31 Tips for Cybersecurity Awareness Month 2022

It’s Cybersecurity Awareness Month 2022! To celebrate, we’re sharing 31 tips to help you improve your digital security and privacy during the coming month. 

There’s a heavy Apple focus, of course — we are SecureMac, after all. But there are quite a few general security and privacy tips as well.

Most importantly: These tips are meant to be fast and easy ways to improve your security and privacy. Each one should only take five to ten minutes to complete. It may not seem like much, but if you do just one of these per day this month, you’ll be safer and more secure in the year to come.

You can do them in any order you like; to make the list a bit more manageable we’ve organized it into sections by topic. And remember, please share this list with friends, family, and coworkers to help them stay safe as well!

iPhone

iOS comes with a number of built-in cybersecurity features. These tips will help you get more out of your iPhone — protecting your digital privacy and improving your overall security:

1. Turn on automatic updates

This is the easiest way to make sure you’re safe from iOS vulnerabilities and that you always have the latest Apple security patches. Go to Settings > General > Software Update. Toggle Automatic Updates on, and then Download iOS Updates and Install iOS Updates.

To use Apple’s Rapid Security Response feature (highly recommended), toggle on Security Responses & System Files as well — that will give you access to Apple security patches issued between regular OS updates.

2. Shut down app tracking

App developers and advertisers love to use our mobile devices to track and profile us. It’s good for their businesses, but bad for our privacy. Fortunately, iOS gives you a way to opt out of app tracking. Go to Settings > Privacy & Security > Tracking. Toggle off the Allow Apps to Request to Track option.

3. Review location permissions

Many apps ask to use your location. That’s completely appropriate in some cases (e.g., for Maps, Uber, etc.). But unfortunately, some developers abuse location permissions to track you for monetary gain. For this reason, it’s smart to audit the apps that have access to your location and revoke or restrict access if needed.

Go to Settings > Privacy & Security > Location Services and scroll down to see a list of all of the apps that currently have access to your location data.

If you see an app that doesn’t belong, tap it to change the location permissions to Never if you want to revoke location access completely, or to While Using the App to limit its access. 

You can also toggle off Precise Location if you don’t mind the app knowing your general location (i.e., what city you’re in). This is a good compromise for things like weather and news apps — apps that work based on where you are, but that don’t really need your exact location to function.

4. Set a strong passcode

If you aren’t protecting your device with a strong passcode, start now! Go to Settings > Face ID & Passcode > Turn Passcode On. Enter a strong six-digit passcode. Strong means something that a stranger couldn’t guess: so not your birthday or 123456. If you’re currently using a passcode, but it’s a weak one, you can change it to something more robust here as well. 

5. Turn on Erase Data

You can set an iPhone to wipe its data after 10 incorrect passcode entries. This is a good option for most people, because it protects your data in case of theft or confiscation by the authorities. 

But beware: It’s essentially an automatic factory reset for your iPhone — and once that on-device data is gone, it’s gone forever. If you have a child who likes to play with your iPhone, you may want to skip this one!

To turn on Erase Data, go to Settings > Face ID & Passcode and scroll all the way down to see the toggle switch for Erase Data.

6. Delete unused iPhone apps

Unused apps aren’t much of a performance issue on newer iPhones. But apps can collect your data, making them a potential privacy risk. And in some cases, an app with a vulnerability may become a security risk as well. For this reason, it’s a good idea to remove apps that you aren’t using from your iPhone.

The iOS Home screen doesn’t show every app on your device, so the best way to see all of your iPhone apps in one place is to scroll past your Home screens to the App Library screen. 

Once on the App Library screen, tap the search field at the top to see a full list of your apps. Press and hold any app icon for the Delete App option.

7. Check for MDM profiles

Mobile Device Management (MDM) profiles, or configuration profiles, are legitimate tools that businesses and organizations use to manage the iOS devices that they’ve given out. If you have a work or school-issued iPhone, the IT department may be using one. However, bad guys sometimes abuse MDM profiles to spy on people or sneak malware onto their devices — usually after using social engineering tactics to get their victims to install a configuration profile for them.

It’s not terribly common, but it’s something to be aware of — and you should know how to check your device for a malicious configuration profile. To do this, go to Settings > General > VPN & Device Management. If you don’t see anything here, there is no profile installed on your device. 

