With the new year almost upon us, it’s time to sit down and draw up a few New Year’s resolutions. You might want to hit the (home) gym more, check a few travel goals off your list (even if they may be virtual), or stay in closer touch with friends and family.
We have a few cybersecurity-related resolutions that you may want to consider adding to your list if you haven’t done them already.
Check out these cybersecurity New Year’s resolutions for 2021:
- Wear a face mask
- Use a privacy-friendly browser like Brave or Firefox
- Use a privacy-friendly search engine, too
- Message securely with an encrypted messaging app (and get others to use it)
- Navigate with an open-source maps app
- Send and receive emails with a secure email provider
- Use strong passwords and store them in a password manager
- Update your devices
- Delete apps you no longer use
- Get rid of your old hardware (without leaving data on it)
- Use HTTPS Everywhere
- Avoid connecting to unsecured public Wi-Fi hotspots
- Be more careful about what you share online
- Think twice before clicking that email link
Even with the rollout of vaccines expecting to loosen the pandemic’s grip on the world, many of us will probably continue the practice of wearing face masks in the coming year. Face masks have also proven to be a new challenge for CCTV cameras that rely on a full face to recognize people’s faces.
On top of being a must-have item for the coming year in countries that are struggling with the virus, wearing a mask also helps you evade invasive surveillance measures like facial recognition. It’s not just face masks; check out these other anti-surveillance accessories.
We use web browsers all the time to access our emails, stream TV shows, frequent our favorite blogs, and shop online. Some browsers also allow advertisers to track your every movement online by default—ever get some eerily relevant ads following you around?
To stop advertisers in their tracks, use a privacy-oriented browser like Mozilla’s Firefox, or Brave, which block ads and web trackers on your browser by default. In our review of the most popular browsers, the Tor Browser came out on top, but Firefox and Brave felt better suited for daily use.
It’s all very well using a privacy-oriented web browser, but if you’re using a search engine like Google, you are at risk of having your browser history, contacts, ads you interacted with, shopping purchases, metadata, social media updates, and more, recorded by Google.
Google isn’t shy about it either, noting in their terms of service that they collect and analyze your metadata to show you more targeted ads and enhance your online experience.
When it comes to private browsing, you can take advantage of a logless search engine like DuckDuckGo, Qwant, and StartPage. The EU has already started chipping away at Google’s monopoly as a search engine on mobile devices, and France has traded Google for Qwant as the country’s default search engine.
Fortunately we have the option to choose from several messaging apps that use end-to-end encryption, which prevent anyone except you and the intended recipient from seeing the messages’ contents. We recommend getting Signal because it has the most secure messaging protocol of the lot, is end-to-end encrypted by default, and is entirely open source so its security can be vouched for. It can also hold encrypted group video chats with up to five people.
You already know by now that Google knows a lot about you, from your search history to everything you ask your voice assistant. The same goes with its Maps app.
Perhaps the most comprehensive open-source alternative to Google Maps is OpenStreetMap (OSM), a “free, editable map of the whole world … built by volunteers largely from scratch and released with an open-content license.”
One such map app that uses OpenStreetMap is OsmAnd (not to be confused with blogger extraordinaire Osman). OsmAnd is a mobile-only navigation tool that provides traffic information, public transport details, and cycling routes for commuters and travelers alike. Users can view information like hours of operation for shops and restaurants. It’s also possible to create and store your routes on its app.
Gmail may be the world’s most popular email service, but that doesn’t mean it’s the most secure. In fact, Google’s admitted to having read users’ messages in the past to better serve them ads. While the practice has apparently stopped, this power to do so with supposedly secure messages in the first place is enough to cause concern.
Fortunately, there are other email options today, like CounterMail, ProtonMail, and Mailfence, which offer both free and paid versions of their services, should you wish to bump up your service with extra features.
Read more: How to improve your email security
You’ll have heard this before, but “password” is NOT a good password. Neither is your name, date of birth, nor your hometown. Make your passwords more difficult to guess—such as by using a random password generator—and store them in a password manager. That way, you’ll only need to remember the password for your password manager. Just don’t write it down somewhere that everyone can see, like a post-it on your monitor.
You should also be using two-factor authentication (or multi-factor authentication) to give your accounts an extra layer of privacy.
Read more: ExpressVPN guide to stronger passwords
We know it’s a pain, but updating your devices will help protect you from malware, software bugs, and zero-day exploits. Just update them, and while you wait, enjoy a break from the screen, too (looking at another screen does not count). After the update, check to see if your device or app’s privacy permissions have been changed, and tweak them to your liking.
Facebook no longer sparking joy? Stopped using apps and services you signed up for, or have forgotten about? Just Delete Me has a useful aggregate of websites and services that helps you figure out if you can delete your various accounts. We also have guides on how to delete your accounts, from Google and Facebook to Tinder and even Pokemon Go.
- Delete these now: The worst apps for privacy in 2020
- Maybe it’s time to dump social media, just for a little bit
People generally go to great lengths to protect data, but devices age and don’t last forever. When we need to replace them, we often don’t think about what happens to the data that is still on the drive, and how people might be able to access it.
Inside your computer is a hard disk drive, or HDD that’s coated with a magnetic metal layer, similar to a CD or vinyl record, and is read by a sensor. They are very sensitive, and can persist on them in various ways. When getting rid of old hard disks, it’s important to make sure no one else can access the data on it.
Fortunately, there are a variety of options to wipe HDDs, the most reliable of which is a combination of digital and physical tools. To be extra sure about leaving no trace, you will need to render the drive unusable physically. That is, smash it!
If a website uses HTTPS (indicated by the green lock in the browser bar), that means the data between your browser and the website’s server is encrypted.
Most sites have this by default, but there are still websites that do not offer this basic HTTPS encryption, exposing your data to your ISP, your server’s ISP, your Wi-Fi router/operator, and any entity between your ISP and the server’s ISP.
With the EFF’s HTTPS Everywhere extension (available for Firefox and Chrome, and included with the ExpressVPN browser extensions), you can ensure all of the data traveling between your browser and a website’s server is encrypted. You can cross this resolution off in seconds.
There may be a lot of public Wi-Fi hotspots to latch your device onto for free access to the internet. But that often means your online activity is at the mercy of the Wi-Fi provider, which, if unencrypted, could expose your traffic to anyone.
Aside from using a VPN to protect yourself on public Wi-Fi, make sure you’re not automatically connecting to these networks, use data if you can, and avoid submitting sensitive information like your credit card on public Wi-Fi networks.
- What information passes through mobile Wi-Fi networks
- How public Wi-Fi comes at a price to its users
- How to use a VPN to protect yourself on public Wi-Fi
Sometimes you share what you’re up to on Facebook and Instagram or shout into the Twitter void. Be aware though that when you do, there is always a chance that someone can figure out what you’re doing, where you are, and who you’re with.
A lot can be done with that information, not least to phish you, or target you with a social engineering attack. Go through your photos and make them private on social media, or delete your posts altogether if you think they give too much away.
All the security in the world can’t help you if you fall for a phishing attempt. Learn how to defend yourself against phishing attacks and when to question requests for your passwords and credit card information.
- Tips for avoiding holiday scams
- Staying private and anonymous online is in your best financial interests
What are your New Year’s resolutions for 2021?