Cybersecurity is paramount as more and more devices get connected to ever-expanding networks and cyberthreats multiply exponentially, putting your privacy and vital information at risk compromise.
Note that there is no such thing as absolute cybersecurity. Networks are by their nature open in order to facilitate data transfer for communications. The very recent Vault7 revelations from WikiLeaks and the previous Snowden NSA leaks show that the CIA, NSA and other state intelligence angencies have certain ways around whatever walls you build around yourself. But regardless, there are many steps you can take to better secure your privacy, access and important information. If you’re going to get hacked, best make them work for it.
This page is meant to be a living resource and is subject to update as new and better cybersecurity measures are developed.
Last updated March 8, 2017
Part I: Securing your accounts
1. Take inventory
Make a spreadsheet of all your various online accounts to make certain you aren’t forgetting any and to track which one’s you’ve secured.
Whether it’s for banking, credit cards, social networks, message boards, shopping or whatever, keeping comprehensive track of who has your information will help keep the process of securing your digital footprint much saner.
Mark them with a color or a label or something as you lockdown each one over the course of the following steps.
2. Setup a password manager
A password manager is key to securing your account logins.
Obviously, it’s a completely terrible idea to use the same password for everything, even though many, many people make this mistake. But nobody wants to write down or otherwise record a different password for each of their accounts. Not only is this really tough to keep track of, it’s also really unwise as hackers would only need to find your repository of passwords to potentially own your entire life.
The LastPass password manager extension for your browser – along with the mobile app on your phone – is the perfect solution. The beauty of LastPass, aside from being a free password manager (many other services cost) is that it encrypts all your information on the server side. So even if someone cracked LastPass’ server, they still wouldn’t be able to get at your stored information.
It also means you don’t need to remember all the random passwords you’ll be setting up in the next step. LastPass can store them all for you in a safe and secure way.
The only password you’ll need to remember – and this is really important – is the master password for LastPass, as the app and plugin only works when you’re logged into it. If you forget or lose this password, you can recover access, but it’s a huge pain. Make the master password something strong that you can memorize.
All that said, just signup for a LastPass account and it will step you through the process. LastPass has lots of great features and it’s simple to organize and categorize your various online accounts by type.
When installing the LastPass mobile app on your phone or tablet, it may prompt you to allow app form-fill. Definitely enable this as it will store and fill-in login information for apps as well as websites in the browser.
3. Strong passwords
Now that you’ve got a list of accounts going and a password manager to make your life easier, it’s time to assign new passwords to all of your logins.
As already mentioned, it’s vitally important that your passwords all be different. But it’s even more important for them to be complex, to the point where it’s unlikely you’ll ever remember what it is. Too many people use password1 or 12345 or their birthday, street address, school name, etc. Any password based on dictionary words is too easy for hackers and password cracking tools to break.
I recommend using Strong Password Generator to create new passwords. Alternative, you can use LastPass’ generator, but I prefer this one because the new randomly generated password will stay up on the screen for you, giving you ample opportunity to make certain both the website in question and LastPass have actually stored it.
If the password doesn’t conform to a particular website’s security rules, randomly generating a different one usually produces a very strong password that works. You’ll have to go down your entire list of accounts, logging into each one and using the password settings to reset your login information. This can be a lengthy task, but it’s well worth it.
Each time you assign a new password, LastPass will offer to save the account. Definitely say yes, then logout of the account and try to login again to insure everything is working.
Mark each account you secure in your spreadsheet until they’re all locked down and stored in LastPass.
4. Disable browser login keys
Many browsers, like Firefox and Chrome, save your login information for most websites unless otherwise specified. Now that you’ve assigned strong passwords to everything and they’ve been successfully stored in LastPass, it’s wise to turn off any competing attempts to save your passwords.
First, this centralizes where your passwords are stored to a single secure location. Secondly, it’s likely lots of old passwords are hiding in your browser’s keychain and there’s a danger of them attempting to override the information stored in LastPass.
It’s just best to kill off any potential conflicts.
In Chrome, go to Settings > Show advanced settings > Passwords and forms and uncheck “Offer to save passwords with Google Smart Lock for Passwords.” Additionally, click “Manage Passwords” and delete every single entry in there.
5. Setup two-factor authentication
Not every website or service has two-factor authentication (2FA) just yet, but most big services do.
