Cybersecurity Tools and Tips
A guide to keeping your digital information exactly that: yours
If you’re looking to better protect yourself and your information online, this guide is for you. If you’re still wondering why you should care about cybersecurity or privacy, learn how tracking and hacking can impact anyone who uses the internet.
This guide offers an evolving library of resources to help internet users lower their risk and develop better “digital hygiene” over time — it’s not something that can (or needs to) be tackled in one sitting. Instead, set a weekly or monthly calendar reminder to revisit your cybersecurity practices and look for ways to further improve them.
Not sure if you’re “tech-savvy” enough to grasp all this or use it? Don’t worry! There are a range of tools included here that anyone can use and links to step-by-step setup instructions for each.
Table of Contents
Ad/Spam Blockers
Tired of weirdly specific targeted ads and automated telemarketing calls? Use ad and spam blockers on your various devices to keep the digital noise down.
RoboKiller
What: Mobile app that blocks robocallers, telemarketers and spoofers.
Why: While fewer and fewer people are falling for phone-based scams, scammers’ techniques are always evolving (see: area code spoofing). To minimize your chance of becoming a victim — or just minimize the annoyance — sign up for a service like RoboKiller.
How: Download RoboKiller from Apple’s App Store or Google’s Play Store to get started or visit: bit.ly/RoboKiller to learn more.
uBlock Origin and Adblock
What: Browser extensions that block ads from downloading and appearing on websites.
Why: On top of privacy concerns and plain old annoyance, ads cause sites to load much more slowly. Installing an ad blocker is an easy way to clean up your browsing on several fronts.
How: uBlock Origin offers more settings and blocks all ads, while Adblock lets some through but offers a simpler interface. To learn more about the differences, visit bit.ly/Adblock-uBlock. To install either extension, visit Chrome Web Store or Firefox Add-ons and search for “adblock” or “uBlock Origin” (NOT uBlock, this deceptively named offshoot is different).
Anonymity
1.1.1.1 DNS
What: Reroutes your internet traffic through an anonymous DNS server, preventing your ISP and others from tracking and selling your activity.
Why: When you visit a website, your browser finds it by consulting the internet’s version of a directory: a DNS server. DNS providers may sell your data, and any requests sent to it can be viewed by your ISP. Sending your internet directory lookups to 1.1.1.1 is more private — and faster!
How: Visit bit.ly/1–1–1–1-DNS to learn more and find setup instructions. Don’t be deterred by terms such as l “IPv6” — remember, you don’t need to know how electricity works to turn on a light.
Blur
What: Free service (paid version available) that auto-fills forms with “masked” info to protect your personal info.
Why: Websites and data brokers are constantly collecting info on internet users. Blur adds a layer between your personal info and these data addicts, reducing the amount your personal info circulating around the internet.
How: Visit bit.ly/BlurMasking to set up an account and configure your masked data settings.
DeleteMe
What: Step-by-step instructions for deleting your info from data brokers’ databases.
Why: Websites and data brokers are constantly collecting info on internet users. DeleteMe helps you get rid of what they’ve collected, reducing the amount your personal info circulating around the internet.
How: Visit bit.ly/DeleteMeDIY for a free DIY opt-guide. DeleteMe also offers a premium service to save you the hassle of opting out of each site, which admittedly can take a significant amount of time.
DuckDuckGo
What: Privacy-focused search engine that doesn’t track your search activity for purposes of selling it to advertisers.
Why: Google is a notoriously intrusive data collector (see: bit.ly/GoogleDataCollect). DuckDuckGo offers another way to search without constantly being tracked.
How: Visit bit.ly/GoDuckDuckGo to start searching with DuckDuckGo and make it your default browser (how to: bit.ly/DefaultBrowser). Also install the browser extension at bit.ly/DuckDuckGoChrome to keep your activity private across the web.
Mozilla Firefox
What: Privacy-focused internet browser developed by a nonprofit that makes “tools that put people before profit.”
Why: Google is a notoriously intrusive data collector (see: bit.ly/GoogleDataCollect). Firefox offers similar functionality but without constantly tracking you. As a bonus, it also uses less memory.
How: Visit https://mzl.la/2ETXzcX to download Firefox on desktop, or download the Firefox app from Apple’s App Store or Google’s Play Store. Bonus: visit https://mzl.la/2EUDJOF to download the Firefox Focus app for even more privacy protection when browsing.
Tor browser
Privacy-focused web browser, built-on Firefox, that routes traffic through a distributed network of servers across the globe, preventing third parties from tracking you.
