Why

A password manager is a crucial tool for maintaining strong, unique passwords across all your accounts without having to memorize them. It significantly enhances your online security by allowing you to use complex passwords for each account, reducing the risk of multiple accounts being compromised if one password is leaked.

Action

• Select a reputable password manager. 1Password is recommended for most users but LastPass and Bitwarden are also great choices.
• Download and install the application on your primary device.
• Create a strong master password - this is the only password you’ll need to remember.
• Set up two-factor authentication for your password manager account.
• Print your Emergency Kit/Recovery Key and store it in a secure physical location (safe or safety deposit box).
• Install browser extensions and mobile apps on all your devices.
• Enable auto-fill features for convenience, but be cautious on shared devices.
• Use the password generator to create strong, unique passwords for your accounts moving forward.
• Start adding your existing passwords to the manager.
• Gradually replace weak or reused passwords with new, strong ones.

Remember

Your master password should be long, complex, and completely unique. Never use it for any other account.

Why

Critical accounts are those that, if compromised, could lead to significant personal, financial, or professional damage. These typically include email (especially if used for account recovery), financial accounts, and primary social media profiles. Securing these accounts is vital to protect your digital identity, finances, and personal information from unauthorized access and potential misuse.

Action

• Identify your critical accounts:

  • Primary email accounts
  • Banking and financial services
  • Main social media profiles
  • Cloud storage services
  • Work-related accounts

• For each critical account:

  • Create a unique, strong password:
    • Use your password manager to generate a password of at least 16 characters
    • Include a mix of uppercase, lowercase, numbers, and symbols
  • Enable two-factor authentication (2FA):
    • Prefer app-based authenticators (e.g., Google Authenticator, Authy) over SMS
    • Use physical security keys for highest security when available
  • Review and update recovery methods:
    • Set up multiple recovery email addresses and trusted phone numbers
    • 2FA Backup Codes: When enabling 2FA, most services provide one-time backup codes. Crucially, print these codes and store them in a very secure physical location (e.g., a fireproof document bag or safe, separate from your primary devices). Also, consider storing a digital copy securely in your password manager if it supports it, but the physical copy is key for device loss scenarios
    • Store any other account-specific recovery codes (e.g., for password manager itself) with the same level of security
  • Verify and update contact information:
    • Ensure email, physical addresses and phone numbers are current
    • Remove any old or unused contact methods
  • Check for any linked accounts or authorized apps and remove unnecessary access
  • Review security questions and answers:
    • Use random, false answers stored in your password manager for higher security
    • These security question answers are often public or easy to find information
  • Enable login alerts if available, to be notified of any new device logins

Remember

Your critical accounts are the keys to your digital kingdom - securing them with unique passwords, 2FA, and printed backup codes is your first and most important line of defense against digital threats.

Why

Keeping your devices and software up-to-date is crucial for maintaining security. Updates often include patches for newly discovered vulnerabilities, making it harder for attackers to exploit your systems. Enabling automatic updates ensures you’re protected without having to remember to manually update each device or application.

Action

• For each device (computer, smartphone, tablet, smart home devices):

  • Check for and install available updates:
    • Windows: Settings > Update & Security > Windows Update
    • macOS: Apple menu > System Preferences > Software Update
    • iOS: Settings > General > Software Update
    • Android: Settings > System > System update
  • Enable automatic updates:
    • Windows: In Windows Update, select “Advanced options” and enable “Receive updates for other Microsoft products”
    • macOS: In Software Update, check “Automatically keep my Mac up to date”
    • iOS: Settings > General > Software Update > Automatic Updates
    • Android: Google Play Store > Settings > Network preferences > Auto-update apps

• For web browsers:

  • Chrome: Settings > About Chrome > Toggle “Automatically update Chrome”
  • Firefox: Options > General > Firefox Updates > Select “Automatically install updates”
  • Safari: Updates through macOS Software Update
  • Edge: Updates through Windows Update

• For other software:

  • Check settings within each application for auto-update options
  • For macOS, use the App Store’s automatic updates feature
  • For Windows, use Microsoft Store’s automatic app updates

• For smart home devices:

  • Check manufacturer’s app or website for update settings
  • Enable automatic updates if available

Remember

While auto-updates are generally beneficial, they can occasionally cause issues. Have a backup system in place.

Why

A comprehensive backup system is crucial for protecting your data against loss due to hardware failure, theft, ransomware, or disasters. The 3-2-1 backup strategy ensures you have multiple copies of your data in different locations, significantly reducing the risk of total data loss.

Action

• Understand the 3-2-1 backup rule:

  • 3 copies of your data (1 primary + 2 backups)
  • 2 different storage media types
  • 1 copy stored off-site

• Choose your backup solutions:

  • Primary backup (local):
    • External hard drive or Network Attached Storage (NAS)
  • Secondary backup (local, different type):
    • Another external drive or a set of high-capacity USB drives
  • Off-site backup (cloud):
    • Dedicated backup services: Backblaze, iDrive, Carbonite
    • Or use existing cloud storage: iCloud, OneDrive, Google Drive, Dropbox

• Set up automatic local backups:

  • Windows: Enable File History (Settings > Update & Security > Backup)
  • macOS: Enable Time Machine (System Preferences > Time Machine)
  • Connect an external drive and leave it plugged in for automatic daily backups
  • Alternative: Use a Network Attached Storage (NAS) for wireless backups

• Set up cloud backup:

  • Choose between dedicated backup service or cloud storage
  • Install the application and sign in
  • Select folders to backup (Documents, Desktop, Photos, etc.)
  • Enable automatic sync/backup
  • Verify encryption is enabled

• Test your backups:

  • Monthly: Restore a few random files to verify they work
  • Annually: Perform a full restore test to a spare device

• Secure your backups:

  • Encrypt local backup drives using BitLocker (Windows) or FileVault (Mac)
  • Use strong, unique passwords for cloud services
  • Enable two-factor authentication on all cloud accounts

• Create a backup schedule:

  • Continuous/Daily: Automatic cloud backups
  • Daily: Local backups (if drive stays connected)
  • Weekly: Full local backup if you disconnect drives
  • Annually: Archive important data to a separate drive stored off-site

• Document your backup system:

  • List what’s backed up and where
  • Store recovery instructions in your password manager
  • Include encryption passwords and recovery keys

Remember

Regularly review and update your backup strategy. As your data changes, ensure your backup system still covers all crucial information.

Why

A credit freeze, also known as a security freeze, prevents new accounts from being opened in your name by restricting access to your credit report. This is one of the most effective ways to prevent identity theft and fraudulent accounts. By freezing your credit with all three major credit bureaus, you significantly reduce the risk of financial fraud.

Action

• Gather necessary information:

  • Full name, address, date of birth, Social Security number
  • Government-issued ID (driver’s license or passport)
  • Proof of address (utility bill, bank statement)

• Contact each of the three major credit bureaus:

  • Equifax:
    • Online: https://www.equifax.com/personal/credit-report-services/
    • Phone: 1-888-378-4329
  • Experian:
    • Online: https://www.experian.com/freeze/center.html
  • TransUnion:
    • Online: https://www.transunion.com/credit-freeze

• For each bureau:

  • Create an account (if online)
  • Verify your identity
  • Request the credit freeze
  • Note down the PIN or password provided by each bureau
  • Store this information securely; you’ll need it to lift the freeze

• Consider freezing your credit report at these additional bureaus:

  • Innovis
  • National Consumer Telecom & Utilities Exchange (NCTUE)

• Important notes:

  • A freeze remains in place until you lift it
  • You can temporarily lift a freeze for specific creditors or time periods
  • Credit freezes are free by law
  • Set a reminder to check your free credit reports annually at AnnualCreditReport.com

Remember

A credit freeze doesn’t affect your credit score or prevent you from getting your free annual credit report. You’ll need to lift the freeze (temporarily or permanently) when applying for credit, jobs, or housing rentals that require a credit check.