2FA is another layer of security where once your login password is entered, the website texts an additional verification code to your phone, which you must enter before proceeding. This insures that only those in physical possession of your smartphone can login to your services. This, ostensibly, confines the only valid user to you.
Login to every website on your list – which you can now easily do with LastPass – and check the account security settings for two-factor options. EFF has specific guides for major websites. If the feature is available, input your smartphone number. Mark each account on your list where 2FA is enabled.
A great 2FA app for your phone is Google Authenticator, which you should use wherever available.
6. Address Facebook
As you went through your list of accounts, you may have noticed several use your Facebook account to login.
Having everything tied to a Facebook account is certainly convenient, but it’s also an additional security risk and a challenge to lockdown. But there are certain services that require either Facebook or Twitter to login, so you may have to resign yourself to it in some cases.
Mark everything in your spreadsheet that uses a Facebook login. If Facebook is secure with a strong password stored in LastPass, these accounts are secure as well. Just don’t leave yourself logged in on unsecured devices or those you don’t own.
Part II: Secure your devices and networks
Now that your various online accounts are secured, protecting your desktop, laptop, smartphone, tablet and home wireless network is the next vital step.
There’s a vastly threatening ecosystem of malware lurking out there that can takeover your computer, steal your information or just straight up spy on you. It’s especially exploded across the mobile landscape, putting an increasing number of devices at risk.
1. Install anti-malware
For desktops and laptops, MalwareBytes has free and paid versions for Windows and Mac. Both are very good. The paid version, for about $40, might be worth it for lifetime updates and round-the-clock system monitoring. But the free version works in a pinch and is effective you stay on top of running scans for malware and rootkits. There’s also a mobile version that’s worth installing.
For Windows machines, the Windows Defender comes with all modern versions of Windows like 7 and 10. Make certain it’s enabled.
There’s an argument to be made that expensive antivirus suites are pretty worthless in terms of keeping up with the slew of new threats appearing literally every day. But it also doesn’t hurt to have one. If you’re interested in the many protections one of these big programs can provide, splurging for Symantec Endpoint Protection isn’t a bad way to go.
2. Enable biometrics
If your smartphone, laptop or tablet supports biometric access, use it. The app version of LastPass will usually ask you to set this up. Unlocking the phone with a fingerprint swipe takes a little getting used to and might be annoying at first, but it’s far more secure should you somehow lose your device.
3. Secure your router
Make certain your router has a strong password as well, something stored and remembered by your devices but one that’s not publically available or easily broken.
If you’re like me and have frequent visitors who need my apartment’s wifi, you can setup a Guest network most of the time.
These instructions will vary among various wireless routers. It’s okay to ask your ISP for help too if they provided it to you.
4. Configure the firewall
Make certain your firewall is activated and running on your Mac or Windows laptop/desktop.
Part III: Secure your communications
Now that your accounts and devices are secured, it’s time to secure your data transmissions. Whenever you browse the Internet, send texts or send emails, it’s possible for hackers to intercept those communications. There are ways to make your daily communications more secure with some simple apps and tools.
1. Secure your browsing
For your daily browsing activities, at the very least it’s suggested you install HTTPS Everywhere, a browser extension and mobile app that enforces the use of the HTTPS protocol, which is more secure than the standard HTTP.
For more robust browsing protection, The Onion Router (TOR) is slow-ish but effective for masking your online activities from prying eyes. Simple download the installer and it will setup a Firefox browser instance configured for super secure encrypted Internet connections. You don’t have to use TOR for everything, but it’s great for browsing you really don’t want to have tracked.
To really secure your online activities, using a VPN is suggested. It routes the connection in such a way that your IP address can’t traced. For mobile, the aforementioned [Lookout app] ](https://play.google.com/store/apps/details?id=com.lookout&hl=en) has a VPN. Otherwise, for every other kind of connection on laptops or desktops, a service like Spotflux is free and fast as far as VPN connections go.
2. Secure your texting
Telegram is a great all-purpose messaging app that provides secure communications for virtually every platform.
A great alternative is WhatsApp, which has end-to-end encryption and many other great features like archiving conversations and side-stepping international texting fees. It’s perhaps the most popular secure texting and messaging program and it automatically finds other users among your contacts.
3. Secure your emails
Gmail has pretty good security, but if you need additional security that includes encryption, there are a few tools you can implement.
