Privacy, Security
Top 5 Actions to Improve Your Personal Cyber Security
Feb. 11, 2022 (updated May 16, 2022) / My Data Removal Staff
This is part one in the Personal Cyber Security Checklist series. Part two is 5 More Easy Actions to Improve Your Personal Cyber Security. While the list of things you can do to improve your personal cyber security is quite long, this article will give you the top 5 things you can do that will be the most impactful. Over the course of the series, the actions we recommend take into account simplicity and impact. The most impactful and easy to implement actions will be earlier in the series. The end of the series will have the hardest to implement actions.
In the privacy and security world, there are a few terms you should know before we get started: zero knowledge and open source. Zero knowledge means that nobody besides you can access your data, not even the service or provider you are using (e.g. Dropbox can’t see your files). Open source, sometimes referred as FOSS (free open source software), means the source code for the service, program, or platform is accessible and free and can be inspected by anyone. This should mean there is nothing questionable in the code, and should also mean that you do not need to blindly trust that the service you are using is doing things right. Zero knowledge and open source services are sometimes not as convenient as the big, well-known options that sell or leverage your data (because they can put more money behind their offerings). These services might require you to change some of your personal habits and might even cost money. But these options provide the best security and peace of mind for those concerned about their online privacy and security.
Action 1: Use multi-factor authentication (MFA)
Definition: You change your settings so that when you log into a website or service, you need to enter one or more authentication items in addition to your password.
Why this matters: If someone were to get a hold of your login and password, they still wouldn’t be able to log into your account since they don’t have the additional piece of information needed. This makes your account more secure and harder to get into. Click here for more information about MFA
How to do it: The process for enabling MFA varies for each site. For most services, go into your settings, security settings, or something similar and select the multi-factor authentication or two-factor authentication option. For a google account, for example, you would go to myaccount.google.com and click on the ‘Security’ tab on the left, then in the ‘Signing in to Google’ box you would then click the ‘2-Step Verification’ option.
Depending on the service and their offerings, there are a number of options for MFA: Voice, text, email, an authenticator app, a physical security key, and a notification through a service-specific app. A physical security key is the most secure, an authenticator app is the next best option, followed by an app, and then voice/text/email. In short, even the least secure method (text or email) is significantly better than nothing. See our What Multi-Factor Authentication is and How it Works article to get a more thorough description
Action 2: Use a password manager
Definition: A password manager is a service and/or app that helps you to create, store, and manage all of your passwords and logins in one convenient location. A good password manager is open source and so is very safe to use. Password managers are very secure and should be used with multi-factor authentication.
Why this matters: This allows you to have complex, unique passwords everywhere. Your passwords can be so complex you don’t even know them, meaning it is very difficult for even sophisticated software to crack your passwords. When you don’t have to worry about keeping track of your passwords yourself, you will never reuse or lose a password again, making your accounts much safer. More information on password managers
How to do it: You first begin by creating an account with a password manager, then you add it to your browser and phone. At this point you will manually add all of the usernames and passwords that you already have. If you are creating a new account, let your password manager generate a password for you. Eventually, you will want to go through and change all your existing passwords using your password manager to generate to long, complicated, randomly-generated gibberish. At this point, you will be pretty well protected from someone trying to brute force their way into your account. In the end, you will get to a point where you don’t know the actual passwords for any of your services, except for the password manager. It knows all of your passwords so you don’t have to. And, of course, secure your password manager with MFA to protect the account. See our full article on How Using a Password Manager Helps Keep You Safe Online.
Action 3: Strive for unique usernames
Definition: Create a unique username or email for every site, service, or app you use.
Why this matters: If you use the same username or email address for all of your accounts, it makes it easier to hack into your other accounts. If your login information gets leaked once, then the bad guys will try that same login information with other services hoping to find a match. If you have a different usernames everywhere, it won't matter if the bad guys try your leaked information other places, since the unique username will only work at the one site it was created for. More information about unique usernames
How to do it: You will need to go and change your usernames for any accounts that you already have. When you create a new account, use a unique username or email address. You can use a random word generator, a login generator, or a password generator to help you come up with different usernames. If it has to be an email address, use a plus email address for sensitive accounts (financial, medical, etc.) or a masked email address for non-sensitive accounts (an online streaming service, an online subscription, etc.). A password manager also keeps track of usernames, which is another great reason why you should use one. Check out our detailed article on Why Unique Usernames are Best for Security and Privacy.
Action 4: Get your data off people search and data broker websites
Definition: People search sites know a ton about you: name, addresses, phone numbers, relatives, etc. Anyone who wants to can look you up on those sites. Data brokers sell your data (it's often marketing data). You can't always see what they know, but they usually know a lot.
Why this matters: Your data is likely on hundreds of people search sites and being sold by data brokers. If someone wanted to stalk or harass you, finding you on a people search site would give them lots of information about you: your full name, birthday, current address, previous addresses, phone numbers, emails, relatives, etc. You are also more likely to get spam or have your identity stolen or compromised when your information is all over these sites. More information about removing your information from the internet
How to do it: There are two options for getting your information off of these sites. The first is to do it manually yourself. We have created a DIY Data Removal Guide which has a list of these websites and details about the process. You have to visit each site and go through their removal process. It can take a long time. The second option is to pay for a service do it for you. This is why My Data Removal exists, to help you with the arduous process of getting your information off these sites. We check and remove your data from over 50 sites every month. We send you a report each month detailing what we found, where we found it, what information we requested removed, and where we didn’t find anything. We work to make it so that you are no longer on any of our covered sites.
Action 5: Use secure communication
Definition: The best types of communications are zero-knowledge messaging, voice, and video, meaning that only you and the recipient can read or access it.
Why this matters: Insecure communication can be shared or intercepted by anyone. Texts messages are visible to telecom companies and others with the right access or equipment. Even if we have nothing to hide, many things we text or say were not meant to be made public. More information about secure messaging apps
How to do it: You and the people you communicate with text, talk, and video over a privacy-and-security-focused platform like Signal or Wire. Unless someone has access to a phone or other device where you install the secure communication app, no one else has access to what you say, send, or receive. It can be a hassle to get others to switch apps or install a new app, but it’s worth it if you value privacy and security. This article goes into detail on Secure Communications for People Who Value Privacy and Security
Continue on two part two: 5 More Easy Actions to Improve Your Personal Cyber Security.