Tor is a favorite tool of activists and journalists as well as citizens of countries with oppressive governments, but normal people use it too (see: bit.ly/WhoUsesTor). Tor secures and anonymizes yout internet traffic better than most browsers.
Visit bit.ly/GetTorbrowser to get started setting up Tor for desktop, or download the mobile versions, Orbot and Orfox, from bit.ly/Orbot-Orfox
Anti-Malware
Software updates
What: Update to the latest version of software including firmware and device drivers.
Why: Don’t ignore notifications about software updates! These often come with important security fixes for bugs that hackers seek to exploit.
How: When installing new software, make sure to keep the “automatically check for updates” setting on so you don’t miss important updates. Operating systems are especially important to keep current. See below for some helpful resources.
- Windows:
bit.ly/Win10Updater
bit.ly/Win10DriverUpdater - Android:
bit.ly/GoogleAndroidUpdate - iOS:
apple.co/2Ht61Tg
apple.co/2Ht6FjE
VirusTotal
What: Scans downloads and websites for potential malware using 70+ antivirus scanners. Kind of like Yelp for malware vulnerability.
Why: Hackers place malware anywhere they can. VirusTotal gives you additional peace of mind that you aren’t unwittingly stumbling onto a malware-infested website or file.
How: Go to bit.ly/VirusTotalUpload, paste a URL or upload a file, and VirusTotal will show whether any antivirus service found malware on it. Click the “Community” tab to see how individuals from the security community have rated the site/file.
Authentication
Biometric authentication
What: Many devices now allow you to unlock them with your face, finger or other biometric data.
Why: Biometric data is unique to each individual — good for confirming it’s really you. However, you also can’t ever change it — bad if it gets hacked (which is not difficult to do for some data, like fingerprints).
How: On a compatible device (many smartphones made in the past few years), go to the security settings and look for the option to enable device unlocking via fingerprint or facial recognition. For detailed instructions, Apple users can go to apple.co/2TPOrQD and Android users can visit bit.ly/AndroidFaceUnlock.
Hardware security keys
What: Physical key to lock down your digital accounts.
Why: By linking a hardware key to an account, you prevent hackers from accessing it unless they physically have your key.
How: Yubico is the gold standard for hardware keys. Visit bit.ly/YubikeyStart to browse their lineup and find out which sites support encryption keys.
Multifactor authentication (MFA)
What: Security setting that requires multiple pieces of information from you to verify your identity, such as a password, text code, or physical device.
Why: MFA adds a layer of security by requiring you to provide two or more of something you: KNOW (e.g. password), HAVE (e.g. phone or encryption key), and ARE (e.g. fingerprint or face). That way, if hackers obtain one, they can’t automatically access your account.
How: Visit bit.ly/TurnOn2FA to check whether a site supports MFA. If so, access it from your account settings. Many sites use text messages to verify your identity, but for best results, use an authenticator app such as Duo or Authy. For more on MFA, visit: bit.ly/NIST-MFA.
Password managers
What: Stores and secures your logins, passwords and other sensitive info and automatically fills in site login pages.
Why: By helping you choose strong passwords and remembering them for you, password managers can help you get away from using and re-using weak passwords. This should be a first step for all internet users.
How: Visit wrctr.co/2Hz7gR5 to explore the best password managers. Choose one, set up an account, and add your account info and other sensitive data (like health records and credit cards). Install the browser plugin and mobile app, if available, so your passwords fill in automatically when you visit those sites. Unlike many security and privacy tools, password managers offer more, not less, convenience.
Encryption + Data Security
HTTPS Everywhere
What: Browser extension that forces secure connections to websites when possible.
Why: See that “https” before this site’s address and the padlock to the left? That means your connection is secure (“http” means it’s unsecure). HTTPS Everywhere forces websites to connect securely when possible, and alerts you when not. It’s always better to connect to sites securely, but especially important when using e-commerce or banking sites.
How: Visit bit.ly/HTTPSEvery for instructions on how to install the browser extension on desktop or Android (Apple doesn’t allow third-party extensions for Safari, sorry iOS users).
ProtonMail
What: Privacy-focused email client that offers better protection from the prying eyes of Google and the US government.
Why: Gmail allows Google, third-party developers and others to read your emails (see: on.wsj.com/2Tvxw5U). Switching to ProtonMail, to be fair, comes with significant inconveniences, so this may not be for everyone. The flip side is that it uses end-to-end encryption to securely send your emails. To help you decide whether you need or want to jump ship, visit: bit.ly/GmailvsProtonMail.
