Thank you for reading and providing additional insight.

For your first point: I assume you got that information from a PCmag.com article my friend Eric Griffin wrote last year. He quoted one of my other colleagues Niel Rubenking. Both great guys. :)

However, cybersecurity experts consistently STILL recommend changing your passwords every 3-6 months. Of course, this depends on usage, the type of sites you visit, and how important it is to keep your business and your client’s data safe.

Obviously, there are instances when you should change your passwords immediately, e.g. you’ve been hacked, there’s been a data breach, etc.

For your second point: According to the FTC, unsecured public WiFi hotspots are inherently insecure. The WiFi Alliance mirrors this fact. There are man in the middle attacks, packet sniffing, etc.

According to a study by the University of Maryland, an unsecure computer connected to the internet can become a target of more than 2,000 cyberattacks per day.

And sure, HTTPS offers a barrier, but if companies (or non-tech savvy solopreneurs) don’t update their SSL certificate and let it expire, then their web site is fair game to hackers.

The increased infiltration of IoT devices in the home and workplace also offer security concerns.

At the end of the day, if you are running a business of any size, you have confidential client information, payment information, stored credit cards (especially if you sell a membership or subscription service), and don’t want to be a victim, it’s best to err on the side of caution.

Implying that people can be lackadaisical with their data is IMO, irresponsible. Better to be safe than sorry. :)