If you do see a profile here that doesn’t belong, delete it. Doing this will also delete all settings, apps, and data associated with that profile. You should probably also perform a full factory reset of your device if you’ve found an unknown MDM profile, and take additional security measures such as changing account passwords that may have been compromised and checking your credit report for signs of identity theft.

8. Set Face ID to Require Attention

By default, Face ID can’t be used to unlock your device while your eyes are closed: You have to be looking directly at your iPhone for it to work. However, sometimes people turn this feature off so that they can unlock their devices more quickly. While convenient, this is a no-no for security. Make sure that your Face ID is set up for safety by going to Settings > Face ID & Passcode and toggling on Require Attention for Face ID. 

9. Learn How to Disable Biometrics with Emergency SOS 

There are certain situations when you don’t want your Face ID or Touch ID to work: When someone could use these features to force you to unlock your device. Fortunately, there’s a little-known quirk of Emergency SOS that can help. 

If you click your iPhone’s side button five times, it will bring up the Emergency Call slider. Even if you don’t end up making an emergency call, your iPhone’s biometric access will be temporarily disabled, and your passcode will be required in order to unlock the device again. Give it a try (taking care not to call 911 by accident), and keep it in mind if you’re ever in a situation where you need to turn off biometric access in a hurry.

Mac

As Macs grow more prevalent in the enterprise and among home users, bad actors will be looking to step up their attacks on macOS. Learn how to protect your Mac — and yourself — from attack:

10. Set up automatic updates

Macs are far more vulnerable to malware than iPhones, so automatic updates are a must on macOS. To turn them on, go to the Apple menu and then System Preferences > Software Update.

Check the box that says Automatically keep my Mac up to date. The Advanced… button lets you fine-tune this; for most users, we’d recommend just checking every box here in order to keep everything updated automatically. 

11. Turn on FileVault

FileVault is a macOS security feature that encrypts the data on your Mac — and then requires a password to log in each time you start your computer. It’s a great security feature that not enough Mac users take advantage of. 

To enable FileVault, go to the Apple menu > System Preferences > Security & Privacy > FileVault. Click the lock icon at the bottom left and enter your admin password so that you can make changes, and once you’ve done that, just click Turn On FileVault.

You have to choose a recovery option in case you forget your password. For most users, allowing iCloud to unlock your disk is the right choice here. For a quick explanation of your options, see this short video. 

12. Set your Mac to require a password on waking

If you use your Mac in public, physical security is a concern. For this reason, it’s a good idea to set your Mac to require a password when it wakes from sleep or exits screen saver mode. That way, if you need to walk away from your machine for a minute, you can do so without worrying that someone will sit down and start snooping!

Go to the Apple menu > System Preferences > Security & Privacy > General. Find the option for Require a password … after sleep or screen saver begins and check the box. The pop-up menu lets you decide how long your Mac can stay in sleep or screen saver mode before you have to enter a password to get back in. macOS gives you options of up to one hour here, but for better security, keep this to a few seconds at most. 

13. Install HTTPS Everywhere

If you use a browser other than Safari, install the HTTPS Everywhere extension for better security. 

Here’s why this is important. It’s true that more and more websites are moving to an enforced HTTPS policy. But at the moment, lapses and buggy implementations make it hard to know if web content is being served to you over the encrypted HTTPS protocol rather than the insecure HTTP protocol. 

HTTPS Everywhere, very simply, helps to ensure that you’re accessing websites via an HTTPS connection. 

14. Download Tor and take it for a test drive

Some people act like the Tor browser is a super-secret hacking tool — something for denizens of the Dark Web only. The truth is far less sensational. Tor is basically just a stripped-down version of Firefox: one that uses encryption and a network of relay servers to give users greater anonymity online. As such, it’s definitely worth getting to know! 

Tor is available as a third-party app on macOS. The best way to learn how it works is to download the Tor browser and try it out for yourself. If you have questions about the technology, and what it can and can’t do for you, refer to our FAQ article: What Is Tor?

15. Run a malware scan

Trivia time. Who was it that said, “Today, we have a level of malware on the Mac that we don’t find acceptable.” A macOS security researcher? An enterprise IT professional? A concerned parent or privacy advocate? The answer may surprise you. 

Macs get malware, and these days, just about everyone acknowledges the fact. To stay safe, regularly scan your Mac for malware with a reputable, frequently updated malware detection app.

We’re partial to our own software, naturally, but there are a number of good options on the market. We always like to tell people to do their research, try a few out, and pick the one that feels easiest to use. If you’re not already a user, try MacScan 3 for free and use it to run a malware scan on your Mac today.