Why

A Digital Emergency Plan ensures that your digital life can be managed in case you’re hacked, incapacitated or deceased. Without proper preparation, even well-meaning family members can’t protect your digital assets or prevent ongoing fraud. This plan provides a secure way for trusted individuals to access crucial accounts and digital assets, protecting your online identity and ensuring your digital legacy is handled according to your wishes.

Action

• Choose 2-3 trusted emergency contacts:

  • Select family members or close friends who can act on your behalf
  • Give each person clear instructions about their role in various scenarios
  • Update emergency contacts in your phone (ICE - In Case of Emergency)

• Create and securely store an emergency document:

  • Use a password-protected file format (e.g., encrypted PDF)
  • Consider using a secure digital vault service (e.g., LastPass, 1Password)
  • Store a digital copy in an encrypted cloud service
  • Keep a physical copy in a secure location (e.g., safe deposit box)

• Include the following information in the document:

  • List of important accounts:
    • Email, financial, social media, cloud storage
    • Include usernames (but not passwords)
    • List financial institutions and account types (not numbers)
  • Password manager information:
    • Name of the service
    • Master password hint (not the password itself)
    • Instructions for accessing emergency access features
  • Two-factor authentication recovery codes
  • Contact information:
    • Your primary email addresses and phone numbers
    • Attorney and financial advisor details if applicable
  • Digital asset inventory:
    • Cryptocurrencies, digital purchases, domain names
  • Instructions for accessing hardware:
    • Computer, phone, external hard drives
  • Backup locations and access methods
  • Location of important documents (will, insurance policies)

• Set up emergency access:

  • Enable emergency access features in your password manager
  • Inform trusted contacts about the existence and location of your plan
  • Don’t share passwords directly - use sealed envelopes or password manager features

• Regular updates:

  • Set a reminder to review and update the plan every 6-12 months
  • Update after any major life changes, new accounts, or relationship changes

Additional Considerations

• Beneficiaries and estate planning: Update beneficiaries on all financial accounts and insurance policies. Consider creating a comprehensive digital estate plan that goes beyond emergency access.

• Digital Will: Create a comprehensive digital will that designates a digital executor and provides instructions for each account (close, memorialize, transfer). Include wishes for social media accounts and specify how to handle digital assets.

• Legal planning: Research your local laws regarding digital assets and estate planning. Consider consulting with a lawyer to ensure your plan is legally sound and explore using a legal service for digital estate planning.

• Advanced security: Consider using a “dead man’s switch” service that automatically shares access information if you don’t check in regularly.

Remember

Balance security with accessibility. The plan should be secure enough to prevent unauthorized access, but accessible to trusted individuals in case of an emergency.

Why

Data breaches are unfortunately common, and your personal information may have been exposed without your knowledge. Regularly checking for compromised accounts allows you to take swift action to protect your identity, change passwords, and minimize the risk of unauthorized access to your accounts.

Action

• Check for breaches and sign up for monitoring:

  • Visit https://haveibeenpwned.com/
  • Enter your email addresses and usernames
  • Check your phone numbers if the service allows
  • Sign up for future breach notifications using services like Firefox Monitor or BreachAlarm
  • Consider using identity theft monitoring services for additional protection

• Review breach details:

  • Note which accounts were affected
  • Identify what types of data were exposed (e.g., emails, passwords, credit cards)

• For each compromised account:

  • Change the password immediately:
    • Use your password manager to generate a strong, unique password
  • Enable two-factor authentication if not already active
  • Review and update security questions
  • Check account activity for any suspicious actions
  • Update any other accounts where you used the same password

• For financial accounts:

  • Monitor statements for unauthorized transactions
  • Consider requesting a new credit/debit card if card info was exposed

• If Social Security numbers were exposed:

  • Consider placing a fraud alert or credit freeze
  • Monitor your credit reports for suspicious activity

• For email account breaches:

  • Be extra vigilant about phishing attempts
  • Consider setting up email aliases for different services

• Learn from the breaches:

  • Identify patterns in your compromised accounts
  • Adjust your security practices accordingly

Remember

Data breaches are often discovered long after they occur. Regular password changes and unique passwords for each account are crucial practices to minimize potential damage.

Why

Every online account, social media profile, and web service you use creates digital breadcrumbs that can be exploited. Old, forgotten accounts are especially vulnerable - they often have weak passwords, outdated security, and may have been compromised without your knowledge. Reducing your digital footprint limits attack surfaces and protects your privacy.

Action

• List all online accounts you can remember (email, social media, shopping, forums, apps).
• Search your email for “welcome” or “verify your account” messages to find forgotten accounts.
• Check password manager for old, unused accounts.
• Visit JustDeleteMe.xyz for instructions on deleting accounts from popular services.
• For accounts you can’t delete, remove personal information and use fake data.
• Delete or privatize old social media posts and photos.
• Unsubscribe from unnecessary email lists and newsletters.
• Remove your information from people search sites like Whitepages, Spokeo, and BeenVerified.
• Consider using DeleteMe or similar services for comprehensive removal.
• Document accounts you’re keeping in your password manager.

Remember

Focus on accounts that contain sensitive information first: financial services, healthcare, government sites, and anywhere with your SSN or payment details. For accounts you must keep, ensure they have strong, unique passwords and 2FA enabled.

Why

Securing your physical devices and enabling tracking features helps protect your valuable data and increases the chances of recovering lost or stolen devices. This process involves setting up security measures and activating built-in tracking capabilities on your smartphones, tablets, and laptops.

Action

• Smartphones and Tablets:

  • Set up strong screen lock:
    • Use biometrics (fingerprint, face recognition) when available
    • Set a strong PIN or password as backup
  • Enable remote tracking:
    • iPhone: Settings > [Your Name] > Find My > Find My iPhone
    • Android: Settings > Google > Find My Device
  • Enable remote wiping capability
  • Encrypt device storage if not done by default

• Laptops:

  • Set up strong login password
  • Enable disk encryption:
    • Windows: Turn on BitLocker
    • macOS: Enable FileVault
  • Install tracking software:
    • Windows: Enable “Find my device”
    • macOS: Enable “Find My Mac”
  • Set up firmware password (for Macs) or BIOS/UEFI password (for PCs)

• Additional security measures:

  • Install and update reputable antivirus/anti-malware software
  • Disable automatic connection to open Wi-Fi networks

• Record device information:

  • Note down serial numbers, IMEI numbers (for phones)
  • Take photos of devices for insurance purposes
  • Add this information to your Digital Emergency Plan

• Set up Multi-Device Management (if applicable):

  • Use Apple’s Find My network or Google’s Find My Device
  • Consider third-party solutions for cross-platform management

• Physical security:

  • Use laptop locks in public spaces
  • Never leave devices unattended in public
  • Consider privacy screens for working in public areas

• Test tracking features:

  • Ensure you can locate and remotely control each device

Remember

While these measures significantly improve security, no system is foolproof. Ensure automatic updates are enabled (see “Enable Auto-Updates” task) and maintain regular backups (see “Implement 3-2-1 Backup Strategy” task).

Why

Combining the National Do Not Call Registry with your phone carrier’s spam blocking services provides the best protection against unwanted calls. This dual approach significantly reduces telemarketing calls and helps protect you from potential phone scams.

Action

• Register for Do Not Call List:

  • Gather your information:
    • List all phone numbers you want to register (landline and mobile)
    • Have your email address ready (you can register up to three phone numbers at once)
  • Visit https://www.donotcall.gov/ or call 1-888-382-1222 from the phone you want to register
  • Registration is permanent and takes effect within 31 days
  • Report violations at https://www.donotcall.gov/ if you still receive calls

• Activate carrier spam blocking:

  • AT&T: Download AT&T Call Protect app or dial *787#
  • Verizon: Enable Call Filter in account settings or download the app
  • T-Mobile: Dial #662# or download Scam Shield app
  • Other carriers: Check your carrier’s website or contact customer support

• Configure and test:

  • Customize blocking levels in your carrier’s app
  • Test by having someone call with blocked caller ID
  • Adjust settings if legitimate calls are being blocked

Remember

These services won’t stop all unwanted calls. Charities, political groups, and companies you do business with may still call. Never share personal information unless you initiated the call to a known number.

