It's a hostile world out there and your personal data is constantly being targeted from a whole host of angles. While you can't control the shoddy security practices of major corporations, you can minimise the risk of your private information getting into the wrong hands. Just as you do regular maintenance on your car, or home, and you go to the doctor just to check in, there are little habits you should form to keep you online life as safe and healthy as possible. Here are the seven we do regularly.
1) Check and change your passwords
Should one of your password and username combinations make it out on to the web at large, it's going to cause you far less concern if you've changed your password since the leak happened — it might seem like a chore but if you focus on four or five key accounts you can make yourself significantly safer in return for a few minutes of admin every month.
If you struggle to remember password combinations then there are a trove of excellent password managers to pick from that will do the job for you — we've written about some of them here — and you can even get secure passwords generated for you if you prefer. To check whether any of your important details have leaked out, visit Have I Been Owned?.
2) Check your account and device activity
Just about every online account in existence now has ways of letting you look up recent activity related to your account — for Facebook it's here, for Twitter it's here, for Google it's here, and so on. If you get the various pages you need bookmarked in your browser, and you're already signed into your various accounts, it doesn't take long to run a quick audit.
The specifics vary from service to service but you should see a list of recent logins and devices where your account has been authorised, as well as options to block any login or device you don't recognise. In some apps and services you can enable alerts (typically via text or email) that get activated whenever you or someone else logs in on a new device.
3) Check your connected apps
You might not have realised it, but many a hack comes through a third-party app connected to one of the services you use, rather than a breach in the defences of the actual service itself. What happens is you connect up an app to your Twitter or Facebook account, forget all about it, and then that app gets compromised by some malevolent hackers.
Third-party apps and add-ons aren't inherently dangerous and you're fine to keep using them, but don't use more than you have to — remove any older plug-ins or ones you've not used for a while on a regular basis. You should find an option to do this inside all of your accounts pretty easily, but here are the links you need for Twitter, Facebook, and Google.
4) Check what's running on your computer
As careful as you might be with what you download and install on your computer, breaches happen, and on top of whatever security software you've got installed, it's a good idea to occasionally check on what's running in the background on your PC. At the same time an audit of your installed browser extensions is probably a good idea as well.
Task Manager (search for it in the taskbar on Windows) and Activity Monitor (search for it in Spotlight on macOS) will give you a list of everything in memory on your system — run a quick web search on anything you don't understand, and do the same for any browser plug-ins and add-ons you either don't remember installing or no longer have any need for.
5) Check the permissions of your installed apps
Recent versions of both Android and iOS now let you manage permissions one by one for your apps — on Android open Settings then tap Apps & notifications, App info, and then the app of your choice to see the permissions; on iOS, choose an app from the main list in Settings, or select Privacy from Settings to see the permissions grouped by their type.
Both Apple and Google do a comprehensive job of keeping nasty apps out of their respective app stores, so you shouldn't get blindsided by a totally malicious app, but certain apps may be harvesting more of your personal information than you'd like. Most app developers now explain the permissions they need access to on the actual app listing.
6) Check who's connected to your Wi-Fi
Listening in on a web connection is a whole lot easier if you're on the same network as the device you're targeting, which is one of the reasons you should consider using a VPN at hotels and coffee shops. Log into your router's setting (find the instructions online or dig out the manual if you're not sure how to do this) to find a list of all the connected devices.
You might not be able to boot people off from the same screen but changing the Wi-Fi password will do the job — you can then reconnect all your trusted devices one by one. While you're at it, it's worth changing the default admin password for logging on to the router as well, just in case someone else tries to gain access to the device's options.
7) Check for updates
Update, update, update — getting the latest patches and upgrades installed is so important to the security of your devices that it's now very difficult to avoid applying them on Windows, macOS, Android, and iOS. It's still worth mentioning though, and still worth checking both for the operating systems you're using and the apps running on top.
Think beyond the obvious options too — is there a new firmware update available for your router (check the manufacturer page)? Is there a free upgrade to a newer operating system you can grab, reducing the risk of you getting caught out by malware targeting older vulnerabilities? The newer your hardware and software setup, the more secure you are.