digital security checklist
Do you work or access important info from sketchy wifi? Here is a checklist of basic digital security best practices.
1. take advantage of OS updates
Device companies are constantly updating to close new threats in the cat and mouse game of online security. It is important to make sure your operating system is up to date.
Apple devices in particular have a reputation of being secure against malware and threats, but that protection must be kept up to date. Some people worry that their old device will get slower with newer updates, but since iOS 12 devices should actually see a performance boost. iOS 12 is supported on old devices (through 5s).
2. prevent apps from going rogue
Review the permissions you've given to each app, like microphone and GPS. This will make sure you don't have any apps that are listening or tracking your movements without your knowledge. Beware of free apps that need location data, they are probably selling it.
If you have an app you use occasionally that needs permissions you don't feel great about, toggle off the permission for now. Then, the next time you use the app, it should prompt you to reenable the permissions, keeping you safe in the meantime.
settings > privacy
settings > apps > [specific app] > permissions
3. get login peace of mind with 2-factor
For important accounts like your email, bank, or anything with customer data, turn on 2-factor authentication. This is sometimes called "multi-factor authentication", "one time use codes", or "2 step verification" which requires your password plus a code.
These codes can be sent to you via SMS or using a dedicated app like Authy (using a dedicated app is more secure). For most accounts, you can download a set of backup codes in case you lose your phone.
4. create secure passwords easily
Reusing the same password (or ones that are similar) for more than one site is a huge security risk. Use a password manager to generate and save unique passwords for every site.
Apple has a built in password manager or you can use an app like LastPass for cross-platform support. You can also use LastPass to share passwords with clients without emailing them (never email a password!).
5. protect phone number from hijacking
It has recently become easy for hackers to steal your phone number. This is more than an annoyance when you have accounts that allow you to use your phone number to reset an account or get a 2 factor auth code.
To prevent this, ask your phone carrier to add a "port out pin" or "port out block pin" to your account. This means you will need to provide this pin the next time you want to add or change a device on your account.
This article from Motherboard has examples of how to add protection on AT&T, Verizon, T-Mobile, and Sprint.
published dec 1, 2018