Half of U.S. retailers suffered a data breach in the last year.
In other words, your personal info and passwords are certainly not in safe hands.
To help you navigate these dangerous digital times, we’ve tallied 25 simple things you can to protect your data online.
Setting up a VPN. Encrypting backups. Even turning things off and on occasionally.
Nothing that five minutes and a few clicks can’t solve.
1. Install a VPN (Virtual Private Network)
“Setting up a VPN doesn't have to require any effort — you can just install an app on your phone and you're good to go. When in use, it will encrypt your data so things like banking details and other personal information can't be stolen if anyone tries to hack your device or view your connection. It's the easiest way to do a whole host of privacy steps in one: browse in complete privacy, secure online shopping and stop location tracking, for example.”
— Tabby Farrar, Outreach Specialist, HMA
3. Update Your Software and Devices When Prompted
“Updates are the developers' way of releasing ‘patches’ and fixes to the latest security threats and vulnerabilities.”
— Keri Lindenmuth, Marketing Manager, Kyle David Group
4. Install a Password Manager
“Many people view password managers as simple productivity tools to help you streamline your multiple accounts and login details. [Ed. note: Our dev team swears by PassPack.] But keeping track of your various passwords is also a great way to encourage strong, unique and secure passwords. Without the need to memorize your details for each an every site, it allows you to pick much longer and randomized passwords which simply wouldn't be possible without them.”
— Jon Hayes, Pixel Privacy
5. Lock Your Apps
“We often hand our smartphones to other people. Friends of family members, kids, colleagues, service technicians that may require access to your device, etc. Don’t want your mom to check out your Tinder? Prefer to keep your chats with friends away from your kids? Or perhaps keep your investment profits (or losses!) to yourself? Limit access to your apps’ data with a simple lock. It’s easy, it’s super efficient, it’s the smart thing to do.”
— Omer Yarkowich, VP Products & Marketing, MyPermissions
6. Wipe Your Internet-of-Things (IoT) Devices
“Do you have Amazon Echo or Google Home? These devices record and store every command or question you give them. You may be revealing how and when your security system is armed and disarmed, your daily activity patterns and what information you’re looking up (directions, orders you place, when products are delivered, etc.). Those stored commands can be easily erased on the Amazon Alexa App: just go to history and delete the recordings. Do this monthly. Also, power off these devices occasionally to remove malware.”
— Dr. Susan Ferebee, Information Technology Professor, Purdue University Global
7. Go Virtual for Shopping
“Use a virtual credit card [Editor’s note: Such as Privacy], or use a secure-payment app option, before you use your debit or credit card for an online payment.”
— Alayna Pehrson, manager for identity theft content, BestCompany.com
8. Make Sure Your Browsing Sessions Are Encrypted
“Especially if you need to perform financial transactions or send/receive important emails. Always use HTTPS instead of HTTP in your URL field.”
— Mihai Corbuleac, Senior IT Consultant, ComputerSupport.com
9. Take Inventory of All Your Sensitive Data
“What data do you consider sensitive and where is it stored? Often, data resides in multiple locations, and you must first identify it before one can protect it. Passwords, credit cards, Social Security numbers, etc. might be stored in more than one place.”
— Matt Linde, founder, IOR Analytics
10. When You’re Not Using Bluetooth, Disable It
“Yes, there are actually ways to infiltrate phones through idle Bluetooth. While these attacks aren’t typically devastating, they can expose some data to unwanted visitors.”
— Devin Pickell, Data and Security Content Specialist, G2 Crowd
11. Get a Firewall for Your Router
“Your router is the primary entrance into your residence for cybercriminals. At a minimum, you should have a password that is unique and secure. To take it a few steps further, you can also enable multi-factor login or better yet, get a firewall for your smart home hub.”
— Sadie Cornelius, SafeSmartLiving
12. Schedule Weekly System Updates
“Grab a cup of coffee and go into the rarely used Windows Update Control Panel and apply them all. There's a reason why the updates are done, and they are usually to prevent exploits.”
—Trave Harmon, CEO, Triton Computer Corporation
13. Turn on Encrypted iPhone Backups
“It’s a quick way to add a layer of security on your iPhone/iPad (here’s how). This will ensure that your computers are not an easy gateway to the personal data stored on your phone (text message history, camera photos, voicemails). The encryption setting is stored on the device itself, so if you connect your iPhone to another computer in the future, any backups made on that computer will be secured as well. (Use a password that you will remember. There is no ‘I forgot my password’ reminder or reset for iPhone backups.)”
— Kelly Wilkerson, Co-Founder, Decipher Tools
14. Reboot Your Computer at Least Once a Week
“Users tend to leave their computers on for weeks (or months) at a time. While OS updates will sometimes reboot computers overnight, relying on updates for reboots is not smart and will often occur only once per month or less. Rebooting removes temp files that may have sensitive data; for example, that PDF bank statement you downloaded that was automatically saved to a temp directory. Plus, rebooting will clear the memory and ensure any security updates waiting on a reboot get deployed.”
— Bob Herman | Co-Founder & President, IT Tropolis
15. Identify and Bypass “Dark Patterns”
“Dark patterns are deceptive web practices which try to trick you into signing up for things or divulging personal information. Recognize them, ignore them and be wary of any company using them.”
— Chris Mindel, Marketing Manager, Dexter Edward LLC
16. Look Both Ways Before Clicking
“Phishing links are hard to stop and show up easily. Hover over the link to check where it lands before you click.”