Why

Opting out of prescreened credit and insurance offers reduces unwanted mail, minimizes paper waste, and decreases the risk of identity theft from stolen mail. This process removes your name from lists that credit bureaus and insurance companies sell to lenders and insurers for marketing purposes.

Action

• Choose your opt-out method:

  • Online: Visit www.optoutprescreen.com
  • Phone: Call 1-888-5-OPT-OUT (1-888-567-8688)

• For permanent opt-out:

  • Complete the online form for initial opt-out
  • Look for a confirmation form in the mail (arrives within 5 business days)
  • Sign and return the form to make the opt-out permanent

• Additional steps to reduce junk mail:

  • Register with DMAchoice (www.dmachoice.org) to opt out of other direct mail marketing
  • Contact individual companies that send you unwanted mail and request removal

• For catalogs and other marketing lists:

  • Use Catalog Choice (www.catalogchoice.org) to opt out of specific catalogs

• Keep records:

  • Note the date you opted out
  • Save any confirmation emails or letters

• Follow up:

  • If you continue receiving offers after 60 days, contact the opt-out service again

Remember

Opting out won’t stop all junk mail, but it will significantly reduce prescreened credit and insurance offers. You may still receive offers from companies you do business with or from local merchants.

Why

Identity theft monitoring services help detect potential fraudulent use of your personal information. These services can alert you to suspicious activities, potentially preventing or minimizing the impact of identity theft. While not foolproof, they provide an additional layer of protection for your personal and financial data.

Action

• Research identity theft monitoring services:

  • Popular options include IdentityForce, Identity Guard, LifeLock, and Experian IdentityWorks
  • Compare features, pricing, and customer reviews

• Sign up and configure your chosen service:

  • Download the service’s mobile app for real-time alerts
  • Enable notifications for suspicious activities

• Review your credit reports:

  • Many services offer free credit reports; review them for accuracy

• Familiarize yourself with the recovery services:

  • Understand what assistance is available if identity theft occurs

• Set a reminder:

  • Schedule regular checks of your monitoring dashboard (e.g., monthly)

• Keep your contact information updated:

  • Ensure the service can reach you if suspicious activity is detected

Remember

While identity theft monitoring can be helpful, it’s not a guarantee against identity theft. Continue to practice good security habits, regularly review your financial statements, and be cautious about sharing personal information.

Why

A secure home Wi-Fi network is crucial for protecting your personal data and devices from unauthorized access. By implementing strong security measures, you can significantly reduce the risk of hackers intercepting your internet traffic or gaining access to your connected devices.

Action

• Access your router’s admin panel:

  • Connect to your Wi-Fi network
  • Open a web browser and enter your router’s IP address (often 192.168.0.1 or 192.168.1.1)
  • Log in with admin credentials (if you haven’t changed these, check the router’s manual for default login)

• Update router firmware:

  • Look for a “Firmware Update” or “Router Update” option
  • If an update is available, download and install it

• Change the router’s admin password:

  • Find “Administration” or “Settings” section
  • Create a strong, unique password

• Set up a strong Wi-Fi password:

  • Locate “Wireless Settings” or “Wi-Fi Security”
  • Choose WPA3 if available, or WPA2 at minimum
  • Create a strong, unique password (at least 12 characters, mix of upper/lowercase, numbers, symbols)

• Update your network name (SSID):

  • Choose a name that doesn’t reveal personal information
  • Consider hiding your SSID (note: this only deters casual users)

• Enable network encryption:

  • Ensure WPA3 or WPA2 encryption is enabled
  • Avoid WEP encryption as it’s outdated and insecure

• Set up a guest network:

  • Look for “Guest Network” settings
  • Enable the guest network with a separate password
  • Limit guest network access to internet only, not your local network

• Enable firewall:

  • Find firewall settings in security options
  • Enable if not already active

• Disable remote management:

  • Look for “Remote Management” or “Remote Administration”
  • Ensure it’s turned off

• Use DNS security:

  • Consider changing to a secure DNS provider (e.g., Cloudflare’s 1.1.1.1 or Google’s 8.8.8.8)

• Disable WPS (Wi-Fi Protected Setup):

  • Find WPS settings and turn off if available

• Control device access:

  • Enable MAC address filtering for an extra layer of security
  • Only allow known devices to connect

• Position your router securely:

  • Place the router in a central location, away from windows

• Document your changes:

  • Write down new passwords and settings (store securely)

Remember

Regularly update your router’s firmware and review these settings. A secure Wi-Fi network is an essential part of your overall digital security strategy.

Why

Using privacy services can significantly enhance your online and offline privacy by creating layers of separation between your personal information and various services you use. These tools help minimize your digital footprint, reduce spam, and protect against identity theft.

Action

• Virtual Credit Cards (e.g., Privacy.com):

  • Visit Privacy.com or a similar service
  • Sign up for an account
  • Link your bank account
  • Learn how to create virtual cards for online purchases
  • Set spending limits and create merchant-specific cards

• PO Box:

  • Visit USPS.com or your local post office
  • Choose a PO Box size based on your needs
  • Complete PS Form 1093
  • Provide two forms of valid ID
  • Pay for the service (consider an annual plan for savings)
  • Set up mail forwarding from your home address if desired

• Google Voice:

  • Go to voice.google.com
  • Sign in with your Google account
  • Choose a Google Voice number
  • Verify your existing phone number
  • Download the Google Voice app on your smartphone
  • Configure call forwarding and voicemail settings

• Junk Email Address:

  • Choose a reputable email provider (e.g., ProtonMail for enhanced privacy)
  • Create a new email account with a non-identifying username
  • Set up filters to organize incoming mail
  • Consider using this email for:
    • Online shopping
    • Newsletter subscriptions
    • Account registrations for non-essential services

• Additional privacy measures:

  • Use a VPN service for online anonymity
  • Consider a secure messaging app (e.g., Signal) for communications
  • Use a password manager to generate and store unique passwords

• Implement gradually:

  • Start using these services for new accounts/subscriptions
  • Gradually update existing accounts with new privacy-focused information

• Document your setup:

  • Securely record which services use which privacy tools
  • Store this information in your password manager or a secure document

• Regular maintenance:

  • Check your PO Box regularly
  • Review Google Voice messages and settings
  • Monitor virtual card usage and adjust limits as needed
  • Regularly clean out your junk email account

Remember

While these services enhance privacy, they require ongoing management. Regularly review and update your usage to maintain effectiveness. Be aware of the terms of service for each tool, as some may have limitations or potential privacy trade-offs.

Why

Setting up account alerts for your banks and credit cards is a crucial step in monitoring your financial security. These alerts can notify you of potentially fraudulent activity, large transactions, low balances, and other important account events, allowing you to respond quickly to any unauthorized actions.

Action

• Gather your information:

  • List all your bank and credit card accounts
  • Ensure you have login credentials for each account’s online portal

• For each bank account:

  • Log into your online banking portal
  • Look for “Alerts” or “Notifications” in the settings or menu
  • Set up the following alerts (as available):
    • Large withdrawals (set a threshold amount)
    • Low balance warnings
    • Direct deposit notifications
    • Password or personal info changes
    • Login attempts from new devices
  • Choose notification method (email, text, push notification)

• For each credit card:

  • Log into your credit card account online
  • Find the “Alerts” or “Account Notifications” section
  • Set up alerts for:
    • Purchases over a certain amount
    • Online, phone, or international purchases
    • Declined transactions
    • Approaching credit limit
    • Payment due reminders
    • Suspicious activity alerts
  • Select preferred notification method

• For overall credit monitoring:

  • Consider setting up a free service like Credit Karma or Credit Sesame
  • Set up alerts for changes to your credit score or new accounts opened in your name

• Test your alerts:

  • Make a small purchase or withdrawal
  • Ensure you receive the alert in a timely manner

• Review and adjust:

  • After a few weeks, review the frequency and usefulness of alerts
  • Adjust thresholds or alert types as needed to reduce alert fatigue

• Keep contact info updated:

  • Ensure your email and phone number are current for all accounts
  • Update immediately if you change your contact information

• Mobile app settings:

  • If using mobile banking apps, check for additional alert options
  • Ensure push notifications are enabled on your device

• Document your alert setup:

  • Keep a secure record of which alerts are active for each account

Remember

While alerts are helpful, they shouldn’t replace regular account monitoring. Review your accounts regularly to catch any issues that might not trigger an alert. Also, be cautious of phishing attempts disguised as account alerts – always log in to your accounts directly rather than clicking links in emails or texts.

