Tips For Keeping Your Digital Life Secure
If you keep up with the news then I’m sure you’re aware of how common ransomware attacks have become and while those are mostly targeting companies and governments, they do occasionally attack individuals. Here are some general tips, particularly for Apple users, for digital hygiene to keep yourself safe both from bad actors and from bad luck.
Keep Your Devices Up-To-Date
Is your phone or computer nagging you to update? Do it! Your phone should be able to update itself overnight.
All software has vulnerabilities, this is a fact of life. Discovering vulnerabilities that haven’t been patched yet is very difficult or very expensive. Discovering vulnerabilities in older versions of software is trivially easy. Running an old version of an OS is placing a very big target on your device.
Turn On Cloud Backups
I have helped family members on a few occasions recover data from crashed hard drives. I would always tell them that they needed to buy external hard drives and back-up to them, but that’s a very manual process so they never did.
Fortunately I haven’t had to do this for several years now because cloud backup solutions are widely available, particularly on your phone where you just need to turn it on. If your backup is larger than iCloud’s free tier of 5 GB, for the love of all that is holy pay the $1/month for 50 GB. That is a small price to pay for piece of mind.
On a Mac or PC, make sure that your important files are saved to a cloud syncing service like iCloud Drive or Dropbox.
Use a Password Manager
I used to recommend 1Password, but nowadays iOS and macOS have password management built-in. In iOS there is a dedicated Passwords section under Settings which it will to store existing passwords and to save new randomly generated passwords that it suggests when you create a new account.
By now you’ve definitely had your passwords compromised by a hack somewhere. For example Yahoo suffered a data breach where every single account was compromised. That data became available to purchase on the dark web, so if you use your Yahoo password anywhere else, a hacker can try to login as you with that password on another site. If your Yahoo password is different than your other passwords, your other accounts are safe.
Yahoo was just one data breach that went public, there are many others that we don’t know about, so you have definitely been the victim of password theft at some point and likely more often than you realize.
Long Passwords Are Better Than Complex Passwords
Your password where you took a word and replaced a few letters with numbers or symbols isn’t a good password. Hackers know these tricks all too well. For passwords that you actually need to remember (e.g. iCloud) you should instead use multiple random words or phrases that you can remember. Longer passwords take orders of magnitude more time to crack in brute force attacks than shorter ones.
Use Two-Factor Authentication
All of your most important accounts including banking, email and social media should offer two-factor authentication and you should enable it. If the site offers two-factor auth with an authenticator app instead of via text message use that instead (phone numbers can be compromised). iOS 15 and macOS Monterey will offer this built-in.
Freeze Your Credit
All of the major credit agencies (TransUnion, Equifax and Experian) offer the ability to freeze your credit. It’s easy to temporarily unfreeze it when you need to run a credit check. It is not safe to assume that your social security number is secure from bad actors.
I discovered this the hard way when an unemployment claim was filed in my name last year (and I wasn’t the only one). This was likely enabled by my SSN being made available through the Equifax data breach in 2017 that affected 148 million Americans, so this can definitely happen to you too (if it hasn’t already).
Don’t Click on Links In Your Email…
…unless you’re sure that the sender is legit. Phishing is the most common means of getting into your data. If you get an email saying that you need to log in for some reason, go to that website directly, don’t click on the link (unless you take the time to verify the domain name in the link first).
Similarly if you receive a phone call from someone claiming to represent your bank or something else important (first of all why did you answer a call from a number you don’t recognize?), hang up and call your bank directly using a number you know is legit.