— James Slaby, security expert, Acronis
17. Limit the Information You Share on Social Media
“Companies like Cambridge Analytica do studies on your information; they can classify your likes, activity and behavior with different labels and attribute to each person a category, in terms of personality, political orientation, sexual orientation, etc. You have to get into each of Facebook’s configuration sections and mark who you want to see your personal information, who can contact you, etc. In the privacy section, there are more options: who sees your photos, your comments on other people's posts, your likes ... Also helpful: on the Digital Advertising Alliance website, you can choose to have Facebook and other giants such as Google take you out of their list of personalized advertising recipients.”
— Sophie Miles, CEO/Co-founder, CalculatorBuddy.com
18. Use Two-Step Verification
“To login to our internal system, as well as our corporate email and other tools, a user will always have to enter their password ... and then they will also receive a message on their cell phone with a four-digit code that they must enter to log in. We reduced the problems we had around the protection of information in our company by by 44% by doing this.”
— Cristian Rennella, CEO/Co-founder of oMelhorTrato.com.
19. Use a Cloud Security Program (Like Cisco Umbrella)
“This technology is a powerful smart filter that monitors all traffic going over your network for malicious activity. It's very much set it and forget it — once it's up and running, you won't know it's there until you see that it blocked you from going to a fraudulent website. It can be set up in less than five minutes by changing one setting on your wireless gateway. This is a very effective tool for blocking spoof sites — which may look very realistically like your bank or your email provider, and are a common way that people inadvertently give up their data. The service is primarily used by businesses, but in its most basic form, individuals can use it for free.”
— Matt Kozloski, VP of Professional Services Kelser Corporation
20. Browse Privately
“Use DuckDuckGo (a search engine that doesn’t track you) or, on other browsers like Mozilla, click on ‘New Private Window’ or click CTRL + Shift + P.”
— Jackie Rednour-Bruckman, CMO, MyWorkDrive
21. Enable Disk Encryption
“If you have a Mac, open up System Preferences, click on ‘Security & Privacy’, select the FileVault tab, and click ‘Turn on FileVault.’ It may take a few hours to fully encrypt your disk, but you can keep using the computer while it’s running. This will protect your data in case the computer is lost or stolen. Without this turned on, a stolen laptop hard disk can be connected to another computer and all the data copied without any password protection. (There are similar third-party solutions for Windows.)”
— Mikkel Wilson, Founder, Oblivious.io
22. Cover Your Camera
“Buy a pack of restickable color tabs or stickers from your local drugstore, then use them to cover the cameras on your phone, laptop or computer. I find them much easier to use than the branded stick-on camera covers — and if you need to replace them, you have a whole pack.”
— Lily Li, Owner of Metaverse Law, CIPP/US & CIPP/E
23. Seek Closure
“Close any device and its programs properly. This includes logging out from accounts properly before closing the platform, completing an ongoing process before closing the software and closing extra running software when not used or needed. While switching off your devices, make sure that every program is resolved and closed properly.”
— Kim Smith, Content Marketing Manager, GoodFirms
24. Be Careful When Downloading Software
“Research the software publisher to verify their trustworthiness; websites like MajorGeeks, FileHippo and Softpedia are generally reliable resources for these types of inquiries. Download directly from a manufacturer’s website if you can. And double-check to make sure that you are at the correct publisher’s website — even experts can be fooled by convincing URLs and spoofed landing pages. Use antivirus tools before installation.”
— Serg Panfilov, Chief Executive Officer, Cyberdot
25. Get an Encrypted Email Provider.
"Use privacy-focused email services such as ProtonMail and Tutanota, both of which allow you to sign-up for free accounts with very little hassle."
— Sarah Barnard, Digital Marketing Manager, BestVPN
BONUS: Got more than five minutes to get secure? We asked Theresa Payton, the former White House Chief Information Officer under President George W. Bush and current CEO of the security consulting company Fortalice Solutions, for a few more aggressive tips on staying secure.
Protecting yourself on social media: "I tell my clients to turn off location tracking — or geolocation tools — in social media. That way you aren't ‘checking in’ places. Cybercriminals use these checkins to develop your pattern of life and to track your circle of trust. If a cybercriminal has these two patterns, it makes it easier for them to hack your accounts. Register for an online service that will give you a phone number such as Google Voice or Talkatone. Provide that number on social media and forward it to your real cell phone. Avoid personality surveys and other surveys; they are often very fun to do but the information posted often gives digital clues to what you may use for your password. Always turn on two-factor authentication for your accounts and tie your social-media accounts to an email address dedicated to social media. Turn on alerts to notify you if there is a login that is outside your normal login patterns. The amount of personal information you choose to share is up to you, and everyone has to find that limit of what is too much. But at the very least, never give out personally identifiable information like your address, DOB, financial information, etc."
Physical tricks that work: "When our clients travel, especially overseas, we always send them with a small kit that includes a webcam cover (these are the easiest things for criminals to hack), instructions on how to set up and use a VPN, and depending on the country they are traveling to, even things like burner laptops and phones. We highly recommend traveling with a portable hotspot. RFID blockers in wallets are also a great investment to protect your credit cards and the chips that are now in passports.”
Securing your home network: "We highly recommend that you segment your wireless networks at home and hide your wifi from public view. By working with your cable/internet provider to create separate wifi networks, you can put all of your IoT devices on one, use one for work, one for general web use and even one for guests. By creating these small but important barriers in your own home, it creates significant obstacles for cybercriminals to exploit you and your loved ones. Change the default names and passwords immediately — cybercriminals know the out-of-the-box passwords and will use them. Turn on encryption. Keep your router up to date by periodically re-booting it and make sure you keep all devices current on their operating systems, browsers and antivirus software. Consider installing a secure firewall if your internet provider does not automatically provide one. When you are going to be away from your house for extended periods of time, shut down your home network."