How: For those interested in exploring ProtonMail, set up an account at bit.ly/GetProtonMail and download the mobile app from Apple’s App Store or Google’s Play Store.
Secure messaging
What: Unless you have an iPhone or iPad, your text messages are sent unsecurely. Secure messaging apps encrypt your messages to keep prying eyes away.
Why: If you’re like most people, you have incredibly intimate conversations via text, or SMS, which has well-known security flaws. Instead of wondering “why switch?” ask yourself, “why not?” If you’re hesitant because your friends and family still use unencrypted messaging apps, just send them an invite to download your secure messaging app of choice and start a conversation.
How: Signal is the gold standard here, but others like Wire and Wickr are also options (and no service is perfect). To get started, download Signal or your app of choice from Apple’s App Store or Google’s Play Store. For a greate comparison chart on different secure messaging apps, visit: bit.ly/SecureMSG.
VeraCrypt
What: Encrypt data stored locally on your laptop or desktop.
Why: If your computer is stolen, even if it’s password protected, hackers can still access your data. But even short of theft, there are reasons you may want to lock up sensitive data such as tax or other financial information. VeraCrypt offers a local encryption option.
How: Visit bit.ly/VeraCryptSetup for instructions on how to download VeraCrypt and encrypt your data.
Virtual Private Networks (VPNs)
What: digital “tunnels” that obscure your internet traffic and identifying data (such as your IP address) from internet service providers (ISPs), hackers and other prying eyes by encrypting it while in transit.
Why: Your ISP has loads of data on you, and as regulators continue to rollback privacy protections, they’re eager to sell that data. Use a VPN to keep their hands off at least some of it. Also, VPNs can mask your true location, a feature that could come in handy in many situations. It’s worth noting, however, that you’re trusting the VPN with that data now (for more about that dilemma, listen to this great podcast episode on VPNs: bit.ly/IfThenVPNs).
How: VPNs vary in ease of use, quality and price (most aren’t free, and be wary of those that are). Visit bit.ly/CDT-VPN to learn more about what VPNs are and whether you need one. Visit bit.ly/BestVPN2019 for recommendations.
Maintenance
Backup your data
What: Securely backup data from your devices to a cloud service and external drive.
Why: Storing information on a computer doesn’t mean it automatically lives “in the cloud” for eternity. Most of us have horror stories of spilt water, dropping our laptops, and inconveniently timed “blue screen” crashes that reveal just how temporary digital information can be. Backing up data proactively saves you not just time and money, but the crushing realization that your irreplaceable photos, health records and other data are gone forever. It’s basically insurance for your digital info. Why not do it?
How: Cloud backup services vary widely. Visit wrctr.co/2TxvrGA for a very informative review of desktop-based services. Each provider has setup instructions on their site and most have chat or phone support if needed. If you use iCloud, consider adding an additional backup service so your eggs aren’t all in one basket (see: bit.ly/BeyondiCloud). You should also consider backing up your laptop or desktop to an external hard drive (see: wrctr.co/2TQcdw4 for reviews), in case your cloud provider experiences a technical failure or a poor internet connection gets in the way of a successful backup.
Digital audit
What: Routine maintenance to ensure you continue to stay safe and secure online.
Why: Just like annual dentist visits help keep your teeth clean, annual, biannual or even monthly security audits help you maintain good digital hygiene over time.
How: A full audit of your digital life may seem daunting. If so, start by picking one device or category of sites. Here are a few ideas to get the ball rolling for Android users (bit.ly/AndroidAudit) and iPhone users (bit.ly/iPhoneAudit).
Remove bloatware
What: Bloatware is software that comes pre-installed on devices in addition to the operating system, often aimed at getting users to pay for a premium version.
Why: Bloatware is rarely useful, can significantly slow down your device, and can even compromise its security (see: zd.net/2TE97eE). Removing it comes with very little downside while also improving performance.
How: Specific bloatware will depend on which device(s) and operating system you have.
- iOS: apple.co/2TE7zBm
- Android: bit.ly/AndroidBloatware
- Windows: bit.ly/WindowsBloatware
###
This guide will be updated over time to include additional tools and tips, updates links to reviews and setup instructions, and notices of best practices that have become obsolete.
If you have any suggestions for tools or tips that should be added or marked obsolete, story ideas or helpful information, or questions about how to improve your digital hygiene, please contact me at tsonnemaker@protonmail.com.
