Scyther5 | Getty Images

Do you use the same password for multiple accounts? Have you ever lost a phone or laptop? Do you skip installing malware or antivirus software? If you do, you have poor "cyber hygiene" — the steps you should take to maintain device health and improve online security. It also could make you a target for a cyberattack. Most Americans do not have safe cyber habits, which includes monitoring bank and credit card statements, updating online account passwords and watching carefully for email phishing attempts. Fewer than 1 in 4 Americans routinely practice factors that increase online security, according to a report from Webroot, a cybersecurity company, and Ponemon Research. The company asked 4,290 respondents across the country about their online habits and ranked each state according to a cyber hygiene index. Of the 50 states and Washington, D.C., only six had good cyber hygiene scores. More than half of the states were classified as risky.

"Regardless of the region, the riskiest states index shows that many people in the U.S. are jeopardizing their safety with inadequate cybersecurity practices," said David Dufour, vice president of engineering and cybersecurity at Webroot. Cybersecurity has become increasingly important, especially after the Equifax data breach exposed 143 million Americans. Such breaches take a financial toll: In 2017 alone, $16.8 billion was stolen by identity theft scams, according to a report by Javelin Strategy and Research.

The worst states

The five states with the worst cyber hygiene rankings were Florida, Wyoming, Montana, New Mexico and Illinois. In those states, 72 percent of respondents to Webroot's survey said they share their passwords, and nearly half never back up their data. These statistics were surprising to Tyler Moffitt, a senior threat research analyst at Webroot. "I did not think that sharing passwords would be that bad," he said. The states with the worst data security practices also had the direst consequences: Those states had the highest average number of people who experienced more than 10 malware infections in a single year. Many people do not realize the importance of good security practices online until they get a virus or their identity is stolen. "People don't take care or think about it until after they are a victim, and that's the wrong attitude to have," said Moffitt.

If you aren't practicing good cyber hygiene, you're not practicing good identity hygiene. Eva Velasquez president and CEO of the Identity Theft Resource Center

In Webroot's survey, respondents reported that they suffered personally, professionally and financially after becoming a victim of identity theft. These consequences can be largely avoided by taking a few simple steps proactively.

Where to start

To make sure that you don't fall victim to a cyberattack, here are Webroot's suggestions for keeping your data safe online. Use antivirus software . Paid software will work better than free software, but "it's better to run something over nothing," said Moffitt.

. Paid software will work better than free software, but "it's better to run something over nothing," said Moffitt. Don't use the same password for multiple accounts , especially your email, and make sure your passwords are unique and strong . No more using "password" as a password.

, especially your email, and make sure your passwords are . No more using "password" as a password. Don't share passwords. Ever.

Ever. Watch out for phishing attempts in your email inbox. Don't click links or open attachments from people you don't know. Delete emails that seem fishy.

in your email inbox. Don't click links or open attachments from people you don't know. Delete emails that seem fishy. Keep up to date with applications and operating system. Hackers are always coming up with new ways to scam people and steal identities.

Data keep growing