[Note: See the latest list for 2021 here.]
2019 is almost gone and 2020 is upon us. You know what that means: New Year’s Resolutions! I’ll let you worry about signing up for a gym membership or quitting smoking or whatever… I’m here to give you concrete steps you can take next year that will significantly improve your computer security and online privacy. You don’t have to do all of these at once. You don’t have to do all of them, either. But I challenge you to do as many of these are you can in 2020!
[This would be an excellent article to share with others. Please forward to anyone you feel could benefit from this info.]
1) Use a Password Manager
Humans suck at creating passwords. We just don’t have the mental capacity to remember good passwords. This leads most people to using a few choice passwords over and over again. Maybe you even have a little system to make each one slightly different. I’m here to tell you that’s not good enough. To do this right, you have to use a password manager. You shouldn’t know any of your passwords – except the master password to your password vault. You need long, crazy, random and unique passwords for each website or account. That includes social media and email accounts.
And once you’ve done that, you should set up two-factor authentication on your most important accounts. This is a huge improvement in your account security. Don’t skip this step.
2) Back Up Everything
Much of the digital media we buy today can be readily re-downloaded whenever necessary. Music, movies, games, apps, etc. However, there are some digital files which cannot be replaced if lost: family photos, scanned artwork from your kids, home videos, financial documents, and personal files. These may be on your computer or on your smartphone. But if the device fails or is lost, stolen, or damaged, those files are gone forever.
Experts recommend the 3-2-1 backup strategy: three (3) copies of anything important, on two (2) different mediums, with at least one (1) offsite. So that would be one original copy (the one you have now), one backed up to an external hard drive, and one backed up to the cloud. I go through all of this in my book, but the simplest solution is cloud backup. I prefer BackBlaze. For $60/year, you can get unlimited backup of one computer, including file versioning. You can even try it for free. Note that the initial backup could take weeks, but after that, only changed files will be backed up.
3) Secure Your Home Network
First of all, if you have a combination modem/router from your internet service provider (ISP), I would get your own WiFi router. Some providers (like Xfinity) actually let strangers access your WiFi, which just bothers me. But if they own your router, they could technically see any network traffic in your home and access any devices on your network. You don’t need a fancy one, but choosing the right one will depend on several factors.
Note that even if you have your own WiFi router, if it’s more than 3-4 years old, you should consider getting a new one. Modern routers will have better security and hopefully have the ability to auto-update their software.
Second, you need to be smart about your “smart” devices. If you aren’t using the smart features (like on a smart TV), then don’t even connect it to the internet. TVs in particular are really bad about spying on you. Try an Apple TV instead for accessing things like Netflix, HBO Now and Amazon Prime Video. And for the rest of your Internet of Things (IoT) devices, you should put them on your guest network to isolate them from your computers and smartphones.
Finally, be sure to change the default passwords on any smart devices you have, particularly your WiFi router. If any infected device or rogue app gains access to your network (including a visiting friend’s laptop or smart device), any device with a default password is vulnerable to being hacked. Click here for more info on IoT security.
4) Update Everything
All software has bugs. And bugs can be exploited by bad guys to spy on you or conscript your devices to do nefarious things without you even being aware. So software makers are constantly pushing out bug fixes. To get those fixes, you often need to take action. Most modern computers and smartphones can be set to auto-update. I recommend you do that, or at least have it notify you when updates are ready.
IoT devices are trickier. While new laws should help make new devices more secure, many existing devices are horribly insecure and some can’t even be updated. As you move these devices to your guest network (see above), check to see if they have pending software updates. You’ll probably need to check the manufacturer’s support web page for each device. If you find an option to auto-update, enable it. And if your device has no way to be updated, seriously consider replacing it with a modern device that has this capability.
5) Spring Cleaning
This is a simple but effective step to increase your security and privacy. Go through all the applications on your computer, smartphone, tablet, smart TV or streaming box and delete anything you are not using. Software has bugs. And if it’s a really old app, it may have bugs that will never be fixed. If you don’t need it, remove it.
For the apps you keep, check all privacy settings (like “personalization”, “ad preferences”, “data sharing” and so on). Turn off as much of this as you can.
6) Switch to Firefox
While Safari on Mac is pretty good for privacy and security, Firefox is (in my opinion) better overall. If you’re on Windows, it’s way better than Edge. And while Google’s Chrome is fairly secure, it’s a privacy nightmare. NIGHTMARE. Ditch it immediately. This article will explain in more detail, and also tell you which privacy and security plugins I recommend you install.
And back to the previous step: check all your installed browser plugins. If you’re not using it, disable it. And if you don’t miss it, then remove it. If you need convincing, check out this article about a recent Avast/AVG plugin travesty.
7) Make the Switch
It’s important that we embrace and support new companies and services that offer better security and respect your privacy. Conversely, it’s also good to eschew those products and services that have violated our trust or have shown a total disregard for your safety.
One of the worst offenders, by far, is Facebook. They have demonstrated time and time again that they put their profits ahead of your privacy. I know it’s hard, but if you can, ditch Facebook. Unfortunately, there isn’t really a replacement service yet. Using secure and privacy-respecting messaging apps and email are your best options. Try Signal for messaging and ProtonMail or Tutanota for email. (WhatsApp is also owned by Facebook.)
Ditching Google can be a lot harder, but I would if you could. I’ve found that Fastmail and Mailbox.org can replace Google email, calendar and contacts very well. And Mailbox.org can even replace Google Docs. Note that these services cost money. That’s a good thing! DuckDuckGo is your best replacement for Google Search.
The reason many products are so cheap and many web services are “free” is because they’re monetizing your info. Privacy usually costs more money, but not a lot. Paying for privacy helps the market move in the right direction.
8) Get Informed
There are several very informative books you can read and movies you can watch to learn more about cybersecurity and privacy in particular. Most of them are also very easy to consume and are even entertaining. You might also enjoy perusing some informative websites or listening to podcasts. Check out my resources page for a list of my favorites.
9) Get Involved
This one will be easy to dismiss, but don’t. You don’t have to stand on a soapbox with a megaphone to get involved with causes like data privacy, net neutrality and mass surveillance. You can start by just attending a local town hall – city, state or federal. See where your representatives stand on issues that matter to you. Writing your representatives can also be very effective. Not sure what issues you care most about? Check out what groups like the Electronic Frontier Foundation or Center for Democracy and Technology are doing.
And if you find that you just cannot make time to get involved, then give money to groups that are already out there defending your rights and fighting for worthwhile causes. See this article for more information, including a list of organizations you might consider giving a little money to.
Here’s one more thing you can do… if these organizations send you a hat, T-shirt or sticker for your donation, wear it or display it where others will see it. It will raise awareness and may cause others to donate. Even if it just sparks a conversation, that’s a good thing. We need to discuss and debate privacy and cybersecurity much more than we currently do.
Your New Year’s Resolutions List for 2020
So those are my suggestions for your 2020 New Year’s Resolutions. Take these suggestions and try to schedule them throughout the next year. If you have already done some of these, then make your goal to help someone else do them. The more of us that take these steps, the safer we will all be.
If you want to go further, or perhaps find different goals for this year, check out Firewalls Don’t Stop Dragons. It has over 150 Tips for improving your security and privacy, with step-by-step instructions and pictures. It will also help you understand why all these steps are so important.
Finally, if you want to hear me explain a lot of the above, check out the podcast version of this article. Remember to share this article with others, too!
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!