Whether you’ve never thought about your personal security at all before, or you’ve been meaning to clean some things up for awhile now, 2017 is the year to make changes. Threats like spamming, phishing, man-in-the-middle attacks, and ransomware pose real daily threats to every internet user, passwords continue to leak in massive corporate breaches, political instability roils many parts of the world, and people own more and more devices that can be compromised. Fun, right?
The challenge of protecting yourself can feel so overwhelming that it’s tempting to give up on security altogether. There’s no disputing that adding more protection to your life does require some work and inconvenience. But emphasis is on some. Just like locking your bike instead of simply leaning it against a tree, taking digital security precautions is slightly annoying but very doable. So do it! The first step is to check off the really simple stuff that only takes a few minutes (do it for your relatives or a friend, too). Once you’ve got that baseline read on for the slightly more time-consuming stuff.
Set Up a Password Manager
At this point, you’ve either meant to set up a password manager and failed, or you’ve heard that you should do it and willfully not made it happen. It’s understandable. We all have a ton of online accounts, and the idea of cataloging them all and changing the password for each of them is daunting. But that’s precisely why you need a password manager. You can’t remember strong, unique passwords for each account you have, and the accounts you’ve forgotten about are especially likely to have a weak or repeated password. The nice thing about setting up a password manager, though, is that once you put in the time to get it up and running it will genuinely make your life easier beyond just improving your security. You won’t have to go through password resets all the time, risk being locked out of accounts after too many failed entry attempts, or need to stretch your brain with complicated password mnemonics. Everything will just be there behind one long and strong master password. Password managers also make it easier to change passwords down the line, so they really do have a long-term benefit.
There are a number of good password managers to choose from (some are free!) and the easiest way to set them up is just to choose one and then add and change passwords gradually over time as you visit sites and services that involve a login. Within a few weeks of adding accounts through natural browsing you’ll have significantly improved your personal security posture. As months go by, you’ll add niche sites and new accounts to your roster. It’s a slow burn, but once you get going it becomes part of your natural flow, and you’ll suddenly realize that you’ve had your password manager for years.
Password managers are certainly not perfect. They centralize all your data, and it’s always possible that the companies that provide them could be breached. It’s happened. But unless you’re willing to devote just as much or more time to an elaborate password management strategy of your own creation, managers are a reasonable way to bring your password situation under control. It’s not your fault that passwords are such a lousy security system, but as long as they’re around we should all deal with them in a safe way. Make the decision now: 2017 will be the year I set up a password manager.
Enable Two-Factor Authentication
While you’re already going around to sites changing passwords and adding them to your manager you can be taking another step to improve your personal security, too, by adding two-factor authentication to every account that offers it. This measure, which usually requires you to enter temporary codes sent to or generated on your phone along with your regular password, helps protect you from attack if your passwords fail. Not all services have two-factor authentication, and many that do call it by similar but confusing names (login verification on Twitter, for example). Setting it up for important accounts, though, especially ones where you store financial information, like your bank and Amazon, provides another defense layer and isn’t too much of an inconvenience day to day. You can usually mark your personal devices as trusted once you go through the two-factor verification process once, so the feature generally only becomes an annoyance in the specific case where you’re really in a rush to log into an account on a device you’ve never used before, or are locked out and don’t have cell service to receive your code.
Things change so quickly in digital security that most mainstream recommendations have only been around for a few years, but backing up data is the classic chestnut of cybersecurity advice that only becomes more relevant as threats grow. If malware or ransomware infects your computer and you have a backup, you can easily wipe the disk and start over with all of your information intact. If you have to, you can ditch the device altogether, get a new one, and your data comes with you. No problem. The other useful thing about having a backup is that it helps you assess what data has been stolen and what steps you need to take if your local files are breached. There are often sales and discounts on external hard drives, so you can pick up a 2 terabyte drive pretty easily at this point. Or if you don’t want to worry about hardware failure and like to have on-the-go options, cloud services like CrashPlan and Backblaze are good bets.
Whether you’re storing backups locally on a hard drive or in the cloud, you can add an additional layer of protection by encrypting your data and password protecting it before doing the backup. With this in place your data has increased defense even if your cloud provider is hacked or your external hard drive is lost/stolen.
Know How to Use a VPN
You’ve probably heard people talk about Virtual Private Networks, but they’re not just for hackers on Mr. Robot. Once you are connected to the regular internet, VPNs create an encrypted connection between your device and a secure server, which then allows you to browse and use the internet normally through an encrypted channel that protects you from eavesdropping. VPNs are also fairly simple to use on both your computer and your phone. You sign up and pay a monthly or annual fee (some offer free versions), and then all you need to do to use the VPN day to day is log in through a “VPN client,” an application or web portal. You probably don’t need to use your VPN all the time when you’re using a trusted, password protected internet connection, like at your home or office. But if you’re doing something sensitive or browsing on unprotected public Wi-Fi, like at a coffee shop, turning on your VPN helps ensure that the data you send and receive is encrypted and can’t be spied on. “Use them whenever you are using a Wi-Fi that you don’t trust or don’t control,” says Eva Galperin, a global policy analyst at the Electronic Frontier Foundation. Its like a condom for your phone.
Use End-to-End Encrypted Chat Apps
Communication tools like Slack, Google Hangouts, and Facebook Messenger are mainstream and accessible, and they offer some security protections for data. But only apps with full end-to-end encryption are safe from prying eyes, be they government surveillance forces or cyber-criminals. By convincing your friends and family to switch to chat apps like WhatsApp and Signal, you reduce the chance that your communications will be intercepted. As with password managers or anything else in life, there is never a guarantee of perfect security, but taking the step to use services that place a high priority on security is better than not doing it. And if there’s one thing we all learned from the Sony hack, it’s that the dumb things people say to each other online can be problematic if they get out.
If you’re doing sensitive or controversial work, or believe you are a particular target of cybercriminal activity or government investigation, adopting these measures alone will probably not be enough to protect your security and privacy. But for the average person who’s just looking to make some positive changes in 2017, adding these five precautions to your digital life will make a significant difference in the quality of your defense, and your ability to recover from common attacks.