Online Privacy & Security Checklist

Recently, I posted about the important of using a password manager. The feedback I got from that post was overwhelmingly positive, and inspired me to draw together a checklist of things you can do to generally improve your security and privacy online. This is not an exhaustive list by any means, and items can be ranked from common sense to borderline paranoia but all will help to improve your online privacy & security.

  • Use a password manager – Generating and using secure, unique passwords is crucial for your online security
  • Enable two factor authentication – Not all online services support 2FA but you should use it where possible.
  • Check for SSL Certificates – Wherever you enter personal information, especially payment details like credit card information, check the connection is encrypted. This is normally represented by a green padlock somewhere near the bar where you enter the website address. If you don’t see one, don’t enter anything!
  • Secure your home network – You should be using a secure, unique, generated password for your home WiFi network in all cases.
  • Change the SSID – Do not keep the generic SSID which came with your router, choose a unique one you will always remember.
  • Hide the SSID – It is possible to prevent an SSID from being broadcast, whilst this provides no additional security it prevents the majority of people from identifying your network.
  • Never use public WiFi – It’s so easy to intercept traffic on a public hotspot. If you must use one, always use a VPN and never login to any accounts, especially online banking.
  • Passcode protect your mobile devices – On your phone or tablet, always use at least a 5 digit pin code.
  • Set a short passcode timeout – Always set your passcode timeout to as short as possible on your mobile devices.
  • Be wary of apps – It is very possible for apps to harvest data about you, including your location (Even on iOS) so be astute with who you trust.
  • Use PayPal – Rather than entering your card details on every website, use a trusted provider like PayPal where possible.
  • Use OpenDNS – It lets you choose where your browser URL’s are resolved. Also has the added benefit of stopping your ISP interfering with a 404 error page which is just plain annoying.
  • Have multiple online identities – Use one email address / username for things that matter, and another for less important things.
  • Use a password manager for security questions & answers – A common flaw in security is using a generic answer to a security question. Instead of actually giving your mothers maiden name, give the answer as a securely generated password and store it in your password manager.
  • Know how to identify rogue emails – Never enter a username or password after clicking a link in an email. Absolutely never enter any payment information after clicking a link in an email. No company will ever genuinely require you to give up your account details (username & password) to them, whether that is by email, or by phone.
  • Use antivirus software – Even on a Mac you can be at risk. Install antivirus software, update it regularly & make scans regularly.
  • Always backup – Ideally to more than one drive, in more than one physical location. If the worst happens, you need to be able to restore. Encrypt these backups.
  • Always update – Operating systems and Apps are being updated constantly. Always make sure you are running the latest versions of everything to be sure you have the latest security fixes.
  • Delete old accounts – Any account online that holds information about you is a risk, minimise this risk by deleting any accounts you no longer use.
  • Use fake information – Online marketers are constantly trying to harvest your information. Be wary of this, and only enter your true details on websites and in apps you really trust.
  • Install AdBlock Plus – A browser plugin which will make your web browsing experience quicker and websites a lot more pleasant to look at!
  • Install Ghostery – Browser plugin designed to block websites which track you across the Internet, this one is fairly new to me but it brings significant security & privacy benefits.
  • Install HTTPS Everywhere – Another web browser plugin which forces websites to use HTTPS if supported. At time of writing not available for Safari unfortunately, but other browsers are supported.

Footnote: This is just a small list of things that people in the tech industry do as standard every day, there will always be more you can do. Security and convinience often conflict with each other, only you can decide where the best compromise is for you. My suggestion is to always err on the side of caution and prioritise security.

Author: Sam

iOS Developer & blogger