This is a guide for individuals who are interested in improving their digital security/privacy. Only basic knowledge of how to use your computer and mobile device is required.
Everyone should do these. You only need to set them up once, are high value for relatively low effort, and there is little/no downside. Instructions are linked, where possible. You can of course skip any that aren’t relevant to you.
Do these for all of your computers, phones, tablets, etc.
Prioritize securing services that you frequently use for communication, or that have sensitive information like your contacts, financial, payment, or health information. In other words, which accounts do you have that, if hacked, would be a Big Deal? Examples of services that might be at the top of that list:
We’ll refer to this in subsequent sections.
Some services have a built-in Security Checkup tools, walking you through various account settings. Go through them for:
Also known as two-factor authentication (2FA). All major services offer MFA.
When enabling MFA, using one or more of the following is recommended:
These tips require a bit more commitment or technical comfort, but are worth the effort.
For more information, see the Freedom of the Press Foundation’s Secure Communication guide.
Examples of sensitive information:
If someone contacts you via phone or email and asks for sensitive information, don’t give it to them. This often comes up as fake customer support or debt collectors. If this happens and you think it might be legitimate, follow up via official channels (the customer service number on the back of your credit card, etc.)
Don’t share sensitive information in SMS or (unencrypted) email directly. See more info for Gmail and Outlook. An easy alternative is putting the information in a file/document in Google Drive / Dropbox / etc. and sharing that.
Your personal information is constantly being sold by data brokers.
Your personal/contact information, passwords, etc. may have become available to people that shouldn’t have it.
A password manager solves a number of problems:
It’s worth paying for one of the top-recommended options, but if you’re cost-conscious or want minimal hassle, you can use one that comes built into your browser:
Do these for all of your computers, phones, tablets, etc.
In short, security is like having bars on your windows: hackers can’t get in, but they can see through. Privacy is like having blinds, where they can’t see in, but they can reach their hand in and unlock the door. You’ll need a combination of protections to address both.
password
.multi-factor authentication
.This guide makes no guarantees that, even with following all steps of this guide, that your digital security/privacy will not be compromised. If you are a high-value target for hackers, such as:
…then this guide will not be enough. See resource like the Surveillance Technology Oversight Project (STOP)’s Protest Surveillance toolkit. If you’re a high-profile target, you should consult a security professional for additional actions.