Consider this scenario:

You log into your homeowners’ association website to find out what to bring to next weekend’s neighborhood block party.

Somewhere in, say, Asia or the Middle East, someone else is lurking on that same website, no great feat for them because the site has virtually no security measures in place.

They swipe your unencrypted password, which happens to be the same one you use for your Gmail account.

Once in your email, they know where you bank, what type of credit cards you use — a treasure trove of personal and financial information.

Using your email, they reset the password to your mobile banking, log in as you and send money to themselves from your accounts.

“It’s as easy as that,” said Jason Ingalls, founder and chief executive officer of Alexandria-based Ingalls Information Security, which helps companies across the country prevent and respond to data breaches. “Things like that happen every day.”

“In general, people do forget how much data we have out there,” said Eddie Horton, an assistant professor in Computer Information Systems at Northwestern State University. “Especially the younger generation. Not only are they so active posting things to social media, there are things like writing a check, which is something they’ve never done. People have data out there in so many different places.”

And that data is often vulnerable.Many still unprotected

Hackers recently leaked names and other details about users of Ashley Madison, a site marketed to people in committed relationships looking to have affairs. While other recent data breaches have received less attention, they are potentially much more damaging.

Millions of federal workers have had their personal information stolen. Data and credit card information has been lifted from customers of retail chains, restaurants, supermarkets, hotels, health care systems, insurance companies, universities, nonprofits and banks.

Even security companies that specialize in protecting against data breaches have been targeted.

As Horton said, “if it’s available on the Internet, it can be hacked.”

“There’s always the possibility your information will be breached,” said Camilla Parker, who teaches Cyber Business Law at NSU. “At the end of the day, if someone out there without the best of intentions wants to, they can possibly get in.”

Yet, the average computer user (and, yes, computers include smartphones) has little understanding of or appreciation for basic online security

“It boils down to human nature,” said Terry Sadler, a security specialist at Fort Polk. “We become complacent until we experience something bad. Maybe it’s a breach, maybe our identity is stolen. … The first thing to understand is basic security. There are some challenges we face in applying security measures, but it’s not so difficult that you can’t learn it. Many people shy away from protecting themselves because they say it’s too technical.”

It’s all about creating “layers of security,” said Sadler, whose book, “Cybersecurity for Everyone: Securing your home or small business network” offers security tips for home users and small business owners. Every little thing you do to protect yourself makes you less likely to be a target.How to protect yourself

Among the most common security measures experts suggest are:

•Use strong, unique passwords for each website.

“If you asked a room full of people, ‘How many of you use the same password for different sites?’ I imagine you would get a 98 or 99 percent response,” Horton said. “It’s not because they’re OK with their information being taken, but a lot of people are not security minded and don’t understand the implications of things.”

Using the same password over and over is convenient, but it also means if a hacker gets ahold of your password for one site, they have it for everything.

Many people make it even easier by having overly simplistic passwords, or failing to password-protect their wireless network (which Horton equates to leaving the house with the front door unlocked).

Don’t think you can remember unique passwords for multiple sites? Try a password manager, which stores your passwords in an encrypted database.

A strong tool to use with unique passwords is multi-factor authentication, a security system that requires multiple steps to authenticate credentials.

That might mean when you log on to a website, a one-time password is sent to your smartphone. So, even if a hacker has your login information for that site, they can’t get in. There are many software and hardware applications that accomplish this.

Many social networking sites have the option of a secondary authentication method.

•Treat your smartphone the way you would any computer, because it is one.

More and more people are using mobile devices like smartphones and tablets to access the same information they would on a home computer, yet they often fail to protect it the same way.

“I often get a deer-in-the-headlights look when I ask people, ‘do you have anti-virus protection running on your smartphone?’” Sadler said. “You can get malware on your phone just like you can on your home computer.”

The risk is magnified when people have their device set to automatically connect to Wi-Fi, or when they connect to a public network at, say, a coffee shop. A hacker can cruise the same public network and cherry pick whatever unencrypted data flows through it.

One way to protect yourself when using a public or shared network is to install a virtual private network, or VPN, a good way to secure and encrypt communications.

•Update your systems regularly.

While anti-virus and anti-malware programs don’t provide anything close to 100 percent protection from threats, they are still a good tool to have. Keep them updated and scan your system regularly.

Similarly, download security updates whenever new patches are released. Keep software such as browsers and PDF readers up to date.

•Just because something says it’s free doesn’t mean there’s no cost involved.

The free app or program you just installed may have also installed additional software you didn’t ask for, which could harm your computer or provide someone with unwanted access.

Be aware of what permissions you’re giving up when you download something. Many “free” applications are just a means of mining data to lump you into a group for advertising purposes.

In addition to erosion of privacy issues, you may be opening a door for someone to steal your data and use it for more unscrupulous purposes.

“If you’re downloading a game, why would it need access to your contacts list?” Sadler said.

Many times, these costs are hidden in lengthy terms and conditions, which Parker encourages her students to always read through, no matter how boring and time-consuming it is.

“Most people don’t,” she said. “Most people just click, but you don’t know what you’re agreeing to.”

•Beware of email and other online traps.

Online scams are often easily spotted by poor grammar and spelling mistakes.

But not every scam is as identifiable as the purported Nigerian prince who’s offering $100,000 to anyone willing to let him temporarily park money in their bank account.

Be suspicious of any email you receive from a sender you don’t know, or one from your bank or credit card company asking you to log into their site through the email. It’s likely a copycat site run by hackers trying to steal your login information (instead of using the email link, log in to your bank’s site directly).

When in doubt, delete a suspicious email without opening it.

•Be careful about creating anything digitally that you don’t want people to see.

Think twice before sharing anything you wouldn’t want exposed. Because that picture or email that was intended for one person or a small group can easily end up being seen by lots of people.

“If you’re going to put something on the Internet, make sure your grandmother and grandchildren are both comfortable seeing it,” Ingalls told the BBC for a piece on cyber security that ran online this week.

In addition to potentially exposing private information, lots of people have gotten themselves in trouble by sharing more than they should on social media.

It’s not a great idea, for instance, to call in sick to work then post a picture of yourself out having a good time. Remember that the first thing employers often do is Google or look for Facebook pages of job applicants.

“People are sharing too much information,” Ingalls said. “They need to be aware that it matters what you put out into cyberspace.”‘Don’t be an easy mark’

Ingalls is currently working on what he believes will be a “transformational” tool to fight hackers — a revolutionary way to visualize cyberspace and spot hacking activity.

As excited as he is about the project, he knows that, like arms races throughout history, the other side will try to innovate to neutralize it.

“Most people have no idea they’re sharing this tremendous amount of data with lots and lots of strangers,” Ingalls said. “That’s an issue we’re facing and will continue to face in the future.”

“It’s the world we live in now,” Parker said. “It’s this new frontier we’re all a part of.”

These days, most people are never more than a few inches away from Internet access. The threats that come with that are just as ever present.

While there is no such thing as 100 percent protection — someone could do everything right in securing their own devices, for instance, and find their data compromised because they used a credit card at a trusted national retailer — the key, experts say, is making yourself as tough a target as possible.

“Everything we do revolves around the Internet,” Sadler said. “It’s here to stay. It’s important for us to learn the basics and get educated so you can protect yourself. Don’t be an easy target. Don’t be that low-hanging fruit a hacker goes after.”