The New Oil

Every year, I like to remind everyone to go back to the basics. For those who are new to privacy and security and may be trying to create some new, positive habits, this serves as a great entry point. For veteran privacy enthusiasts, the basics form our foundation for more advanced techniques later, making it imperative to ensure we cover all those bases. So in that spirit, let’s all pause – wherever we are in our privacy journeys – to do a quick check and make sure we’ve got the basics covered. If you’re one of those new people I mentioned, welcome! But also know that this post is packed with information, so try not to get overwhelmed. Maybe bookmark this post and do one thing per day or something like that. As the classic phrase says, “you eat an elephant one bite at a time.”

Strong Passwords

The foundation of your digital security starts with robust passwords. Create passwords that are complex and unique for each account. Incorporate a mix of uppercase and lowercase letters, numbers, and symbols. Avoid easily guessable information such as birthdays or names. According to experts, the single most important thing you can do to protect your online life is to use strong, unique passwords on each account. You can get more information on passwords, passphrases, and recommended password managers here. I also discuss Passkeys – the new passwordless login standard that launched last year and if you should use it.

Multi-Factor Authentication (MFA)

Enhance your security by enabling MFA wherever possible. According to Microsoft, MFA stops 99.9% of unauthorized account access. MFA adds an extra layer of protection by requiring you to verify your identity through a second method, such as a text message or authentication app. This ensures that even if your password is compromised, an additional step is needed for access. You can get more information on the different types of MFA and which apps I recommend here.

Regular Software Updates

Software updates often include patches for security vulnerabilities, making it crucial to stay current and protected against emerging threats. Back in the day, updates would frequently break things, so people would often wait a significant period before applying them. These days that’s pretty rare and with very few exceptions, you should always apply updates as quickly as possible. Thankfully, most devices nowadays have automatic updates enabled by default. Still, this is a great opportunity to take the time to check your various device settings to ensure automatic updates are enabled where offered.

Secure Your Wi-Fi Network

The internet brings us lots of great things, but also lots of risks. Therefore, it’s important to secure your home network. Yes, this is unfortunately a common risk you must be aware of. A compromised router can be used to mine cryptocurrency (spiking your power bill and reducing your performance), help attack other users and services via botnets, or worse. Some basic advice includes changing default passwords for both the router and WiFi itself, creating a separate guest network for IoT devices, and keeping your router updated. You can get more advice and tips on creating a secure home network here.

Be Cautious with Communications

When we think of phishing, we often think of the classic “Nigerian Prince” scam. But the truth is that online scams have come a long way. Even for the quick and simple ones, all it takes is one careless click to fall victim. Even I have almost fallen prey to a couple of well-crafted, very real-looking phishing attempts. These can come in the form of an Amazon receipt for something expensive, a text from your bank, or something even more specialized and convincing. Always exercise critical thinking and caution when examining these types of communication.

Review App Permissions

Apps ask for a lot of permissions, usually ones they don’t need. Thankfully, both Android and iOS are increasingly giving users more control over the apps on their phones and their permissions with each release. If you haven’t done so recently, this is a great time to check the various apps on your phone. First, check to see if there are any apps you don’t use very often or can live without and delete them. Each app you have is an “attack vector” – a security vulnerability an attacker could use to gain access to your device or a third-party company collecting and selling your data. For the apps you do decide to keep, check the permissions they have and disable any that you don’t actually use or aren’t needed for the app to function.

Review Your Account Settings

This one especially applies to social media accounts but can apply to all your accounts. Take some time next time you log into an account to go through all your settings – who can see your profile? Are you opting in to targeted ads? Have you enabled MFA?

Secure Browsing Habits

Thanks to a number of efforts, the vast majority of the internet is encrypted with HTTPS these days (not to say that all risk is removed, but it’s much safer than in years past). Still, there are steps to take to ensure you’re getting the most out of those protections. Make sure your browser is set to use HTTPS-Only mode, and I recommend clearing your browser data after each use. This will require you to log in each time you use a website, but personally, I find the added privacy and security to be more than worth the slight inconvenience. You can find more information on recommended browsers and settings here.

Device Security

It goes without saying that devices enable our digital lives – you can’t access the internet without some sort of phone, tablet, computer, etc. Therefore, it’s critical to secure those devices. Make sure that you’re locking them with strong passwords, configuring the settings accordingly, encrypting them, and making plans for loss or damage such as keeping good backups. You can find more information on recommended phone settings here, recommended computer settings here, encrypting your devices here, and backups here.

Review Financial Statements

Identity theft is a normal concern and a common crime. Thankfully, there are plenty of ways to help prevent it. In addition to general privacy practices like removing your data from people search sites, being careful about what you share online, and using fake answers to security questions, you can also freeze your credit, place a fraud alert, and regularly request and examine your credit report and bank statements. You can find more information on how to protect your identity here.

Educate Yourself

The privacy and security landscape is constantly shifting with new technologies, abuses of those technologies, and emerging threats. Staying up to date is critical. The New Oil offers a number of casual, easy ways to stay updated that don’t require a lot of time or energy from you: we offer a weekly podcast about current events related to privacy and security, long-form videos, short-form videos, a news feed, and of course, this blog (which you can subscribe to via email, or you can subscribe to most of those other offerings via RSS). But it’s not just me: on the website I recommend tons of other books, documentaries, podcasts, YouTube channels, and websites that contain great information about privacy and security. With so many great projects out there, you’re sure to find one that appeals to your preferred style and “vibe.”

Remember, this is a “basic/foundational” checklist. There’s so much more to privacy that I haven’t even touched on like encrypted messaging, encrypted email, aliasing, VoIP, disinformation, Linux, and more. Many of us hope to have new beginnings with the new year, and now is the perfect time to start making changes to your digital life that will improve and protect it. Privacy and security are about being proactive – it’s too late to start locking your door after a thief breaks in, and you can’t unleak data that was stolen. But remember that privacy doesn’t have to be overwhelming. Don’t try to do all this stuff at once if you’re new. Bookmark this blog post, come back to it every few days, pick a new topic, and go “I’m gonna work on this next.” Before you know it, you’ll be in the top 10% of the safest people online. Good luck!

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...