You already know you shouldn’t share your password with a stranger, but cybersecurity experts say there are other routine tasks you may be carrying out -- including using your debit card online or downloading free apps to your phone – that could seriously jeopardize your online security.

"I already assume my smartphone is infected," Gary Miliefsky, the CEO of SnoopWall, a cybersecurity company based in New Hampshire told CTVNews.ca.

And if a cybersecurity expert’s phone is infected, yours may be too.

From avoiding downloading email attachments to disabling geo-tagging, you may be leaving yourself wide open to hackers. So what simple steps can you take to protect yourself online?

CTVNews.ca spoke to two cybersecurity experts, Miliefsky and technology analyst Carmi Levy, to find out the top 5 things they would never think of doing on their smartphone or computer:

1. Never use your debit card for online shopping

Debit card

Online retailers are increasingly offering customers a chance to use their debit card to pay for transactions, making life easier for those who don’t have credit cards or for those who don't want to add to their credit debt.

Even PayPal now has an option for users to add their debit cards to their accounts.

This tops Miliefsky’s list of things he would never do on his computer or smartphone.

"If you use a credit card, you're much safer because of the fraud and identity theft investigations and protections designed around credit cards," he said.

Miliefsky says he understands people wanting to only use the cash they have readily available, but a hacked debit card is a much more time consuming process to get fixed.

Longer fraud investigations and future identity theft concerns are the major reason to avoid using them online, he says.

2. Never download an app before reading the privacy permissions

Beware privacy concerns with apps

When downloading an app, many will skim through the permissions it asks to be granted – such as accessing your contacts or your location.

Both experts suggest reading the privacy permissions and doing some research on the apps' creator before you download it.

Miliefsky lists a keyboard emoji app found on the Google Play store that has hundreds of thousands of downloads as an example. This simple emoji app asks to read all your text messages, listen in on ingoing and outgoing calls and track your movement.

Both Miliefsky and Levy say free apps are particularly troublesome for wanting to control your phone's contents. Many apps also don't list where all the information they gather from your devices is stored.

"We’re essentially giving up all of our rights to in order to play these games," said Levy. "We're allowing companies carte blanche to have our information."

Instead, research the apps you download and avoid those that wants to oversee a large amount of your phone's content.

3. Never download email attachments

Downloading email attachments

It may sound like a hassle, but Miliefsky suggests never downloading an email attachment.

"If there were no hyperlinks or attachments in an email, how could you get infected in emails?" he said.

He says people have become used to downloading attachments from people they recognize recognizable, and hackers can exploit that.

Instead, consider using a third party program such as Dropbox – a secure file hosting service – allows you to scan all incoming attachments and ensure you’re not downloading something potentially harmful.

For an extra layer of protection, Miliefsky recommends getting rid of email signatures that feature hyperlinks. Those links can be corrupted and instead of directing the recipient to its intended target, can instead direct them to a site a hacker controls.

4. Never share a password

Experts remind users to never share passwords

A fairly straightforward piece of advice, but both Miliefsky and Levy suggest never sharing important passwords online or using the same password twice.

Miliefsky recommends never entering any of your passwords on sites you don't recognize or sharing it with others, while Levy suggests avoid having them stored on your computer.

"Breaking in to your computer, eavesdropping on your computer, getting passwords is just too easy," Miliefsky said. "Just don’t share your password."

Levy agrees, adding that many users use the same password multiple times, making you an easier target to hack.

"You’re willingly trading off security for convenience when you do this," he said.

5. Never enable geo-tagging, GPS and Wi-Fi

Free Wi-Fi

A geotag is an electronic tag that lists the geographical location a photo, video or device is located. You may already have enabled your location on your phone and not know it. To disable the feature, simple check your camera settings and disable "geotags" or "location tag."

But it’s important to be aware if you’ve enabled geo-tagging because you could be giving outsiders a virtual map to your whereabouts if they get their hands on your device, Miliefksy says.

He gives an example of children taking photos on their phones or iPods without realizing the photo is storing their location. If the phone or computer taking that photo has already been hacked or gets hacked, then whoever has control of it can easily discover where you live or where your kids are, he says.

Beyond geotags, using free Wi-Fi is another no-no.

Smartphone users tend to leave their Bluetooth or Wi-Fi connection on when it’s not needed, Levy says, which can allow hackers easily taking control devices when you’re out in public.

Hackers can set up fake internet connections in coffee shops to use on unsuspecting customers and easily access that data once the device is connected.

"Even if you’re logging in to a sanctioned network like a one at a coffee shop," said Levy referring to Wi-Fi logins at coffee shops like Starbucks. "The sad truth is these are places that sell coffee, not specialize in Wi-Fi security."

Both suggest using those, and similar functions on your phone – such as enabling Bluetooth or Near Field Communication, which can pair your device with another -- only when it’s necessary or when it’s on a secure connection.

The only safe connections are those where you know who is in charge of the connection such as your employer or your home router.

While the expert advice may seem ominous, Levy says the idea is to reinforce how important security for our digital devices is, and how it tends to get overlooked.

"I don't want to freak people out, but at the same time I want to frighten people into treating security with a little more seriousness than they already do," he said. "Sometimes you need a bit of a poke to wake up and smell the coffee."