Security often feels like a daunting task. Who has time to spend hours locking down accounts and obsessing over everything on your phone or PC?
The truth is that you shouldn’t be scared of security. You can perform important checkups in a matter of minutes and your online life will be much safer because of them. Here are ten vital checks you can work into your schedule — do these every once in a while and you’ll be ahead of 90 percent of people.
1. Apply Updates for Everything
Everyone has clicked “remind me later” when prompted about an update. But the truth is that applying updates is one of the most important ways to keep your devices secure. When developers find a vulnerability in their software — whether it’s an operating system or app — patching it is how they fix it. By ignoring these updates, you open yourself up to vulnerabilities unnecessarily.
ICYMI, if you're on Windows, make sure you install this week's updates – important security fixes in there.
— Ian (@igcdc) October 11, 2017
For instance, the majority of victims in the May 2017 WannaCry attack were running out-of-date versions of Windows 7. Simply applying updates would have saved them. This is one of the reasons why Windows 10 automatically installs updates — and most other platforms do, too.
On Windows, head to Settings > Update & security > Windows Update to check for updates. Mac users can check the App Store’s Updates tab for the latest downloads. Android and iOS will both prompt you to download updates when they’re available. And when you open a program and see a prompt to update, do it as soon as possible.
Don’t forget about other devices, either. Updating your router, Kindle, Xbox One, etc. will keep you safer using those devices as well.
2. Update Your Weakest Passwords
Using strong passwords is vital for keeping your accounts safe. Short passwords, passwords you use on multiple websites, and obvious passwords are all easy targets for attack. We recommend using a password manager to set up strong passwords that you don’t have to remember.
Take this a bit at a time — start by changing your most important passwords like your email, bank, and social media accounts. You don’t need to change your passwords all the time, but you should keep an eye out for major breaches. If you’re affected by a leak, you only have to change one password to keep yourself safe. Tools like Have I Been Pwned? will check for your email address among breach data.
This extends to your phone, too. Don’t use something obvious like 1234 as your PIN, and you should probably stop using a pattern lock.
3. Review Social Media Privacy Settings
With insufficient social media controls, you could be unknowingly sharing information with way more people than you think. It’s important to take a few moments to review who you’re sharing information with.
On Facebook, visit your Settings page and click Privacy on the left sidebar. Review the settings here to change who can see your posts, who can contact you, and who can look you up using search. You should also review the Timeline and Tagging tab to change who can post on your Timeline and require reviewing of new posts.
For Twitter, visit Settings and click the Privacy and safety tab on the left. Here you can protect your tweets so they aren’t public, remove your location from tweets, disable photo tagging, and prevent others from discovering you.
Review our guide on how to make all your social accounts private for full instructions.
4. Check App Permissions
iOS has allowed users to fine-tune app permissions for years, and Android has implemented on-demand permissions in Android 6.0 Marshmallow and newer. Whenever you install an app, it will pop up and ask for access to sensitive data like your camera, microphone, and contacts when it needs them.
While most apps aren’t malicious and need these permissions to work properly, it’s worth reviewing them at times to make sure an app isn’t taking information it doesn’t need. And in the case of apps like Facebook, the absurd amount of permissions might make you want to uninstall it completely.
To review Android permissions, head to Settings > Apps (found at Settings > Apps & notifications > App info on Android 8.0 Oreo). Tap an app and choose Permissions on its info page to review all permissions that app has. Use the sliders to enable or disable any that you want to change.
iOS users can access an equivalent menu by visiting Settings > Privacy. Select a type of permission, like Contacts or Microphone, and you’ll see all apps that can access it. Use the sliders to revoke access.
5. Review Running Processes on Your PC
While you don’t need to know the exact purpose of everything that’s running on your computer, it’s a good idea to check what processes are active once in a while. Doing so will also help you learn more about your computer as you become more familiar with its workings.
On Windows, click the Start Button and search for Task Manager or use the shortcut Ctrl + Shift + Esc to open the Task Manager. On the Processes tab, you’ll see the apps running in the foreground. Below them are background processes, followed by system processes. Browse through and Google anything you see that looks suspicious. Just make sure you don’t terminate any vital processes.
Mac users can see running processes with the Activity Monitor. The fastest way to open it is pressing Command + Space to open Spotlight, then type Activity Monitor and press Enter. Have a look through the CPU tab to see what’s running on your machine.
While you’re at it, you should also review installed browser extensions. Malicious add-ins can hijack your browsing, and even once-innocent extensions get bought out and become spyware. In Chrome, go to Menu > More tools > Extensions and disable or remove any that look suspicious. Firefox users can find this list at Menu > Add-ons.
