New Year’s Checkup
It’s a new year, and for most people that means “new beginnings.” Humans are naturally drawn to specific milestones in our lives because they feel like opportunities to start over fresh or rebuild from the ground up. The new year isn’t the only such milestone, it could also be a birthday, holiday, new week, etc. That’s why we get so excited about an – objectively speaking – arbitrary day. It’s a new chapter, a chance to redefine ourselves and do anything we want. In some cases, this could mean getting in shape, finding love, finishing a book, any number of things. But it could – and should – also mean a revaluation: where are you now? Where do you want to be? What can you do better? In privacy and security, I believe we should always be striving to take the next step and do better, but it’s always wise to check back and make sure you’ve got the basics covered. So in the spirit of new beginnings and revaluation, I’d like to present a few tips to help you check your privacy and security basics and set yourself for up a successful 2023.
1. Check Your Passwords
The single most important thing you can do to protect yourself online is to use good passwords. This is day one stuff, and yet we still struggle with it. That’s why this piece of advice keeps showing up on lists like this. The world is (hopefully) moving toward a passwordless future, but it’s still a ways off, so until then you’ve got to start using good passwords. Password managers are becoming more mainstream, but I have a strong suspicion that most people are using them simply to track their bad passwords. If this is you, this is your sign: start fresh.
If you’re not using your password manager to generate new passwords, you’re only getting the convenience benefits of the tool and not the full security features. Imagine buying a nice, quality power drill and using it to hammer in nails. Sure, it’s probably pretty easy with how much weight is on a good drill, but you’re still not getting the full benefit of the tool until you start using it right. Promise yourself to get the most out of your password manager this year.
2. Check for 2FA
Two-factor authentication of any kind is becoming increasingly common. It’s always a pleasant surprise when I sign up for a new website and see that they offer 2FA, even more so when they offer TOTP (or pretty much anything other than SMS). The weird part is that organizations and companies never seem interested in broadcasting this fact. Websites are always eager to send you marketing emails telling you about the useless, niche features they’ve rolled out like new shopping lists, new search features, or new items, but never about new security features like “hey, we upgraded our hashing algorithm” or “we now offer 2FA to better protect your account.” You would think that any good news is welcome news, but I guess I just don’t understand how to grow a sustainable brand.
Anyways, this is – again – your sign to go peruse your account settings and look for 2FA. It’s possible the services you’re using didn’t have it when you signed up and now they do. Don’t log out, cause we’re gonna do some more poking around in Tip 5.
Photo by Mikhail Nilov on Pexels.com
3. Freeze Your Credit
This tip is specifically for my American readers, but it recently became even more clear to me how valuable this trick is. Late last year, someone attempted to steal my identity. I may write a whole blog about it, but the short version is that I got a call from TransUnion saying that I needed help unfreezing my credit (the fraud alert in action). I assured them I did not and went about my way. Later, investigative cyber journalist Brian Krebs reported that fraudsters had found a way to bypass identity verification services at Experian to view credit reports without authentication. In other words: cybercriminals could access your credit reports freely, which could give them more information to more easily steal your identity.
A credit freeze is easily the best way to stop this. I cannot impress upon you how the risks to your identity grow each year. Don’t waste your money with identity theft protection or insurance services, who will only react after the fact. Save the money and headache and prevent the damage all at the same time while staying a step ahead of the bad guys.
4. Clear out apps and programs
As a privacy advocate, I try to practice what I preach. Still, when I’m out in public, I sometimes can’t help but notice stuff. Like the time I noticed a lady who had at least five full pages of apps on her iPhone. Five full pages of like, 5x7 apps. I don’t even think I could list that many apps if you put a gun to my head, to be honest with you. And all I could think was “how often do you think she uses those apps?”
Apps are what’s called an “attack vector,” or basically a weak point in your armor. That’s not to say they’re all vulnerable but the more apps you have, the higher your odds that at least one of them will contain some of sort of vulnerability that would allow an attacker to access your data possibly. And even if that never comes to pass, many apps contain lots of trackers – location, device information, etc. The more apps you have, the more you’re being tracked. This is true of all devices, not just phones.
Now, obviously, some apps are actually necessary. At my day job, our 2FA choices (which are enforced) are SMS or Microsoft Authenticator. As much as I hate Microsoft, I don’t want to be the guy responsible for putting ransomware on the network. I also choose to have my local library’s audio- and e-book app on my phone so I can listen to audiobooks while I commute and work and thus learn and make the most of my time and be productive. But this is a great time to go through your phone – and your computer, tablets, TV, and any other smart devices you have – and go “what apps do I actually use frequently, and which ones can I live without?” I’m a big fan of not having your bank app on your phone because if someone steals your phone, they might – in theory – be able to access your funds that way. You can wait til you get home to check your account, more often than not. Same with games. I personally bookmarked a few news sources I trust to read when I’m bored and waiting on someone. Maybe you could use the time to text a friend you haven’t spoken to in a while. Or practice social skills by chatting with the person next to you. Or carry a small book you can whip out at times like this. The choices are yours. You can even keep one or two games you particularly enjoy. Just try to keep it to a minimum. As the famous rapper said, “more apps, more problems.” Someone definitely said that. Don’t fact check me.
Photo by Rami Al-zayat on Unsplash.com
5. Audit your accounts
I strongly encourage everyone to go through and delete unused accounts. Never really use Facebook? Then it shouldn’t be an issue to delete it. Suddenly remembered an old Myspace account? Delete. Signed up for eBay once to buy a replacement remote and haven’t touched it since? Get rid of it. Less accounts means less opportunities to be caught up in a data breach.
For the accounts that remain, this is a great time to go audit them. An “audit” is basically to check the settings. As mentioned earlier, check to see if they added 2FA but also check to see if they’ve added any new privacy controls. Maybe now you can opt out of personalized ads but before you couldn’t. You can also check to see if they’ve added new privacy permissions, like restricting who can see your profile. Maybe you’re happy with your current settings, but it’s still good to know what your options are and what they’re set to.
Finally, be sure to check for unknown or unauthorized devices. This gets overlooked a lot in breakups: your ex is still using your Netflix or Spotify without asking. This is particularly critical for things like email, where someone can set up a forwarding rule to get a copy of every email you do. The exact steps vary for how to do this depending on the account in question, but you can usually find it just by exploring. Check all your accounts now, log out of any old or unrecognized devices, revoke any old apps you no longer use, check for any mail-forwarding rules, etc. If you mess up and delete a device that’s actually yours and you simply forgot about or didn’t recognize it, that’s fine. You can always sign back in. No harm, no foul. (Note: Apple has a new feature called “safety check” that actually makes this incredibly easy for you Apple users.)
6. Enable automatic updates
My final tip is pretty basic, but pretty powerful: ensure that automatic updates are enabled. On most devices, this is default these days, but take the time to check and make sure. Stuff is getting updated all the time, and it often includes security fixes for known – and often currently-in-use – vulnerabilities. One of the best ways to protect yourself in the digital world is to keep your stuff updated, and with automatic updates the work is done for you. That’s one less thing to think about. So be sure to check all your phones, tablets, computers, routers, and anything else you can think of and enable automatic updates if they offer it. This will go a long way.
The new year offers endless possibilities. You can do anything you want, be anyone you want, and reach any goal. It’s entirely up to you. But be sure to set yourself up for success. Whatever your goals this year, be sure to check and make sure you have a solid foundation. Even if your goals aren’t privacy or security related, you can still benefit from taking a few minutes to ensure that you’ve got a good foundation of protection and move forward from there. Best of luck. You got this.