Why

A Virtual Private Network (VPN) encrypts your internet connection, enhancing your online privacy and security. It’s particularly useful when using public Wi-Fi networks, accessing geo-restricted content, or maintaining privacy from your ISP. Setting up a VPN on all your devices ensures consistent protection across your digital life.

Action

a. Select a VPN Provider

• Research reputable providers (e.g., NordVPN, ExpressVPN, ProtonVPN)
• Consider factors like speed, server locations, device limits, and price
• Look for services with a strict no-logs policy and strong encryption

b. Create Your VPN Account

• Visit the provider’s website
• Choose a plan and create an account
• Note down your login credentials

c. Install VPN on All Devices

Computer (Windows/Mac):

• Download the VPN client from the provider’s website
• Install the application
• Launch the app and log in
• Choose a server and connect
• Test the connection by visiting ipleak.net

Smartphone/Tablet (iOS/Android):

• Visit the App Store or Google Play Store
• Search for your VPN provider’s app
• Download and install the app
• Open the app and log in
• Select a server and connect
• Verify the connection is working

Router (for whole-home protection):

• Check if your router supports VPN client mode
• If supported, log into your router’s admin panel
• Look for VPN client settings
• Enter your VPN provider’s server details and credentials
• Save and apply settings

d. Enable Auto-Connect Protection

• Set your devices to automatically connect to the VPN on startup or when joining unknown Wi-Fi networks

e. Verify VPN Functionality

• Visit ipleak.net or whatismyipaddress.com to ensure your IP is masked
• Try accessing a geo-restricted website to verify functionality

f. Configure Advanced Settings

• Explore the VPN app’s settings for features like:
  • Split tunneling (choosing which apps use the VPN)
  • Kill switch (cuts internet if VPN disconnects)
  • Protocol selection (e.g., OpenVPN, WireGuard)

g. Establish Usage Guidelines

• Decide when to always use the VPN (e.g., on public Wi-Fi)
• Identify any services that might need the VPN turned off

h. Train Family Members

• Explain the importance of using the VPN
• Show them how to connect and disconnect

i. Maintain Your VPN Setup

• Enable auto-updates or check manually for updates monthly

Remember

While VPNs greatly enhance privacy, they’re not a complete anonymity solution. Continue to practice safe browsing habits and be aware of the limitations of VPN services.

Why

Full-disk encryption protects all the data on your device by making it unreadable without the correct authentication. This is crucial for protecting your personal information if your device is lost or stolen. Most modern operating systems offer built-in full-disk encryption tools that are easy to set up and use.

Action

• For Windows 10/11 (using BitLocker):

  • Ensure your PC has a TPM (Trusted Platform Module)
  • Open ‘Control Panel’ > ‘System and Security’ > ‘BitLocker Drive Encryption’
  • Click ‘Turn on BitLocker’ next to your system drive
  • Follow the prompts to set up BitLocker
  • Save the recovery key in a secure location (not on the same device)

• For macOS (using FileVault):

  • Click the Apple menu > ‘System Preferences’ > ‘Security & Privacy’
  • Click the ‘FileVault’ tab
  • Click ‘Turn On FileVault’
  • Choose how you want to be able to unlock your disk and reset your password
  • Write down the recovery key and store it securely

• For Android:

  • Go to ‘Settings’ > ‘Security’ or ‘Security & location’
  • Tap ‘Encrypt phone’ or ‘Encryption & credentials’
  • Follow the prompts to encrypt your device
  • Note: Many modern Android devices are encrypted by default

• For iOS:

  • iOS devices are encrypted by default when you set a passcode
  • Go to ‘Settings’ > ‘Touch ID & Passcode’ or ‘Face ID & Passcode’
  • Set a strong passcode if you haven’t already

• For external hard drives (Windows):

  • Connect the drive and open File Explorer
  • Right-click the drive and select ‘Turn on BitLocker’
  • Follow the prompts to encrypt the drive

• For external hard drives (macOS):

  • Open ‘Disk Utility’
  • Select the drive and click ‘Erase’
  • Choose a name, format as ‘APFS (Encrypted)’ or ‘Mac OS Extended (Journaled, Encrypted)’
  • Set a strong password

• After encryption:

  • Restart each device to ensure encryption is fully enabled
  • Verify encryption status in system settings

• Backup recovery keys:

  • Store recovery keys or passwords in a secure password manager
  • Consider printing a hard copy and storing it in a secure physical location

Remember

Full-disk encryption may slightly impact performance on older devices. Always ensure you have backups of your data before encrypting, and never forget your encryption password or lose your recovery key, as your data will be irretrievable without them.

Remember

Treat all security alerts with urgency, but be extremely cautious about text messages and emails claiming to be security alerts. Never click links or call phone numbers provided in these messages - they are often phishing attempts. Instead, manually navigate to the official website or app of the service in question to investigate any claimed issues. Ensure legitimate alerts are enabled for all critical financial and online accounts.

Why

Timely responses to genuine security alerts are crucial - they warn you of unauthorized access, fraudulent activity, or data breaches. However, scammers frequently impersonate security alerts via text and email to steal credentials or personal information. By always going directly to the source rather than trusting incoming messages, you can act quickly on real threats while avoiding sophisticated phishing scams.

Remember

Prioritize the installation of security updates, especially those labeled as ‘critical’ or addressing known vulnerabilities. Enable automatic updates where feasible, but remain vigilant for manual prompts if auto-updates are delayed or require intervention.

Why

Promptly applying security updates is one of the most effective defenses against malware and cyberattacks. Attackers quickly exploit known vulnerabilities, and delaying updates leaves your devices and data exposed to unnecessary risks.

Remember

Always be skeptical of unsolicited emails, especially those urging immediate action, requesting personal information, or containing unexpected attachments/links. Verify sender addresses carefully. When in doubt, do not click or respond; instead, contact the alleged sender through a known, legitimate channel.

Why

Email is a primary channel for phishing scams, malware distribution, and other cyberattacks. Consistent email hygiene—such as scrutinizing senders, avoiding suspicious links, and not downloading unexpected attachments—is critical to protecting your accounts and personal information.

Remember

Regularly ask yourself: “Is it necessary to share this piece of personal information? What are the potential risks?” Strive to provide only the minimum information required in any interaction, whether online or offline.

Why

Every piece of personal information shared increases your digital footprint and potential exposure to identity theft, scams, or unwanted tracking. Practicing mindful sharing—consciously deciding what, where, and with whom you share—is a fundamental aspect of maintaining privacy and security.

Remember

When using AI tools (chatbots, assistants, image generators, etc.), consciously avoid inputting sensitive personal information like full names, addresses, financial details, or private matters. Reflect: “Could this information be used to identify me or compromise my privacy if stored or misused?”

Why

AI systems often learn from user inputs, and this data may be stored, analyzed, or used in ways that could compromise your privacy. Being mindful of what you share with AI helps protect your personal information from unintentional exposure or misuse.

Remember

When connecting to any public Wi-Fi network, always use a trusted VPN (Virtual Private Network) to encrypt your connection. Avoid accessing sensitive accounts (banking, email) or performing financial transactions. If a VPN is unavailable, use your mobile data instead for such activities.

