How to lock up your digital life in less than an hour

Follow this simple checklist of best practices to protect your privacy and information without spending a cent.
Written by Charlie Osborne, Contributing Writer


Taking individual responsibility for your own privacy and safety in a world full of data breaches, vulnerabilities, and hacking is becoming paramount.

Hardly a week goes by when you don't hear of yet-another-company admitting to a data breach, and the consequences of being compromised can be extreme. In 2016, Linux Mint to Swift, the Trump Towers to strings of hotel chains all lost customer account information, which paved the way for potential identity theft and fraudulent transactions.

See also: These were the biggest hacks, leaks and data breaches of 2016

As we rely on different online services to do everything from check our bank statements to purchase our groceries, it can sometimes be difficult to keep on top of the security of our accounts, but now, we have to consider our digital assets, accounts, and services as important to protect as our physical bank card and IDs.

However, you don't need to spend hours upon hours to improve your personal security practices on the internet and tighten up controls for both your accounts and information as a whole -- if you know where to begin.

To get started, follow the steps below, which should take you little more than an hour or so -- a worthwhile investment when you consider how much frustration can be caused by compromised accounts, fraudulent transactions, and identity theft.

If you're truly interested in hardening the security of your devices and accounts, there is a range of gadgets on the market which can help you achieve this goal, but the practices below are a great way to start.

Not much time to spare? Check out this guide in pictures:

How to lock up your digital life and privacy in an hour (in pictures)

1. Haveibeenpwned

Before you can start locking up your digital life, it is worth knowing whether or not you are already compromised. By submitting your email address to Troy Hunt's Haveibeenpwned search engine, you can see whether or not any accounts linked to your email addresses have been caught up in data breaches, such as the Yahoo accounts breach or the 2014 LinkedIn breach.

Once you have entered your email address, you are also told whether or not your account information has been found in public paste documents online, which may have been sold or leaked to the public for anyone to exploit.

2. Password changes

If any of your accounts have been compromised or even if it has been a while since you've changed your credentials, you should certainly take the time to secure at least the most important ones with a fresh set.

Password lockers such as LastPass can take the stress out of remembering long, complex passwords, and you should make sure that none of your main accounts -- such as email services, Amazon, and social networks -- are using repeat sets.

If one is compromised, that could mean the rest of them are, too.

3. Two-factor verification

It may be a hassle, but introducing two-factor verification on your most frequently used accounts is worthwhile.

2FA is the process of adding an additional layer of security to an online account which springs into action when a new PC or mobile device is detected. The idea is that the additional step connects to something only the true owner of the account possesses; such as a phone number or additional email address.

When someone attempts to access an account with 2FA enabled, an additional code is sent to your phone, for example, to verify the attempt is legitimate. You can also enable 2FA so it only springs into action with new devices; saving you from having to input the code every time you want to check your email, for example.

The system, in various forms, now available on major services including Google's Gmail, Facebook, Twitter, and PayPal, takes a little time to implement but can be very important in protecting your privacy.

(Yubikey is also an option if you would like to harden your credentials through hardware.)

YubiKey by Yubico

Enable 2FA for:

4. HTTPS Everywhere

The EFF's HTTPS Everywhere is a browser extension for the Firefox, Opera, and Chrome web browsers. It takes no more than a few seconds to download, and once installed, will encrypt communication between yourself and major websites that have not yet introduced encryption by default.

By keeping these channels secure, cyberattackers will have a harder time spying on you and conducting attacks which could redirect you to fake websites.

5. Lock up your devices

It might seem a simple thing, but placing some kind of lock -- whether a PIN code or biometric fingerprint -- on your mobile devices can improve your privacy not only by preventing casual access, but giving you time to change your passwords and details for online accounts in the case of theft.

Try to stay away from easy codes such as "1234" and finger patterns that can be worked out quickly, if possible.

6. Turn off location tracking

On most mobile devices, there will be a 'location tracking' or 'GPS' option displayed in settings menus. While some apps, including mapping technologies and weather updates, need this geolocation data to run properly, whenever you do not have need of it -- turn it off.

There is no need for your mobile device to track your location unless absolutely necessary -- and it takes mere seconds to turn off the service.

7. Turn on automatic updates

Whether you are using a Windows PC, Mac, or Android smartphone, automatic updates are crucial to protecting your privacy. These over-the-air (OTA) updates will often contain security fixes for vulnerabilities which attackers can exploit to compromise your device, and so it is worth keeping them on to keep yourself as protected as possible.

(Learn about automatic updates for Microsoft and Apple PCs.)

8. Malware scanning

It is advisable to run the occasional antivirus scan on your system to make sure everything is above board. While internet browsers will often pick up suspicious files and malicious websites, by occasionally using a malware scanner, you can make sure that no malicious code such as spyware, adware, and more problematic Trojans, worms, and viruses are lurking on your system and potentially compromising everything you do.

Recommendations for free, lightweight software: Malwarebytes | AVG | Panda

9. Update your social media account privacy settings

If you want to keep your content for friends' eyes only or want to block and keep others from viewing pictures, images, and videos -- as well as stay off search engines, it is worth taking a few minutes to make sure your social network privacy settings are as you want them.

You can change settings including profile visibility, hiding messages, share content with specific groups of people and take control of others linking you to their content.

Privacy settings for Facebook | Twitter | Instagram

10. Have some time left?

While the suggestions above will help matters, if you have some additional time to spare and the inclination, you can also set up a secondary email address.

When signing up for online services, you are sometimes asked to receive third-party information and will be added to subscriber lists. To help keep your inbox clear, it may be worth setting up a free account to keep these message volumes under control.

For a more extensive privacy boost, it may also be worth the time to setup an email address left wholly unconnected with you purely for accounts which need your financial information, such as Amazon, delivery services, and online banking.

That way, should your main email account become compromised, you are keeping the financial keys away from the kingdom.

5 things you should know about VPNs

Trevor Hughes: How companies should prepare for GDPR:

Editorial standards