The SaferSec Top 10 Checklist

  1. Install software updates immediately.

  2. Use a password manager to generate unique, secure passwords for every site. 

    • 1Password, Lastpass, and Dashlane are popular managers to use.
    • Create a pass SENTENCE (instead of a passWORD) for your password manager. Include some punctuation, numerals, and maybe a made-up word.
    • When sites ask you to answer security questions (what’s your favorite food? what street did you live on growing up?), use the password manager to generate unique answers to those questions and then remember the answers. (Your mother's maiden name should be something like "etiolog-juryman-saintly" or "2sXejySBou6mfJCk.d@e")
  3. Encrypt your hard drive, phone, backup drives, and all USB / flash drives.

    • VERY IMPORTANT: When you encrypt a flash or USB drive, you will erase all the data on it. So if you need the data, first copy it to your hard drive and THEN encrypt. Then move your data back. 
    • Store the decryption passwords in your password manager.
    • Macs offer encryption through the security panel. For Windows, BitLocker is a commonly recommended add-on app.
    • iPhones are automatically encrypted; however, you need to set a passcode to access your phone.
    • On most Android phones, you have to manually turn on encryption. 
  4. Set a secure passcode for your phone.

    • Turn on auto-lock – so your phone automatically re-locks after a bit of inactivity. 
    • on iPhones, use a 6-digit code instead of 4. If you REALLY want to be secure, you can create a full passphrase that includes characters and digits. However, most people find that this is far less convenient. 
  5. Use a virtual private network (VPN).

    • This helps guard your internet usage especially when you use shared WiFi networks (like in a coffeeshop, on an airplane, or in a hotel).
    • PIA VPN is a popular servic e that works on up to 5 devices for about $40 per year (https://www.privateinternetaccess.com/)
  6. Turn on Two-Factor Authentication (2FA) for systems that contain sensitive information or that can be used to reset passwords for other accounts.

    • Gmail (Google), Evernote, Dropbox, and Apple are prime candidates for 2FA.
    • ALWAYS SAVE THE BACKUP CODES – you can store them in your password manager. In case you lose your phone, you use the backup 2FA codes to sign in until you set up a new phone. 
    • Use Google Authenticator App instead of SMS whenever possible. Google provides a great resource on how and why to use 2FA: https://www.google.com/landing/2step/
  7. Add a secondary access / password code to your wireless account to help prevent account takeovers.

  8. Install and use antivirus software.

  9. Don’t click on links in email or SMS and don’t give any information to anyone who calls you. Don’t open attachments unless you’re expecting them and know who they’re from. 

    • This can help prevent accidentally installing malware on your computer, and from being tricked into signing in to a phishing site. It’s an oversimplification but it’s a fairly simple rule to follow.
    • But any time you need to use your bank, email, or, really, any type of account, type the address into the browser's address bar yourself.
    • If someone calls you (claiming to be from your bank or similar), hang up, find the bank's number, and call the bank back to verify.
  10. Use more-secure messaging.

    • SMS is basically not secure at all.
    • Signal by whispersystems (https://whispersystems.org/) is quite secure and doesn’t store information about your communications on its servers.
    • WhatsApp is also a reasonable option; it is encrypted, although lots of metadata about your conversations is presumably stored on Facebook’s servers.