Why

Public Wi-Fi networks are inherently insecure and can be easily monitored by malicious actors. Using a VPN encrypts your data, protecting it from eavesdropping. Avoiding sensitive activities further minimizes risk, as no public network should be considered completely safe.

Remember

Use private browsing modes when you want to prevent your browsing history, cookies, or site data from being saved on your local device. This is useful for sensitive searches or when using a shared computer. However, understand that it does not make you anonymous online; your ISP, employer (on work networks), and websites can still track your activity.

Why

Private browsing offers a degree of local privacy by not storing session data on the device. This can be helpful for specific situations, but it’s important not to mistake it for comprehensive online anonymity or security, which require tools like VPNs and other privacy-enhancing practices.

Remember

Make it a habit to log out of websites and applications when you’ve finished using them, particularly on shared or public computers. On personal devices, still consider logging out of sensitive accounts if the device might be accessed by others. Also, lock your screen when stepping away from your devices.

Why

Active sessions can be exploited if a device is lost, stolen, or accessed by an unauthorized person. Logging out terminates these sessions, adding a critical layer of security, especially for sensitive accounts like email, banking, and social media.

Remember

Be selective about which apps you install - each new app increases your attack surface. Before installing any app, browser extension, or signing up for a new service, ask yourself if you truly need it. When you do install something, carefully review the permissions it requests and grant only those essential for its intended function. Regularly review and remove apps you no longer use.

Why

Every app is a potential security risk and privacy concern. Fewer apps mean fewer opportunities for data breaches, malware, and privacy violations. Many apps request excessive permissions beyond what they need to function. By being selective with installations and strict with permissions, you minimize your digital footprint and reduce the risk of compromised accounts or data exposure.

Remember

Before sharing photos online, especially on public platforms, be aware that they may contain hidden metadata (EXIF data) such as location, date, time, and device information. Consider stripping this metadata if it could compromise your privacy.

Why

Photo metadata can inadvertently reveal sensitive personal information. While some platforms automatically strip this data, not all do. Being mindful of what your photos might be sharing helps protect your privacy and security. A more thorough review or stripping of metadata can be done less frequently or as needed.

Remember

Before posting any personal information, opinions, photos, or videos online, take a moment to consider its necessity, potential audience, and long-term implications. Ask yourself: “Am I comfortable with this being public and permanent?”

Why

Information shared online can be difficult, if not impossible, to completely retract. It can affect your reputation, privacy, and even physical safety. Cultivating a habit of thoughtful online sharing helps protect your digital footprint and personal well-being.

Remember

Restart your primary devices (computers, smartphones, tablets) at least once a week. This simple maintenance step clears temporary files, resolves minor software glitches, applies pending updates, and improves overall system performance.

Why

Regular restarts help prevent system slowdowns and stability issues. Many updates and system optimizations only take effect after a restart, and accumulated temporary files can degrade performance over time.

Why

Monthly statement reviews are essential for catching fraud, errors, and unauthorized charges early. The sooner you identify problems, the easier they are to resolve. Regular reviews also help you understand your spending patterns and identify subscriptions or services you no longer need.

Action

• Review all bank account statements line by line.
• Check credit card statements for unfamiliar charges.
• Verify all automatic payments and subscriptions are correct.
• Look for small test charges that precede larger fraud.
• Confirm all deposits and payments cleared properly.
• Check for duplicate charges or billing errors.
• Verify interest rates haven’t changed unexpectedly.
• Report any discrepancies immediately to your financial institution.
• Download and save statements for your records.

Remember

Set a specific day each month for reviews, such as the 5th, to ensure consistency. Don’t wait for paper statements - review online as soon as they’re available.

Why

Software updates patch security vulnerabilities that criminals actively exploit. Outdated software is the easiest way for attackers to compromise your devices. Regular updates also provide performance improvements, bug fixes, and new security features that enhance your protection.

Action

• Check for operating system updates on all devices.
• Update all installed applications and programs.
• Check for firmware updates on routers and smart devices.
• Update browser and browser extensions.
• Verify auto-update is enabled where available.
• Restart devices after updates to ensure they take effect.
• Review and remove software you no longer use.
• Check for driver updates on computers.

Remember

Schedule updates during downtime to avoid disruption. Back up important data before major updates. If auto-updates are disabled for stability reasons, maintain a manual update schedule.

Why

Data breaches are frequent and can expose your personal information (emails, passwords, etc.) without your immediate knowledge. Regularly checking breach notification sites and monitoring your accounts helps you detect compromises early, allowing you to take swift action to secure your accounts and mitigate potential damage like identity theft or financial fraud.

Action

• Visit breach notification services like haveibeenpwned.com and enter your email addresses and known usernames.
• Review any breach alerts from your password manager or identity monitoring services.
• Check for notifications from companies you do business with regarding recent security incidents.
• For any accounts identified in a breach or showing suspicious activity:
  • Change the password immediately to a strong, unique one (use a password manager).
  • Enable two-factor authentication (2FA) if not already active.
  • Review account activity, settings, and recovery information for any unauthorized changes.
  • Update security questions if they were potentially compromised.
• Look for unusual login attempts or unrecognized devices in your critical account activity logs.
• If financial information was potentially exposed, monitor your credit reports and financial statements closely.

Remember

Swift action after discovering a breach or compromise is crucial. Using unique passwords for every account significantly limits the damage if one account’s credentials are exposed. Consider using password manager monitoring features and setting up alerts on breach notification sites for ongoing vigilance.

Why

Regularly checking online backups ensures your data is properly protected and recoverable.

Action

• Log into your online backup service
• Check the last backup date and time
• Verify all important folders are included
• Review any backup failure notifications
• Perform a test restore of a few files
• Check available storage space
• Update backup settings if needed
• Ensure automatic backups are enabled
• Review and update backup schedule if necessary

Remember

A backup is only useful if it’s current and actually working. Regular verification is crucial for data protection.

Why

Digital clutter accumulates quickly - from files scattered on your desktop to browser data tracking your every move online. Regular cleanup improves computer performance, protects your privacy by removing tracking data, makes finding important files easier, and resolves many common browsing issues. This monthly maintenance prevents small messes from becoming overwhelming problems.

Action

File Cleanup:

• Review files on your computer’s desktop - delete unnecessary items and file away important documents
• Clean your “Downloads” folder - remove old installers, PDFs, and temporary files
• Quickly scan Documents and Pictures folders for misplaced files and organize them
• Empty your computer’s trash or recycle bin

Browser Cleanup:

• Open your browser’s settings or preferences
• Navigate to the privacy or history section
• Clear browsing data including cache, cookies, and history
• Choose time range (recommend “Last month” for monthly cleanup)
• Restart the browser after clearing
• Consider enabling automatic clearing on browser exit for sensitive browsing

Remember

Clearing browser data will sign you out of websites, so be prepared to log back in. Consider using a password manager to make this process smoother. This monthly digital housekeeping takes just 15-20 minutes but saves hours of frustration and protects your privacy.

Why

It’s easy to sign up for services or trials and forget about them, leading to unnecessary recurring charges. Regularly reviewing your subscriptions helps you identify and cancel those you no longer use, saving money and reducing the number of companies holding your payment information.

Action

• List your known recurring subscriptions (e.g., streaming services, software licenses, gym memberships, subscription boxes).
• Check your bank and credit card statements for any recurring payments you don’t recognize or have forgotten about.
• For each subscription, evaluate if you are still using it and if it provides sufficient value.
• Cancel any subscriptions or memberships that are no longer needed or used.
• Note renewal dates for annual subscriptions to decide whether to renew them in advance.

Remember

Some services make cancellation difficult. Be persistent. Set calendar reminders for trial period endings to avoid being charged.

Why

Device tracking features are useless if they’re not properly configured or have stopped working. Regular testing ensures you can locate, lock, or wipe your devices if they’re lost or stolen. This critical security feature often fails silently due to setting changes or account issues.

