentication method to break into your account.

5. Spear phishing attacks

By now, you probably know you don’t have a long-lost billionaire relative who left their entire financial savings in your name, so you shouldn’t open that email. However, you may be susceptible to more advanced tricks. Cyber criminals may access your contacts through popular social networking sites and pose as a friend sending an email. They also might create emails that look like a legitimate bank or retail store. Inside of these emails, attachments and harmful links can remain seemingly hidden on your device while stealing data.

How to avoid vulnerability: Open each email with caution, and never provide confidential information. A company will never ask for your password, credit card number, or other personal data through an email. If you ever have any questions about a bank, credit card, or retail purchase, you should always go to the company’s official website and contact them directly with questions. Additionally, if a friend sends an email with an attachment or link, ask him or her to confirm it through another source of communication.

It’s important to take the right steps to protect your privacy the best way you can, but if you want to take it a step further, you can download the latest security products. I’ve personally used Norton for years, so they’re generally my “go-to” suggestion. Even if you’re not ready to use their software, they have a lot of free, informative, and useful resources on their site that can help keep your data stay safe, protected, and private.

Additional sources used for images and content: