7 days to a safer 2022

We all want to make our 2022 better than last year, and that includes improving our security and privacy. But we also know that New Year’s resolutions can be daunting —  especially when they are hard to do, or deal with complex topics like computer security!

For this reason, we made up a list of 7 simple steps to help make the coming year significantly more secure than the last one. A few of these can be done in seconds. The “harder” ones take a half hour at most.

We’d suggest going through this list over the coming week, taking on just one item per day. If you know someone who could benefit from doing this, please share this guide with them as well.

Enjoy your easy security and privacy wins, and here’s to a safer 2022!

1. Turn on automatic updates

   Apple invests a lot of time and effort in patching security vulnerabilities. But if you don’t actually install those updates, they can’t keep you safe. The best way to make sure your systems are always up to date is to turn on automatic updates for both your Mac and your iPhone. Here’s how to do it.

   On a Mac, go to the Apple menu > System Preferences > Software Update. Check the box that says Automatically keep my Mac up to date. You can fine-tune how you get your updates by clicking the Advanced button (we’d recommend just checking all of the boxes here).

   On an iPhone, go to Settings > General > Software Update > Automatic Updates. Toggle Download iOS Updates to on. We’d also recommend toggling on Install iOS Updates. That makes the installation process automatic as well. But not to worry: This will only happen at night, and only after a notification. If you do set up automatic installation, be aware that you need to be connected to Wi-Fi with your device charging for this to work.

2. Disable app tracking

   Apple spent the past year arguing with Facebook and others about its App Tracking Transparency feature for iOS. Apple won the argument. iPhone users now have a one-click option to prevent apps from tracking them across websites and between apps.

   To turn off app tracking on your iPhone, go to Settings > Privacy > Tracking. There’s a toggle labeled Allow Apps to Request to Track. If you turn this off, apps can’t even ask you if you want to be tracked. Even more importantly, they can’t access your device’s Advertising Identifier, which is how ad tracking works.

3. Sign up for “pwn” alerts

   Data breaches are a serious threat to your security and privacy. And one of the worst things about them is that you usually don’t know when you’ve been part of one!

   Troy Hunt is an Australian security researcher who is trying to solve this problem. He is the creator of a free data breach aggregation service called Have I Been Pwned. It’s basically just a compilation of publicly known data breaches in a huge database, and a linked website where anyone can check if their account has turned up in one of the breaches.

   The site is a great resource, but the catch is that you have to keep going back from time to time to see if you’ve been in a newly discovered breach. Obviously, most people just aren’t going to do that.

   Hunt has thought of this, however, and has added a feature that lets you sign up to receive data breach notifications. This is an excellent way to keep on top of new data breaches (without having to remember to go back to the website every month).

   To do this, go to HaveIBeenPwned.com and click on the Notify me menu option. Enter an email address that you want to monitor and click the notify me of pwnage button. If that email address ever shows up in a future data breach, you’ll receive a notification letting you know and telling you which website or service was breached. If this happens, you can review your account for suspicious activity and take security precautions like changing your password or enabling 2FA.

4. Do a Facebook privacy checkup

   Most of us still use Facebook, even though we all know that the company isn’t exactly great on digital privacy.

   The good news is that Facebook is at least somewhat aware of the problems it has caused for users. We’ll never know if it was because of a guilty conscience or a simple need for good PR, but the company now has a Privacy Checkup tool that helps users review their account privacy settings and adjust them as needed.

   To find it, log in to your Facebook account and go to Settings & privacy > Privacy Checkup. Here you’ll see a number of different topics, such as Who can see what you share? and How people can find you on Facebook.

   Go through each of these one by one, making sure that your settings give you the level of privacy you’re most comfortable with. As a general rule, we’d suggest keeping your profile details and activity hidden from strangers. Bad actors use public-facing social media accounts to obtain personal information about targets. They use this in social engineering attacks and other scams. If you want a more guided walkthrough of the process than what Facebook offers, videos like this one are readily available on YouTube.

   To be clear, none of this is going to stop Facebook from collecting as much of your data as they possibly can, and then using it to serve you targeted ads. But you can limit the amount of private information you’re exposing on Facebook by doing a Privacy Checkup.

5. Check for post-holiday identity theft

   It’s a new year, and the holiday shopping season is behind us. But during all the gift buying busyness, were any of your personal details stolen? If so, you could now be at risk for identity theft.

   After the holidays, it’s always a good idea to check your credit report for signs of suspicious activity. In the US, you can obtain a free credit report at AnnualCreditReport.com. Once you have your credit report, look for the following signs of identity theft:

   -Unfamiliar accounts or charges

   -Unrecognized lender inquiries

   -Denials of credit that you didn’t apply for

   -Incorrect personal information (e.g. an incorrect address, an unknown phone number, a misspelled name, etc.)

   In addition, check your financial statements for unexplained activity or charges that you don’t recognize. This is especially important for credit cards that you used during your holiday shopping.

   If you find something amiss, you can go to IdentityTheft.gov, which was set up to help identity theft victims.

6. Try a password manager

   Troy Hunt has called password managers “unequivocally the single best thing you can do for your security posture as a normal, everyday person”.

   Great, so why doesn’t everybody already use one? In large part, it’s because there is an element of uncertainty involved when adopting new technology. Is it really safe? Will it be hard to use, or more trouble than it’s worth?

   We get it, which is why we intentionally avoided calling this step “get a password manager”, or “switch to a password manager”. Instead, we’d suggest simply testing one out for a couple of weeks. There are a number of good password managers on the market. 1Password, for example, is a popular and reputable choice — and they also have a nice quick setup video for Mac users.

   For a deeper dive into password managers, including how they work from a technical standpoint and why they’re so important for security, check out this short video by Dr Mike Pound, a professor of computer science at the University of Nottingham in the UK.

7. Keep up with The Checklist

   The best way to improve your security all year long is to keep learning. Every Thursday, we do a podcast called The Checklist. It covers the week’s Apple security news, and also provides updates and tips on security and privacy topics.

   If you aren’t a regular listener yet, we invite you to start following the show on Apple Podcasts, Spotify, or wherever you get podcasts. Spend just 20 minutes each week with us, and by this time next year, you’ll be more knowledgeable, better informed, and much harder to hack!