5 security tips to keep in 2017

If you’ve been thinking about making over your personal-security habits, 2017 is the year to change.

Experts are predicting worsening denial-of-service attacks that overwhelm and shutter services, more targeted phishing attempts, evolving ransomware, and the rise of compromised Internet of Things devices. Given the dangers these looming threats pose to your personal data and security, it’s more important than ever to break bad online habits, says John Shier, senior security expert at Sophos.

“Everyone is busy, and people fall into complacency. Maybe it’s reusing passwords for multiple online accounts or not being as careful with the information you share on social media,” he says. “These things might sound simple, but they’re important. You owe it to yourself to make sure you’re as safe and protected as you can be.”

From stronger password security to stronger awareness of IoT vulnerabilities, here are five changes you can make this year to keep your personal information safer and more secure.

  1. Be conscious about what you share

Criminals looking to compromise accounts often look to information you provide online for clues that might help them crack security questions, Shier says. They might browse your Facebook friends list for family members to determine your mother’s maiden name, for example, or search your Twitter account for mentions of your wedding anniversary—both of which are answers to common security questions.

“Cybercriminals look for any pieces of information they can use against you in a targeted attack,” Shier says. “Facebook, Twitter, and LinkedIn are all fair game, so you not only want to be careful about what you share in the future, but also about what you’ve already shared.”

Make it a habit to think twice about what you post, and take time periodically to review your social-media accounts for posts and information that might be particularly sensitive or desirable to criminals, Shier advises. Don’t ignore your security and privacy settings, either—review these to ensure that they are also up to snuff, he says.

  1. Be conscious about how you share

Equally important to what information you share is how you share it. You might divulge your Social Security number online when filling out applications for jobs, loans, or a credit check, for example.

“You want to look for all the telltale signs that the website you’re using is secure, like the lock icon in your browser bar,” Shier says. “You also want to use good judgement: Are you familiar with the company that’s requesting this information? Don’t carelessly put this stuff out there because it can cause big problems if it falls into the wrong hands.”

You can read more about how to send sensitive information securely here.

  1. Take passwords more seriously

In December, Yahoo acknowledged that credentials for more than 1 billion accounts had been stolen in 2013—topping its own record for the biggest breach ever. That situation, Shier says, is the reason people need to take their own password security more seriously.

“You really can’t rely on the services you’re using to keep your information safe and store credentials properly,” he says. “You need to take on some of that security ownership by following common password best practices.”

Those best practices include using—but not reusing—strong, complex passwords for each online account, he says. Better yet: Use a password manager, which makes organizing and generating long passwords easier.

  1. Invest in IoT devices judiciously

While IoT devices—Wi-Fi-connected appliances, fitness trackers, home automation systems, for example—may be gaining in popularity, they all come with risks, Shier says. Don’t hop aboard the Internet of Things train blindly; educate yourself about a device’s security and privacy before making the investment, he says.

“If you’re going to purchase one of these hot devices, do so with care, and make sure you understand what information they collect and how secure it is,” he says. “And remember that just because it’s a device with smart capabilities, sometimes it just doesn’t need to connect to the Internet. Your refrigerator will still keep food cold, and your dryer will still dry your clothing, even if it’s not hooked up to your Netflix account.”

  1. Perform monthly housekeeping on accounts

Set aside time each month to take stock of your online accounts. This process could include closely reviewing your credit card statements—particularly following the holiday season—for suspicious transactions; closing down online accounts you no longer use; and changing a handful of passwords to make them stronger, Shier says.

“Make this part of your regular routine. Don’t assume that other companies are going to do security right on your behalf. We have to take our own responsibility to do a little more. All these things will help you be more resilient against future breaches and attacks,” he says.