Checklist to secure your digital life

This post has been created for a wide audience, specifically for people who may think that they are at risk of being compromised, and that want to ensure the effort in order for someone — an attacker for example — to do so, is as high as possible (everyone could be hacked, no protection is absolute). It's important to note that after taking the actions below, your life will become less convenient and you must fully understand what you are doing before taking any of them.

However, your digital life afterward will remain acceptable, you will be able to stay in touch with the World, whilst still being productive and reactive with your work. This is how I’m actually living

Accounts

  • Enable two-factor authentication everywhere, for example, Google, Instagram, Facebook, WhatsApp, Telegram, etc. Download an application such as Authy (iOS, Android) to scan QR codes that these services will generate for you if you are doing it for the first time. Any account without 2FA can be much more easily hacked. Follow these guides
  • Buy 2, or better 3 YubiKey-s 5C-NFC and enable Google Advanced Protection, link these devices to your account. Now your email is really secure, but remember that you will need these devices to log in to your account on a new device next time. Store at least one in a safe
  • Use a password manager like 1Password, and set a unique password for every account that you have. Enabling 2FA significantly decreases the risk of being compromised even if the password is guessed or has been leaked or brute-forced
  • Pass security checkups at least once a year, links for Google, Facebook, or DropBox

Devices

Minimize the number of devices you own where possible

Mobile

  • iOS users — buy the latest iPhone every 2–3 years. Apple makes significant hardware changes frequently to secure your devices. Enable Lockdown Mode, disable iMessage and FaceTime
  • Android users — better to have a phone with pure Android and no other software installed, it decreases attack surface. Pixel is a perfect choice. Same rule — buy the latest model every 2–3 years
  • Use only your own charging cables. Why
  • Set alpha-numeric password for unlocking the device and sensitive data
  • It’s a good idea to completely switch off Bluetooth and WiFi when you don't need them or if you are not in a safe place
  • Minimize the number of installed apps
  • Weekly or Daily — Reboot your phone. If it was compromised, it was likely not a persistent backdoor and a reboot can reset it
  • Weekly or Daily — Install updates for all applications
  • Weekly or Daily — Check software updates for the operating system and install them if there are any

PC

  • Security of macOS and Windows are both good nowadays
  • [macOS] Enable Lockdown Mode, disable iMessage and FaceTime
  • [macOS] Buy Little Snitch and you will be able to control all the connections of all the installed software
  • [macOS] Enable default firewall. Settings > Network > Firewall
  • Set alpha-numeric password 12+ symbols for log-in
  • Do not install any software until it’s really necessary
  • Do not install any apps that you can run via browser — like Slack, Spotify, email client, office apps, etc. Browsers have a good sandbox and protection against malicious files
  • Check and install OS and application updates on a daily/weekly basis
  • Enable disk encryption. macOS: Settings > Privacy & Security > FileVault. Windows: Start > Settings > Privacy & security > Device encryption > BitLocker drive encryption
  • Enable a BIOS or UEFI password

Browser

  • Use Chrome (including Chromium-based browsers like MS Edge) or Safari. Why
  • Remove all extensions. Better not to have any, even if you've been using them for a while and everything was ok. Why
  • Update your browser immediately when you see a notification. Literally, stop working and do it, the chance to be hacked while the browser is not updated is significantly higher, and visiting any page could lead to it
  • Do not trust the “Incognito” mode, you can still be tracked. TOR browser is one of the most secure, offering the lowest chance to be tracked

WiFi

  • [Mobile] You may be surprised, but nowadays it’s kinda OK to connect to “untrusted” WiFi networks if you are updated
  • [PC] Avoid untrusted networks, especially on Windows (at least because NTLM is still alive)
  • [Router] Buy WiFi routers from well-known vendors, they deliver software updates frequently. Check and install updates at least once a month
  • [Router] Upgrade your router every 3 years. Vendors still don’t really support them for more than that period
  • [Router] Use WPA3 in settings and 10–12+ characters password
  • Forget all unnecessary WiFi networks on your devices. Your device constantly broadcasts to the “air” names of saved networks, attackers can create them immediately and you will be connected automatically. macOS: Preferences > WiFi >Advanced. Windows: Network & Internet > Wi-Fi > Manage known networks