6. Scan for Malware
You might know when you have malware on your PC, but it could also be silent. A good antivirus scanner should catch most viruses and other nasty infections before they can get on your system, but a second opinion from an anti-malware scanner never hurts.
On Windows, nothing beats Malwarebytes. Install the free version to scan for malware of all kinds and remove it with just a few clicks. Mac users don’t need a dedicated antivirus unless they make stupid mistakes, but there’s nothing wrong with a quick Malwarebytes for Mac scan if you want confirmation.
If you find something particularly aggressive, try a more powerful malware removal tool.
7. Check Your Account Connections
Lots of websites allow you to sign in with another account’s credentials, usually Facebook or Google. While this is convenient since you don’t have to remember a separate login, having all those sites connected to one account is a bit worrying. That’s why you should review which sites and apps you have connected to your core accounts.
Check your Google apps by visiting Google’s My Account page, then click the Apps with account access in the Sign-in & security box. Click Manage Apps in the resulting panel to view them all.
Take a close look at these, especially if you’ve used a Google account for a long time. You should revoke access to apps you no longer use, and review the access that current apps have. Click an entry then hit the Remove Access button to toss it.
Facebook has a similar panel. Visit the Facebook Settings page and click the Apps link on the left sidebar. You’ll see apps and websites that you’ve used your Facebook account to log into — click Show All to expand the list.
Each app lists which audiences can see content shared from those apps. Click one for detailed permissions, showing what exactly that app can access. You can remove some permissions or click the X icon over an app to remove it from your account.
If you want to completely disable this functionality, click the Edit button under Apps, Websites and Plugins and choose Disable Platform.
You may also want to review apps you’ve connected to your Twitter account. Visit the Apps tab of your Twitter Settings to view them all. Click Revoke Access to remove any that you don’t use anymore.
8. Set Up Two-Factor Authentication Everywhere
It’s no secret that two-factor authentication (2FA) is one of the best ways to add more security to your accounts. With it enabled, you need not only your password but a code from an app or text message to log in. While it’s not a perfect solution, this prevents malicious access to your accounts even if someone steals your password.
The process to enable 2FA differs a bit for each service. To get you on your way, we’ve covered how to lock down the most important services with 2FA. Then, enable 2FA on your social accounts and gaming accounts to keep them safe. We recommend using Authy as your authenticator app, as it’s better than Google Authenticator.
9. Review Account Activity
Another tool that several sites offer lets you see what devices have logged into your account recently. Some will even send you a text or email when a new device logs in. You can use these to make sure that you know right away if someone else breaks into your account.
For Google, head to the Device activity & security events section of your account settings. You’ll see Recent security events showing new recent sign-ins and Recently used devices. Click Review Events for both and make sure you recognize all devices and activity. By default, Google will send you an email whenever a new device signs into your account.
Select an event or device to get more info on it. Clicking an event will show you its IP address and approximate location. If a device hasn’t had any Google account activity in 28 days, you can click Remove to revoke its access. Running through Google’s security checkup can help you review other important information while you’re here.
To check this on Facebook, visit the Security and Login tab of your account settings. Check the top Where You’re Logged In section and click See More to everywhere you’re logged into Facebook. Click the three dots next to an entry to Log Out or select Not You? if you suspect foul play.
Also on this page, ensure you have Get alerts about unrecognized logins enabled. This will alert you by text and/or email when a device logs into your account.
Finally, check your Twitter active session on the Your Twitter data settings page. Scroll down to Your Devices and Account access history to see where you’ve recently logged in.
You may have noticed several of these tips revolve around your most important accounts (Google, Facebook, Microsoft) and they’re the most important because an attacker could do the most damage with them. If someone got into your email, they could use the “forgot password” reset links on other sites and change any password that was linked to your email.
10. See Who’s Using Your Wi-Fi
Would you like it if someone was snooping on your home network? Certainly not. You hopefully have a strong password on your router so unauthorized people can’t connect. It’s worth a quick check to make sure that your neighbor didn’t figure out your password or something.
Follow our guide to checking your network for suspicious devices to do this. While you’re at it, you should test your home network’s security with free tools to see how secure it is.
Did Your Checks Unearth Any Issues?
Congratulations, you’ve just run through ten important security checks. They might not be fun or glamorous, but the steps you’ve taken with these will go a long way in keeping you safe. Now all your devices are updated, you know exactly what apps can access your accounts, and you’ve eliminated weak links in your security chain. That’s a big deal!
Unfortunately, none of these steps can help protect from corporate incompetence like with the Equifax breach. Learn what happened there and what you should do to protect yourself.
Which of these checks are the most important to you? What other quick checks are important? Tell us in the comments!