5 New Year’s Resolutions That Will Improve Your Digital Security

Security
Written By Scott Smith
2021-security-resolutions-photo-1080x675.jpg

Happy New Year! For many of us, the start of a new year is an opportunity to reflect on fresh habits we’d like to adopt. Get enough sleep, eat healthy, exercise…things you’ll try for a few days and almost certainly quit. Rather than spin your wheels with the typical resolutions, why not make more of an effort to improve your digital security?

Here are a few tips.

Keep Your Devices Updated

A very common question I get is “Should I update to (insert OS version here)?” To be clear…yes. Yes you should.

One of the most important things you can do to protect your security is to install new operating system updates and security updates soon after Apple releases them. Although the details seldom make the news because they’re both highly specific and highly technical, you can get a sense of how important security updates are by the fact that a typical update addresses 20–40 vulnerabilities that Apple or outside researchers have identified.

Software-Update-1024x596.png

It’s usually a good idea to wait a week or so after an update appears before installing it on the off chance that it has undesirable side effects. Although such problems are uncommon, when they do happen, Apple pulls the update quickly, fixes it, and releases it again, usually within a few days. For most people, that won’t be an issue because Apple usually waits at least a week or two to notify you that an update is available.

Use a Password Manager

If you’re still typing passwords by hand or copying and pasting from a list you keep in a file, you’re doing it wrong. Please switch to a password manager like 1Password or LastPass. Even Apple’s built-in iCloud Keychain is better than nothing. A password manager has five huge benefits:

  • It generates strong passwords for you. Password1234 can be hacked in seconds.

  • It stores your passwords securely. An Excel file on your Desktop is a recipe for disaster.

  • It enters passwords for you. Wouldn’t that be easier than typing them in manually?

  • It audits existing accounts. How many of your accounts use the same password?

  • It lets you access passwords on all your devices. Finally, easy login on your iPhone!

A bonus benefit for families is password sharing. It allows, for example, a married couple to share essential passwords or for parents and teens to share certain passwords.

1Password-vault-980x606.png

In short, using a password manager is more secure, faster, easier, and just all-around better. If you need help getting started, get in touch.

Beware of Phishing Emails

Individuals and businesses alike frequently suffer from security lapses caused by phishing: forged emails that fool someone into revealing login credentials, credit card numbers, or other sensitive information. Although spam filters can catch many phishing attempts, it’s up to you to be on your guard at all times. Here’s what to watch for:

  • Any email that tries to get you to reveal information, follow a link, or sign a document

  • Messages from people you don’t know, asking you to take an unusual action

  • Direct email from a large company for whom you’re an anonymous customer

  • Forged email from a trusted source asking for sensitive information

  • All messages that contain numerous spelling and grammar mistakes

Apple-phishing-980x526.png

Notice a few things in the example above:

  • Apple would never call a team “Service Apple.”

  • The from email address is displayed as service@help.com. The first thing this tells us is that it is not from Apple. Also, I guarantee it’s not from help.com…if you were to expand the address, it would most likely show some incoherent string of characters as the actual domain.

  • Apple would never start an email with “Dear,” and you can be certain they have your full name on file. They wouldn’t just leave it off.

  • Typos galore!

    • “…updating our systems to a new version ,So we invite you to verify your information, Once you have verify…”

    • “To protect your account from Avoid phishing emails”

When in doubt, don’t follow the link or reply to the email. Instead, contact the sender in some other way to see if the message is legit.

Avoid Sketchy Websites

I won’t belabor this one, but suffice it to say that you’re much more likely to pick up malware from sites on the fringes of the Web or that cater to the vices of society. To the extent that you can avoid sites that provide pirated software, “adult” content, gambling opportunities, or sales of illicit substances, the safer you’ll be. That’s not to say that reputable sites haven’t been hacked and used to distribute malware too, but it’s far less common.

If you are concerned after spending time in the darker corners of the Web, download a free copy of Malwarebytes or DetectX Swift and scan for malware manually.

Malwarebytes-scan-1024x701.png

Never Respond to Unsolicited Calls or Texts

Although phishing happens mostly via email, scammers have also taken to using phone calls and texts. Thanks to weaknesses in the telephone system, such calls and texts can appear to come from well-known companies, including Apple and Amazon. Even worse, with so much online ordering happening, fake text messages pretending to help you track packages are becoming more common.

Text-scam.png

For phone calls from companies, unless you’re expecting a call back from a support ticket you opened, don’t answer. Let the call go to voicemail, and if you feel it’s important to respond, look up the company’s phone number elsewhere, and talk with someone at that number rather than one provided by the voicemail.

One trick used by these scammers is spoofing numbers that look very similar to your own. It’s manipulation at its finest. If you see a number that looks familiar, you’re more likely to answer.

I recommend enabling your iPhone’s “Silence Unknown Callers” feature by going into Settings > Phone. This will still allow calls from people in your contact list, but anything else won’t ring through. It’ll just show up as a missed called notification. My theory is, if anything is important enough to deserve my attention, they’ll leave a voicemail.

For texts, avoid following links unless you recognize the sender and it makes sense that you’d be receiving such a link. (For instance, Apple can text delivery details related to your orders.) Regardless, never enter login information at a site you’ve reached by following a link because there’s no way to know if it’s real. Instead, if you want to learn more, navigate manually to the company’s site by entering its URL yourself, then log in.

Also…and I can’t stress this enough…never EVER EVER (ever) respond to a text message from an unknown number. Even if it looks like someone is trying to reach someone and has the wrong phone number and you think you’re helping them by letting them know. In almost all cases, a spam text is a way for a company to verify that your phone number is in use. If you respond, they know they’ve got a live one and you will start to receive a barrage of calls and texts that will make you want to change your number. Just don’t respond to anything unless it’s from a contact you have saved.

That’s all for now! If you have any questions or additional ideas, leave a comment below or head to the contact page to send me a message!

Scott Smith https://scottrsmith.com
Previous

M1-Based Macs Have New Startup Modes: Here’s What You Need to Know
Next

Flash Is Dead—Uninstall Flash Player to Keep Your Mac Secure