SIM cards

Cellular technologies in 2022 remain very vulnerable to attack. And it usually has nothing to do with signal type, 4G, 5G, or the next generation, but the infrastructure that provides the signal or network. When you can — avoid using cellular technologies at all

  • Enable PIN code
  • Always purchase & register sim cards under your own name
  • Don’t use corporate sim cards for personal purposes
  • If possible get a second sim card and do not share the number, then link this to your accounts. If you can — get it in another country, but at the same time travel should ideally be readily possible for you in case you lose the SIM card
  • Some telco companies accept applications for a ban on the issuance of SIM cards via proxy or letter of authorization — as these documents can be easily forged
  • It’s a bad idea to buy a “grandpa” phone that can only call and work with SMS. They are usually working with 2G networks and traffic from them in the air could be sniffed. Sometimes cheap/basic phones contain backdoors from the vendor, unfortunately, there were cases
  • If you use an eSim, check if there is the possibility to reissue or renew your sim card. Try once, check whether the process is secure, and take advice from experts
  • Force to use 4G or 5G only in the settings of your SIM card
  • Don’t use any forwarding services for SMS or Call Recorders, they also could be compromised
  • There is a good website about GSM security where it is possible to download reports about the security of Cellular Operators in many countries in the world, unfortunately, the site is not frequently updated

VPN

Using VPN is still a good idea

  • Where to buy? If possible, set up your own — rent a virtual server, it’s cheap. Ask a geek friend for help. Do everything by yourself, just ask for directions. Ideally, do not use public or paid VPN services.
  • Does a VPN really hide my IP address? Unfortunately, not all the time. There were many cases when it was not and there are still new cases, even with iOS 16. But it applies to any other OS from time to time
  • Use https://shadowsocks.org/

Messengers

  • The Signal messenger is a nice choice
  • But Tox is better
  • Remove the cloud address book where possible
  • While communicating in public chats, keep in mind that all your messages, their time, and reactions are recorded and analyzed by external chatbots. Based on them, it is possible to create a map of interests, guess the time zone, place of residence etc.

Payments

  • Paying with Apple pay / Google Pay is more secure, as you are actually using another card number, so even if you leave a bill behind somewhere, the numbers on the receipt will be different from the card you hold, meaning attackers will not be able to use them as a factor while trying to put together your account details (story)
  • For untrusted websites use virtual cards. Very easy to issue them with Revolut or with a Wise

Incidents

  • If you suffer a ransomware attack, the chances that an attacker will be able to decrypt your files are now extremely low. Make hybrid backups — somewhere in a Cloud and locally to your PC and/or NAS (Network Addressed Storage) and encrypt them with an alpha-numeric password, 12+ symbols
  • If someone offers you a bribe — it’s probably a good idea to neither accept nor decline, preferably, don't say anything at all. Share this information immediately with your boss and security team. They can work together with the authorities to understand how much the malicious actors want to be paid or what information they are trying to obtain
  • If someone is asking you to do something ASAP or seems like they are in a hurry — for example, you receive an SMS from your manager asking you to pay for something — call them back, don’t trust incoming sms/e-emails/calls
  • There is a popular model of deception in social networks — they write to you from an account with a blue check mark and offer to help you get it too, but this account with a blue checkmark is compromised
  • Pass the phishing test https://phishingquiz.withgoogle.com/

Conclusions

By following the tips above, the price of being compromised will be very high. It is possible to reach even higher levels, but this will imply a less comfortable life, the abandonment of any cloud services, and so on.

Stay secure and share with your friends who might benefit from these tips!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store