Safari and Keychain

Apple’s native web browser and password management tools are great ways to protect your accounts, both on a Mac and on your iPhone. 

16. Use iCloud Keychain and AutoFill for password management

One of the easiest ways to improve your personal cybersecurity is to use a password manager. If you’re already using one, great! If not, Apple comes with a built-in password management tool: Keychain. You can use Keychain to create and remember strong, unique passwords for your accounts and automatically fill them in for you when you visit a website.

On iOS, first make sure Keychain is turned on: Go to Settings > [your name] > iCloud > Passwords and Keychain. Then make sure AutoFill is on at Settings > Passwords > Password Options > AutoFill Passwords. For a full primer on using these tools, check out Apple’s support page.

On a Mac, make sure Keychain is on by going to the Apple menu and opening System Preferences. Click on Apple ID > iCloud > Keychain. Note that you’ll need two-factor authentication to complete the setup. To make sure AutoFill is turned on in Safari, open Safari and go to Safari > Preferences > AutoFill. Then check the option for User names and passwords.

17. Check for weak or reused passwords

If you’re using Apple’s tools for password management, you can see if there are any issues with the passwords you’ve stored.

On iOS, go to Settings > Passwords > Security Recommendations. If there’s a problem, you’ll see an explanation here. If you’ve been using a weak or compromised password, change it right away.

On macOS, go to Apple menu > System Preferences > Passwords. Here you’ll see a list of all the passwords for which you’ve saved usernames and passwords. There will be a warning icon (a little triangle with an exclamation point inside) next to any site where you’re using a weak, reused, or compromised password. If there’s an issue, change that password ASAP!

18. Change your search engine 

Most people in the Apple ecosystem use Google for search because a.) it’s the default and b.) it’s really good at what it does. 

But Google has serious drawbacks. For one thing, Google has a poor reputation for respecting user privacy. In addition, bad guys have found ways to abuse Google’s ad platform to distribute malware and scam people. Malicious ads sometimes appear in the search results. 

DuckDuckGo, while not perfect, is a much better search engine for security and privacy. To change your default search engine to DuckDuckGo in Safari on iOS, go to Settings > Safari > Search Engine and change the default in the dropdown. On a Mac, you can do the same thing by opening Safari and going to Safari > Preferences > Search > Search engine. 

Quick tip — if you’re ever doing a DuckDuckGo search and you don’t like the results you get, rerun the search adding “g!” to the end of the query to see what Google would have given you.

19. Learn about passkeys

Passkeys are a new sign-in tool. They allow you to log in to apps and websites without using a password, and sync across your devices using iCloud Keychain. Passkeys are still very new, so not every developer supports them yet, but more and more apps and sites will add support as time goes by.

One day, passkeys may replace passwords entirely — so now is a great time to get to know how they work. Check out our quick read How Do Apple’s Passkeys Work? to learn more about the technology and how to use it.

General Security and Privacy Tips

Rounding out our tips for Cybersecurity Awareness Month 2022 are some general suggestions for better security and privacy:

20. Get a VPN to use on public Wi-Fi

VPNs are great tools for security and privacy at home, and they’re essential when you’re using a public Wi-Fi network. So even if you don’t use a VPN regularly, you should have one installed that you can use when you’re out and about and need to connect to a public network.

ProtonVPN is reputable and has a free version for both iOS and macOS. The free tier isn’t going to be super fast or give you tons of different server locations, but if you just need a secure connection on public Wi-Fi from time to time, it’s a reasonable option. If you’re interested in learning more about VPNs and exploring paid options, check out our VPN Guide for Mac Users.

21. Listen to an AirTag

AirTag is Apple’s personal tracking device for your stuff. But it’s also a potential privacy risk, and has already been abused by stalkers and other criminals. 

You may have heard that Apple has tried to make AirTag safer, and has added an alert tone that plays when someone else’s AirTag is traveling with you. But if you’re not sure what that sounds like, take a few seconds to listen to this introduction to AirTag sounds. That way you’ll know what to listen for!

22. Add a Legacy Contact

Your digital legacy is what happens to your data, accounts, digital property, and so on after you die. It’s not a fun topic to talk about, but it’s very important, since none of us wants to leave our loved ones in a difficult situation after we’re gone. 