Action

• Test Find My iPhone/iPad on all Apple devices.
• Verify Find My Device on Android phones and tablets.
• Check Find My Device for Windows laptops.
• Test location accuracy - is it showing correct location?
• Verify remote lock functionality (don’t actually lock).
• Check remote wipe options are available.
• Ensure all devices show in your account.
• Test family member device tracking if configured.
• Verify backup contact methods are current.
• Check battery optimization isn’t disabling tracking.

Remember

Keep tracking features enabled even if you’re privacy-conscious. The security benefits outweigh privacy concerns for most people. You can always disable tracking temporarily when needed.

Why

Keeping your router’s firmware up-to-date is crucial for maintaining network security. Firmware updates often include patches for security vulnerabilities, performance improvements, and new features. Outdated firmware can leave your network exposed to potential attacks and exploits.

Action

Log into your router’s admin panel using its IP address (often 192.168.0.1 or 192.168.1.1). Locate the firmware update section (usually under “Administration” or “Advanced”). Check for available updates. If an update is available, download and install it. Wait for the router to reboot and confirm the update was successful.

Remember

Always download firmware updates directly from the manufacturer’s official website to avoid potentially malicious software.

Why

Keeping your Internet of Things (IoT) devices updated with the latest firmware is crucial for maintaining security. Manufacturers often release updates to patch vulnerabilities, improve performance, and add new features. Outdated firmware can leave your devices and network exposed to potential security threats.

Action

Make a list of all IoT devices in your home. For each device, locate the manufacturer’s website or app. Check for available firmware updates. Download and install updates following the manufacturer’s instructions. Restart devices after updating. Enable automatic updates if available.

Remember

Regularly check for firmware updates, ideally once a month, to ensure your IoT devices remain secure and function optimally.

Why

Regular physical cleaning of your devices and peripherals promotes hygiene, can extend their lifespan by preventing dust buildup in vents (which can cause overheating), and improves their overall usability and appearance.

Action

• Peripherals:
  • Keyboards: Use compressed air to remove debris from under keys. Wipe down keys with a slightly damp microfiber cloth or an appropriate electronics cleaning wipe.
  • Mice: Wipe down the mouse surface. Clean the sensor area gently if needed.
  • Screens (Monitors, Laptops, Tablets, Phones): Use a microfiber cloth (slightly dampened with distilled water or a screen-specific cleaner if necessary) to wipe screens. Avoid harsh chemicals.
• Device Vents (Laptops, Desktops, Consoles):
  • Inspect air intake and exhaust vents for dust accumulation.
  • Use short bursts of compressed air to carefully clean out dust from vents. Ensure the device is powered off and unplugged.
• Other Devices: Wipe down surfaces of other frequently used devices like smart speakers, remotes, etc.

Remember

Always power off and unplug devices before cleaning, especially when using liquids or compressed air near vents. Follow manufacturer recommendations for cleaning specific devices if available.

Why

Privacy settings on operating systems, applications, and online platforms change frequently, and default settings often do not prioritize user privacy. A comprehensive annual review ensures you maintain control over your personal information, limit data collection, and aren’t unknowingly sharing more data than intended across all your digital touchpoints.

Action

• Major Online Accounts (Google, Apple, Microsoft, etc.):

  • Access the main privacy dashboard for each account.
  • Review activity controls (e.g., web & app activity, location history, voice recordings) and adjust or delete data as preferred.
  • Check data sharing settings with third-party apps and services; revoke unnecessary access.
  • Review ad personalization settings and opt-out where possible.

• Social Media Platforms:

  • For each platform (Facebook, Instagram, X/Twitter, LinkedIn, TikTok, etc.):
    • Review who can see your profile information, posts, photos, and friends/follower lists. Adjust to be more restrictive if needed.
    • Check settings for tagging, facial recognition, and location sharing. Disable if not desired.
    • Review connected apps and third-party logins, revoking unneeded access.
    • Examine ad preferences and data sharing settings with advertisers.

• Operating Systems (Computers & Mobile Devices):

  • Computers (Windows, macOS): Review system-level privacy settings related to location services, advertising ID, diagnostic data, and app permissions.
  • Mobile Devices (iOS, Android): Audit privacy settings for location tracking, microphone/camera access, advertising identifiers, app tracking, and diagnostic data. Review permissions for individual apps.

• Web Browsers:

  • Review privacy and security settings (e.g., cookie handling, tracking protection, “Do Not Track” requests).
  • Clear browsing history, cookies, and cache if not done regularly.
  • Review permissions granted to websites (e.g., location, notifications, camera/microphone).

• Smart Home Devices & IoT:

  • Check privacy settings within the apps that control your smart home devices (e.g., smart speakers, cameras, thermostats).
  • Review data collection policies, voice recording storage, and sharing options.

• Other Key Applications & Services:

  • Review privacy settings for streaming services, gaming platforms, work-related platforms, and any other services where you have accounts and share data.

• Children’s Accounts (if applicable):

  • Thoroughly review and adjust privacy and safety settings on any accounts or devices used by children.

Remember

Balance privacy with functionality; some features may require certain data sharing. Document your preferred settings or take screenshots after review, as this can help identify unwanted changes by platforms later and serves as a record of your choices.

Why

Your physical wallet contains identity and financial documents that can devastate you if stolen. Minimizing what you carry and documenting what’s there helps prevent identity theft and speeds recovery. Annual review ensures you’re not carrying outdated cards or unnecessary sensitive information.

Action

• Empty your wallet completely and photograph contents.
• Remove: Social Security card, passwords, excess credit cards.
• Keep only: driver’s license, insurance cards, 1-2 payment cards.
• Photograph front and back of all remaining cards.
• Store photos in password manager or encrypted storage.
• Add “See ID” to credit card signature panels.
• Consider RFID-blocking wallet for contactless cards.
• Create wallet inventory list with card numbers and phone numbers.
• Store list separately from wallet (not in it).
• Shred old cards and documents you removed.

Remember

Never carry your Social Security card. If you need it for a specific appointment, bring it and return it to secure storage immediately. Most cards can be replaced, but identity theft prevention is worth the minor inconvenience.

Why

Account recovery options (like secondary email addresses, phone numbers, and security questions) are your lifeline if you get locked out of an account or it’s compromised. Similarly, some services allow designating specific contacts for emergency access. If this information is outdated, you might permanently lose access to important accounts. A yearly review ensures these crucial details are current.

Action

• List all your critical online accounts (email, banking, cloud storage, password manager, social media, etc.).
• For each account, log in and navigate to the security or profile settings.
• Account Recovery Information:
  • Verify that recovery email addresses are current, accessible to you, and themselves secure.
  • Check that recovery phone numbers are up-to-date and can receive verification codes.
  • Review security questions and answers. Ensure answers are memorable to you but not easily guessable by others (consider using unique, non-obvious answers stored in your password manager).
  • Check for and save any new backup codes if you’ve used previous ones or if the service recommends regenerating them.
• Account-Specific Emergency Contacts/Trusted Contacts:
  • If the service allows designating trusted contacts for account recovery or emergency access (distinct from your personal digital executor), verify these contacts are still appropriate and their details are correct.
• Digital Legacy Contacts:
  • Review digital legacy contact settings for major online accounts that offer this feature (e.g., Apple ID, Google Account, Facebook).
  • Verify that the designated legacy contact(s) are still appropriate and willing to act in this capacity.
  • Ensure their contact information is up to date within the service.
• Password Manager Emergency Access:
  • Check the emergency access settings in your password manager.
  • Confirm the designated emergency contact(s) are correct and still trusted.
  • Review the waiting period or conditions for access to ensure they align with your wishes.
  • Briefly re-familiarize yourself with how your emergency contacts would initiate access.
• Remove any old or unrecognized devices from lists of trusted devices.

Remember

This task focuses on the recovery mechanisms within each specific account. It’s different from updating your overall personal emergency contact list (a Getting Started task) or your broader digital emergency plan (another yearly task). Ensure all recovery methods point to accounts and devices you actively control and secure.

