“If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked.”

― Richard Clarke, American National Security Expert

I’m not sure what it is about a new year, but it’s usually around this time that I revisit my security habits. It might have something to do with when specific products I use come up for renewal.

Growing up, the only “password” I ever needed was the combination to my high school locker. Today I have over 600 entries in my password manager. Imagine trying to remember that many passwords?

My friends and family would consider me pretty tech-savvy, so I thought I would share some of the steps I take to protect myself.

An ounce of prevention is worth a pound of bandages and adhesive tape.

— Groucho Marx

Viruses don’t just make people sick

Let’s start with virus protection. I’m using the term viruses loosely here to mean anything that can cause harm to your device or your online security. This can range from the stuff that can render your device unusable (and maybe make you cough up some money to make it usable again) to the stuff that makes your device track everything you do and send it to the bad guys.

We use our phones the most, and I’ll be honest here — I don’t install anything on my phone to prevent viruses. This is probably a bad way to start off this week’s post.

But here’s the deal. I’m not doing anything sketchy on my phone like going to weird sites or clicking on scammy links. I’m also only downloading apps directly from the App Store and not “side-loading” questionable software.

In the decades that I’ve had a phone, I haven’t run into any issues. Knock on wood.

Now you can, if you so choose, install an antivirus. I just don’t feel that it’s worth it when you consider that it will probably affect your phone’s performance and decrease battery life.

And I don’t know about you, but I’m not trying to charge my phone 3 times a day. Twice is enough, thank you very much.

I also own a PC that I mostly use for gaming. The out-of-the-box Windows antivirus is good enough. It also offers the added benefit of being free. I’ve used various paid-for antivirus solutions with tons of bells and whistles, but for purely antivirus needs, Windows Defender is fine.

Pro Tip: Go with whatever’s bundled with your device. Don’t spend extra unless you’re going to make use of the additional functionality.

Finally, I own a MacBook which is my main writing device. The same process applies here as it does to my phone — I’m not using an antivirus software.

You are… my fire

Spend any time on YouTube (or at least my side of YouTube) and you’ll run into an advertisement for a VPN.

“Use code IAMANINFLUENCER25 to get your first month free of over advertised VPN provider because how else are you going to watch Squid Game 2 on Netflix during your travels in China?”

VPN stands for Virtual Private Network. It essentially keeps your network traffic secure from the bad guys. Want to watch Andy Samberg sing “I Want It That Way” on Brooklyn Nine-Nine on Netflix in the US? You can’t unless you VPN to Canadian Netflix. And if you’re really crafty, you might be able to finagle cheaper airfare using a VPN.

I’ve had a sort of love-hate relationship with VPN providers. There isn’t one provider with a perfect solution, but one that comes pretty close is Mullvad VPN. Coupled with their Mullvad Browser, I surf the web worry-free.

I have Mullvad VPN enabled 24/7 on all my devices.

Pro Tip: Secure your internet browsing with a VPN, especially when you’re not on your home network.

Something to look out for — you may get emails from extra cautious websites saying you’ve logged in from Albuquerque, New Mexico. Before you freak out, check which location your VPN has connected to. It may very well be you that logged in.

Your Club Penguin password ain’t cutting it anymore

Stop writing down your passwords on sticky notes attached to your monitor. And definitely stop reusing the same password for multiple sites and apps.

Whichever password manager you go with, you’ll be asked to create a single password to remember. This “master” password will be your key to all of your other passwords. You’ll no longer need to remember 661 passwords.

My go-to solution here is 1Password.

Here’s why I like 1Password.

• I can use it for more than just passwords. I also store my credit cards in it.

• 1Password works with most browsers via an extension and will automatically enter your passwords for you.

• I can access it on all my devices and it keeps everything synced. Change your password on your PC and it’s almost immediately available from your phone.

• It also functions as your 2FA token generator. No need to have a separate app like Google Authenticator or Authy. Bonus: it will automatically enter the 2FA token when browsing with the extension.

Pro Tip: Save yourself the headache of managing hundreds of passwords. Get yourself a password manager. There are free alternatives like KeePass. Just note that it won’t have all the features I mentioned.

Look at me. I’m the captain now.

According to identitytheft.org, reports of identity theft have continued to increase year over year. In 2024 alone, there had been 5.7 million reports to the FTC.

So what can you do about this?

First, stay on top of your credit reports. You can get a free report once a year from the three major bureaus. Check for anything that you don’t recognize and report it immediately.

Second, freeze your credit files until you need them for situations like opening a new card or taking out a loan. I won’t go into the details of how to do it, although it is rather straightforward. You can follow NerdWallet’s instructions using this link.

Third, get yourself identity protection. There are a bunch of providers. Currently, I have Aura as they had the best deal on a family plan when I was looking around last year.

Candidly, out of all the tools I’ve mentioned, setting up identity protection has been the most time-consuming. Whatever tool you go with, you’ll need to enter personal details like your social security number, email addresses, and credit card numbers. These tools will then monitor the dark web for your personal data.

And should there be any reports of your personal data being found on these malicious sites, you’ll need to take steps to remediate the risk such as changing any affected passwords or reviewing your credit reports for fraudulent activities.

Pro Tip: Check if you already get some sort of identity protection from your credit card merchant, bank, or even AAA. They usually offer at least some basic protection for free.

Take a bite out of the elephant

If you’re new to all of this, start with one area to improve upon before tackling another. Don’t try to do it all at once.

You’ll never be 100% protected from all threats, but you should at least take steps to improve your security posture. It may be as simple as using the password manager that’s built into your phone and making sure you use a unique password for every site.

But start somewhere.

This isn’t meant to be a comprehensive list, but if there’s anything I’ve missed, please let me know.

Share this article with your friends and family to help protect them.

Stay safe out there.

Here’s my 𝕏 post of the week.