The first is Pretty Good Privacy (PGP), which is a type of encryption that involves a pair of keys – one public and one private – to encrypt messages that only people with the key can decrypt.
PGP can be complex for the layperson to setup, but there’s a simple solution for browsers in the form of Mailvelope where you can easily generate new keys, encrypt emails and other online text fields.
The main drawback with Mailvelope is that it’s only for webpages and webmail. If you’re using Outlook, Thunderbird or another local email client, there are detailed instructions for both Mac and Windows.
If you really need secure email communications, using ProtonMail is free and allegedly the only email system the NSA can’t hack1.
4. Secure your web searches
Whether Google is evil or not is up for debate. That Google is ubiquitous, omnipresent and mining every detail of your data for marketing purpose is not up for debate.
This isn’t meant to deter you from using Gmail, Google Docs or its multitude of other awesome, free services. Google at least make an attempt to transparently share what information it’s collecting about you.
Regardless, it’s probably a good idea to keep Google from knowing everything you’re searching for, ever. While 99% of your searches probably won’t raise any eyebrows, sometimes things can get taken out of context (there was once a writer for a TV murder-of-the-week procedural whose searches were made public, landing him at the center of suspicion and outrage).
To avoid being tracked every step of your online research, a secure, anonymous alternative to Google Search is DuckDuckGo, which claims not to collect anything on its users.
Part IV: Secure your personal information
Your accounts, devices, networks and communications should be far more secure now than they were upon starting this tutorial.
There are many background check information aggregators online, and chances are your personal information, including birthdates, phone numbers, addresses past and present, and much, much more is listed on there, sometimes for free but often for a price.
It’s hard to control whether you show up in these databases as lots of it is purchased information from both public and corporate sources. But there are ways to have yourself removed from many of these sites3 with enough time and patience.
Wiping yourself from the face of these databases can help mitigate the damage should troll armies try to dox you, order a million pizzas or a SWAT team to your house or otherwise try to wreak havoc upon your life.
To keep Google Analytics from tracking you, install this browser extension.
This is a list originally collected from reddit, complete with links to opt-out pages. Good luck.
Intelius.com* - Opt-out
Acxiom.com - Opt-out
MyLife.com - To request that a Member Profile or Public Profile be deleted, please contact Customer Care at 1-888-704-1900 or contact us by email at firstname.lastname@example.org. Upon receipt of these requests, and confirmation that you are requesting that your own profile be removed, please allow MyLife 10 business days to complete this removal. It may be necessary to contact you to validate that you are the profile owner requesting the removal. This is to ensure the correct identity and profile ownership before completing these requests, and is for the protection of our users and their privacy.
Zabasearch.com* - Opt-out
Spokeo.com - Opt-out
BeenVerified.com - Guide to opt-out
Peekyou.com - Opt-Out
USSearch.com* - Opt-Out
PeopleFinders.com - Opt-Out
PeopleLookup.com* - In order for PeopleLookup to suppress or opt out your personal information from appearing on our Website, we need to verify your identity. To do this, we require faxed proof of identity. Proof of identity can be a state issued ID card or driver’s license. If you are faxing a copy of your driver’s license, we require that you cross out the photo and the driver’s license number. We only need to see the name, address and date of birth. We will only use this information to process your opt out request. Please fax to 425-974-6194 and allow 4 to 6 weeks to process your request.
PeopleSmart.com - Opt-Out
PrivateEye.com - Opt-Out
Whitepages.com - Opt-Out
USA-People-Search.com - Opt-Out
Spoke.com - Opt-Out
PublicRecordsNow.com - Still determining how to remove…
DOBSearch.com - In order for us to “opt out” your public information from being viewable on the public DOBsearch People Finder search results, we need to verify your identity and require faxed proof of identity. Proof of identity can be a state issued ID card or driver’s license, or notarized letter. If you are faxing a copy of your driver’s license, you may cross out the photo and the driver’s license number. We only need to see the name, address and date of birth. Please fax to 516-717-3017 and allow 4 to 6 weeks to completely process your request. It is your responsibility to ensure legibility of your document
Radaris.com - Opt-Out
LexisNexis.com - Opt-Out
**Pipl.com - Opt-Out (Note on Pipl: this is a search engine that draws upon data from all the above sources. If you cleanse yourself from the other databases, your information fades from Pipl)