Why

Your digital footprint grows continuously as new information about you appears online. An annual deep search helps you understand what’s publicly visible, track the effectiveness of your privacy efforts, and identify data exposed by third parties like data brokers. Proactive removal helps reduce your exposure to doxxing, identity theft, and unwanted solicitations.

Action

• Search Yourself:
  • Perform searches for your full name, common misspellings, and known aliases on major search engines (Google, Bing, DuckDuckGo).
  • Search for your email addresses and phone numbers (use quotation marks for exact matches, e.g., “your.email@example.com”).
  • Search for your physical address to see what’s publicly associated with it.
  • Use reverse image search (e.g., TinEye, Google Images) for your profile pictures or other key photos.
• Check People Search Sites & Data Brokers:
  • Systematically check major people search sites (e.g., Whitepages, Spokeo, BeenVerified, ZabaSearch) and data broker sites (e.g., Intelius, MyLife, Acxiom, Oracle Data Cloud).
  • For each site where your information is found, follow their official opt-out procedure. This often involves finding a specific opt-out page, filling a form, or sending an email.
• Review Public Records:
  • If relevant to your concerns, search publicly accessible online court records or local government databases for your information.
• Social Media & Online Profiles:
  • Review your own public-facing social media profiles to ensure they don’t overshare.
  • Check if you appear in others’ public social media posts or photos in a way that concerns you (request removal if appropriate).
• Professional Databases:
  • Search professional databases relevant to your field if they might contain publicly accessible personal information.
• Audit & Close Unused Accounts:
  • List all online accounts you can remember (email, social media, shopping, forums, apps, etc.).
  • Search your email archives for “welcome,” “verify your account,” or “password reset” messages to help identify forgotten accounts.
  • Review your password manager for saved logins to old or unused services.
  • For unnecessary accounts:
    • Log in and look for an account deletion or closure option (sites like JustDeleteMe.xyz can provide direct links).
    • Follow the platform’s instructions to permanently delete your account and associated data.
    • If full deletion isn’t possible, remove as much personal information as you can and consider changing to a disposable email.
• Document & Track:
  • Document all findings and the sites where your data appears.
  • Keep records of all opt-out requests submitted, including dates and confirmation numbers/emails.
  • Document the accounts you’ve closed or anonymized for your records.

Remember

Data removal from broker sites can be an ongoing battle, as data may reappear. Consider using a reputable data removal service (e.g., DeleteMe, Kanary) to automate and manage opt-outs if you find extensive information or lack the time for manual requests. Be persistent and regularly check if your opt-outs have been honored.

Why

Your credit report affects loan rates, insurance premiums, employment, and housing opportunities. Annual reviews help you catch errors, fraud, and identity theft early. Federal law entitles you to one free report from each bureau annually - use this right to protect yourself.

Action

• Visit AnnualCreditReport.com (the only official site).
• Request reports from all three bureaus: Equifax, Experian, TransUnion.
• Review each report carefully for accuracy.
• Check all accounts listed belong to you.
• Verify personal information is correct.
• Look for hard inquiries you didn’t authorize.
• Check for accounts you’ve closed that show as open.
• Dispute any errors with the relevant bureau.
• Save copies of all reports securely.
• Set reminder for next year’s review.

Remember

Space out your requests throughout the year (one bureau every 4 months) for continuous monitoring, or get all three at once for a comprehensive annual review.

Why

Regularly reviewing and updating your digital emergency and identity theft response plans is crucial for maintaining your online security and privacy. These plans serve as your roadmap for quick action in case of a digital crisis or identity theft, potentially minimizing damage and stress during critical situations.

Action

• Locate your existing digital emergency plan (which should detail how trusted individuals can manage your digital life if you’re incapacitated or deceased, and your identity theft response plan). If you don’t have one, prioritize creating it (refer to “Create Digital Emergency Plan” in Getting Started).
• Review contact information for relevant parties listed in your plan (e.g., banks, credit bureaus, insurance, legal contacts, personal emergency contacts/digital executor).
• Update the inventory of your important digital assets and accounts:
  • List all digital assets including domain names, cryptocurrency holdings, valuable software licenses, online business assets, or sentimental digital creations.
  • For each asset, verify: where it’s held, access credentials (or secure references to them), approximate value if applicable, and specific instructions for its disposition.
  • Add any new significant assets acquired over the past year.
  • Remove or update information for assets you no longer own or that have changed.
• Revise steps for immediate action in case of various scenarios like a major account breach, device loss, or identity theft.
• Include any new significant digital accounts or services acquired since the last update.
• Review your digital executor and instructions:
  • Confirm that the person designated as your digital executor is still appropriate and willing to serve.
  • Review your instructions for how each digital asset should be handled (e.g., transferred to a beneficiary, sold, closed down, memorialized).
  • Ensure they know where to find the plan and how to access it (without revealing master passwords directly in the plan if possible; use hints or refer to password manager emergency access).
• Consider if any passwords or security questions mentioned (even as hints) in the plan need updating in the actual accounts.
• Legal considerations: Briefly review if any changes in your life (marriage, divorce, etc.) or in local laws might impact your digital estate planning. Consult a legal professional if you have significant concerns or complex assets.

Remember

Store your updated plans in a very secure, yet accessible-in-emergency, location (e.g., encrypted file with shared access instructions, physical copy in a safe). This plan is distinct from, but related to, your account-specific recovery settings and digital legacy contacts. Clearly documenting your digital assets and your wishes for them can save your loved ones considerable stress and confusion.

Why

The digital security landscape is constantly changing, with new threats, scams, and vulnerabilities emerging regularly. Staying informed helps you adapt your defenses, recognize new risks, and make better decisions to protect your digital life.

Action

• Identify Reputable Sources:
  • Government cybersecurity sites (e.g., US-CERT, FTC Consumer Information).
  • Well-known cybersecurity news sites (e.g., Krebs on Security, Schneier on Security, Ars Technica, Wired).
  • Cybersecurity organizations (e.g., Electronic Frontier Foundation (EFF), SANS Institute).
• Review Key Topics from the Past Year:
  • Major data breaches and their implications.
  • New types of phishing scams or social engineering tactics.
  • Emerging malware trends.
  • Significant vulnerabilities discovered in common software or hardware.
  • Updates to privacy laws or platform policies.
  • Advancements in security technologies (e.g., new 2FA methods, AI in security).
• Update Your Knowledge & Practices:
  • Based on your review, consider if any of your current security practices need updating.
  • Share particularly relevant information with family members or colleagues.
  • Subscribe to a reputable cybersecurity newsletter or follow a few key experts on social media for ongoing, less intensive updates throughout the year.

Remember

Continuous learning is key in cybersecurity. While this is a yearly focused review, try to stay generally aware of significant security news as it happens. Don’t feel you need to become an expert, but a basic understanding of current threats is very beneficial.

Why

Annual records from financial institutions, government agencies, and employers provide important snapshots of your financial and legal status. They are essential for tax preparation, loan applications, insurance claims, and resolving disputes. Regular collection and secure archiving ensure you have this documentation when needed and can help spot long-term trends or issues.

Action

• Financial Records:
  • Download annual bank account statements (checking, savings).
  • Obtain year-end investment account summaries and tax statements (e.g., 1099s).
  • Collect annual credit card summaries if provided.
• Government & Legal Records:
  • Download your Social Security earnings statement from SSA.gov.
  • If applicable, pull your DMV driving record to check for errors or outstanding issues.
  • Collect property tax assessments.
• Insurance Records:
  • Request or download current insurance policy declarations pages (home, auto, life, health, disability, etc.).
• Employment Records:
  • Save annual benefits summaries from your employer.
  • Keep copies of W-2s or other tax-related employment forms.
• Utilities (Optional but Recommended):
  • Save utility company annual summaries if they offer insights into usage or for potential deductions.
• Archive Securely:
  • Archive all collected digital documents in a consistent, organized folder structure (e.g., Year > Institution > Document Type).
  • Ensure these digital archives are encrypted and backed up according to your 3-2-1 backup strategy.
  • For critical paper documents, scan them and securely store the physical copies (e.g., in a fireproof safe).
• Secure Document Disposal:
  • Gather old documents that are no longer needed (especially those beyond retention requirements).
  • Sort into ‘shred’ and ‘recycle’ piles.
  • Scan any documents you might need for reference before disposal.
  • Use a cross-cut shredder for documents containing personal information.
  • Consider burning highly sensitive documents.
  • Recycle non-sensitive papers.
  • Empty shredder contents into multiple trash bags to prevent reconstruction.