Apple allows you to designate a Legacy Contact to manage your Apple-related data in the event of your death. If you haven’t done so already, consider setting up a digital legacy plan for your Apple account and data. The show notes for Checklist 261: Apple and Legacy Contacts will explain what’s involved and walk you through the setup process on Mac or iPhone. 

23. Do a Facebook Privacy Checkup

If you’re one of the nearly 3 billion people who use Facebook, take a few minutes to use Facebook’s Privacy Checkup tool. Privacy Checkup lets you review your sharing and account visibility settings — giving you more control over who sees what you post, and who can find you online. That’s important, because hackers and scammers often use publicly available information found on social media in their attacks. Your best bet is to lock down your profile as much as possible, and try to make it very hard for someone outside of your network of friends and family to see what you post or even to find your account.

24. Change your router and IoT defaults 

Routers and IoT devices sometimes come from the manufacturer with a default username and password (e.g., “username: admin; password: admin”). Unfortunately, a lot of people never change those defaults when they first set up their device, which makes them an easy target for hackers.

If you have a home router or smart device, take a moment to make sure you’re not still using the factory default username and password. If you are, change those right away! The manufacturer’s website should have information on how to do this.

For best results, use strong, unique passwords and avoid usernames that give away personal or technical information (e.g., “Cook Family Wi-Fi,” “Apartment 7A Network,” “My Belkin Router,” etc.).

25. Turn on 2FA for a high-value account

If you’re not using two-factor authentication, you probably already know that you should be. But like anything new, it can be intimidating and can seem like a lot of effort to get started. And let’s face it, it can also be annoying to be scolded by your IT department or your favorite cybersecurity blog! 

So rather than tell you to start using two-factor on everything right away, we’d like to make a much more modest suggestion. Pick just one high-value account — email, LinkedIn, or a financial account — and turn on 2FA for that account only. 

The option to turn on 2FA is almost always found in the settings menu of your account area, usually under a subheading called “security” or “login.” Turn on two-factor for your account and use it for a week or two. When you see how easy it is, you’ll wonder why you didn’t do it sooner — and you’ll be much likelier to implement 2FA on your other accounts as well. If you’d like an example walkthrough of how to turn on 2FA, check out our blog post on enabling 2FA.  

26. Know the signs of identity theft 

In 2021, identity theft affected 42 million people, costing victims an estimated $52 billion. It’s a huge problem, and to make matters worse, recovering from identity theft is usually a long, difficult, and stressful process. 

For this reason, cybersecurity experts recommend keeping watch for early warning signs of identity theft — so that if you are the victim of identity fraud, at least you’ll be able to mitigate the damage and begin the recovery process quickly as possible. Navy Federal Credit Union has published a list of 9 common signs of identity theft. It only takes a few minutes to read, but it could save you months of headache if someone steals your identity.

27. Check your credit report

One of the best ways to protect yourself from identity theft is to regularly check your credit report. Look for mistakes, incorrect information, and telltale signs that someone has been trying to open lines of credit using your identity: unfamiliar accounts, lender inquiries that you don’t recognize, a denial of credit that you never applied for, or incorrect addresses, phone numbers, and names.

If you’re in the United States, you’re entitled to a number of free credit reports each year; the Federal Trade Commission (FTC) website has an information page that explains how to obtain them. 

28. Sign up for HIBP alerts

Have I Been Pwned (HIBP) is a data breach aggregation service maintained by Australian cybersecurity expert Troy Hunt. It’s an excellent way to tell whether or not one of your accounts has turned up in a known data breach. 

You can sign up for free data breach notification alerts from HIBP. Just enter the email address (or addresses) that you use for logging in to your accounts, and if one of those accounts is involved in a data breach, you’ll get a warning via email.

29. Sign up for Scam Alerts

New scams seem to crop up every week, and it can be hard to keep up with them all. The FTC’s consumer alerts service can help. If you sign up for their mailing list, they’ll send you tips and advice for avoiding scams — and even more importantly, they’ll send you an email alert every time there’s a sneaky new scam you need to know about!

30. Follow The Checklist

SecureMac has been doing a weekly cybersecurity podcast for Apple users ever since 2016. The podcast is geared toward a general audience, and features news, updates, analysis, and tips to help you improve your digital security and privacy. If you have a Mac or an iPhone, and you want to stay current with the latest developments in cybersecurity, start following The Checklist today!

31. Share this list with a friend

Last but definitely not least — remember that when it comes to cybersecurity, sharing is caring! So help keep your friends, family, and coworkers a little bit safer by sharing this list with them.