Remember

A consistent digital and physical filing system makes finding specific records much easier when you need them, potentially years later. Ensure backups of these important records are stored securely, including an off-site copy. When disposing of old documents, even seemingly harmless papers can contain valuable information for identity thieves - when in doubt, shred it.

Why

Your Social Security earnings record is crucial as it determines your future retirement benefits. Errors in your record can lead to significantly lower benefits. Additionally, identity thieves might fraudulently use your Social Security Number for employment, which could also affect your record. Annual checks help ensure accuracy and allow for early detection of fraud, protecting your future financial well-being.

Action

• Visit the official Social Security Administration website (SSA.gov).
• Log into your “my Social Security” account. If you don’t have one, create it.
• Access and carefully review your Social Security statement.
• Verify Earnings Record: Check that your reported earnings for each year match your own records (e.g., from W-2s or tax returns).
• Look for Discrepancies: Identify any years with incorrect earnings or earnings reported that you did not make (this could be an indicator of identity theft).
• Review Estimated Benefits: Check your estimated retirement, disability, and survivor benefits.
• Verify Personal Information: Ensure your name, date of birth, and other personal details are correct.
• Update your contact information with the SSA if it has changed.
• If you find any discrepancies or suspicious activity, report it to the SSA immediately following their specified procedures.
• Download or print a copy of your statement for your records and store it securely.

Remember

Everyone with a Social Security number should create an online account at SSA.gov, regardless of age. This prevents identity thieves from creating an account in your name and potentially misusing your information or locking you out.

Why

Beneficiary designations on financial accounts (like bank accounts, retirement funds) and life insurance policies determine how those assets are distributed upon your death. This often overrides instructions in a will. Outdated or incorrect beneficiary information can lead to assets not going to your intended recipients, causing significant financial distress or legal complications for your loved ones.

Action

• Make a list of all your financial accounts that allow beneficiary designations. This typically includes:
  • Bank accounts (checking, savings – may offer Payable on Death (POD) options)
  • Retirement accounts (401(k), IRA, etc.)
  • Life insurance policies
  • Investment accounts (brokerage, mutual funds – may offer Transfer on Death (TOD) options)
  • Annuities
• For each account:
  • Contact the financial institution or log into your online portal to review the current beneficiary designations.
  • Verify that the listed primary and contingent beneficiaries are still correct and reflect your current wishes.
  • Ensure you have the full legal names, correct relationship details, and ideally, contact information for each beneficiary.
  • Update any outdated information or change beneficiaries as needed due to life events (marriage, divorce, birth, death).
• Consider consulting with a financial advisor or estate planning attorney for guidance, especially if your situation is complex (e.g., blended families, special needs beneficiaries).
• Securely save or print confirmation of any updated beneficiary designations for your records.

Remember

This is a critical part of estate planning. Life events can quickly make old designations obsolete. Keeping this information current ensures your assets are distributed according to your wishes with minimal hassle for your heirs.

Why

Digital clutter accumulates everywhere - cloud storage fills with old backups, local folders overflow with outdated files, and years of communication histories consume storage and create privacy risks. Regular cleanup helps manage storage costs, improves device performance, protects privacy by removing old sensitive conversations, and makes it easier to find what you actually need.

Action

Cloud Storage:

• Log into each of your cloud storage services (e.g., Google Drive, iCloud, Dropbox, OneDrive)
• Check your current storage usage against your plan’s limit
• Delete old backups, redundant copies, and temporary files
• Review and adjust sharing settings on folders and files
• Empty the cloud service’s trash or recycle bin

Local Files:

• Clean up Desktop folder - move or delete temporary files and organize remaining items
• Review Documents folder - archive or delete old project files and outdated documents
• Clear Downloads folder - delete old installers, PDFs, and other downloaded files
• Empty computer’s Recycle Bin/Trash after cleanup

Communication Histories:

• Email: Archive emails older than 2 years, delete spam/promotional emails, empty trash folder
• Text Messages/SMS: Delete old conversation threads, especially those with sensitive information
• Social Media: Review and delete old direct messages and chat histories on platforms like Facebook, Instagram, WhatsApp
• Messaging Apps: Clean up old conversations in Slack, Discord, Teams, or other messaging platforms
• Consider exporting important conversations before deletion if needed for records

Remember

Before deleting anything, ensure you have backups of important data. Old communications may contain login credentials, important receipts, or sentimental value - export these before deletion. This annual cleanup significantly reduces your digital footprint and the amount of personal data that could be exposed in a breach.

Why

Over time, your digital habits, the tools you use, and your available time can change. A yearly review of your digital chores schedule ensures that your reminders are still effective, the frequency of tasks is appropriate, and the overall system helps you consistently maintain your digital security and privacy without being overly burdensome.

Action

• Review your current schedule for weekly, monthly, quarterly, and yearly digital chores.
• Consider if the timing and frequency of each task still make sense for your current lifestyle and digital usage.
• Check that your calendar reminders or task management system for these chores are still active and correctly configured.
• Adjust reminder times or dates if needed (e.g., if you consistently miss a certain chore, perhaps a different day or time would work better).
• Add any new chores from this guide that you haven’t yet scheduled.
• Remove or adjust any chores that have become obsolete or less relevant to you.
• Ensure you have links to this cheatsheet or specific chore instructions in your reminders for easy reference.

Remember

The goal is to make digital maintenance a sustainable habit. A schedule that is too rigid or no longer fits your routine is likely to be ignored. Be flexible and adapt the schedule to work for you.

Why

Insurance needs change with life events (marriage, new child, home purchase), asset values, and evolving coverage options. An annual review ensures your policies provide adequate coverage for your current situation, your beneficiaries are up-to-date, and you’re getting competitive rates. Organized documentation is also crucial for speeding up claims processing during stressful times.

Action

• Gather Policies: Collect all current insurance policy documents (e.g., homeowners/renters, auto, life, health, disability, umbrella).
• Review Coverage:
  • Assess if coverage amounts are still appropriate for your current assets, liabilities, and needs.
  • Check for any gaps in coverage or areas where you might be over/under-insured.
• Update Beneficiaries: Verify and update beneficiaries on life insurance and any other policies with beneficiary designations (e.g., some retirement accounts).
• Home Inventory: For homeowners or renters insurance, review or update your home inventory list, including photos or videos of valuable items.
• Compare Rates: Consider getting quotes from other providers to ensure you have competitive rates for comparable coverage.
• Verify Personal Information: Ensure all personal details (names, addresses, covered individuals/items) are correct on all policies.
• Employer-Provided Insurance: Review your selections for employer-provided insurance (health, life, disability) during open enrollment or if a qualifying life event occurs.
• Document & Store:
  • Create a summary document with key policy information: policy numbers, insurer contact details, coverage effective dates, and main coverage amounts.
  • Store digital copies of all policies and your summary document securely (encrypted and backed up).
  • Keep physical copies of critical policy documents in a fireproof safe or other secure location.
• Inform Trusted Individuals: Ensure a spouse or trusted family member knows where to find this information in an emergency.
• Renewal Dates: Set calendar reminders for policy renewal dates to prompt review before auto-renewal.

Remember

Insurance is a critical part of your financial safety net. Review policies not just annually, but also after any major life changes. Keeping both digital and physical copies of your documentation is advisable.