You’re using strong and unique passwords. You’re on the lookout for phishing emails. And you’ve set up two-factor authentication on every account that offers it. Basically, you’re acing Personal Cybersecurity 101. But with new threats popping up all the time, you may be looking for other steps you can take to protect yourself. Here’s an easy one: Clean up your digital junk.
Most people have old email accounts floating around, forgotten thumb drives in a drawer, and years-worth of crap in a downloads folder. All that stuff is a liability. Saving data that you want or that will someday come in handy is sort of the whole point of the digital revolution, but holding on to accounts and files that you don’t want anymore needlessly exposes you to all sorts of risks. Your devices can be lost or stolen (or hacked), and big companies can suffer data breaches that incidentally expose your information. So the less there is out there, the better off you are.
“The physical presence of data is so small that sometimes we don’t think about it as being clutter,” says Michael Kaiser, executive director of the National Cyber Security Alliance. “But we accumulate massive amounts of it, and some of it can be harmful if it gets lost or stolen.”
some tips from the experts on how to clean that clutter before it comes back to haunt you.
Destroy Old Devices
First, address your physical devices. Destroy old CDs, thumb drives, and external hard drives you don’t need anymore. (Don’t forget the box of floppy disks in your basement. Seriously.) Consider old PCs, gaming consoles, and smart home gadgets, and back up anything you want from those devices before wiping them. You can walk through tips on how to digitally and physically destroy data here, with bonus cleaning tips here.
Next, deal with your current devices. Sort through your desktop and clean out your documents folder. Eliminating old PDFs of credit card statements or medical forms that you no longer need will go a long way toward keeping you safer. And it’s a good opportunity to make a plan for sensitive documents that you do want to keep. You might back them up to a cloud service or a password-protected external hard drive and then take them off the devices you use every day that could be lost or stolen.
The point isn’t to part with data that is personally meaningful or useful. The goal is to pare down what you have so if your data is ever compromised, hackers aren’t getting copies of your friend’s son’s leg X-rays—complete with name, birthday, and Social Security number—for no reason. You can still reminisce about what an impressively gnarly break it was without the responsibility of defending those files.
“When we talk about security, we often talk about protecting our own things,” Kaiser says. “But in reality, in the digital world we actually do sit on large amounts of information about other people, and that’s something to consider with decluttering and storing data more securely.”
Social Media, Email, and Cloud
Now, go deeper. Get into applications, internet services, and the cloud. The most important account to consider is your email, the central data hub of your online life. Your email account would be a valuable prize for a hacker because it could contain information about a host of other people (friends, family members, coworkers) in addition to yourself. Deleting emails you no longer need and exporting old emails you still want to the cloud or a hard drive is a smart way to reduce what would be compromised if your email was ever hacked. Virtually all email services, including Google and Yahoo, offer ways to export your messages and other account data so you hold it locally and can delete it from the company’s servers. And don’t forget to purge and delete old email accounts that you no longer use.
You should also take advantage of email search features (especially on Gmail) to comb through your old messages. You can bulk-delete everything from before a certain date or everything from a particular contact. And you can get strategic about it. Search for an old landlord’s name, for instance, to delete any emails you sent them since those are more likely to contain personal information like tax forms or pay stubs. You should also somewhat regularly search your email for the last four digits of your Social Security number and delete any messages it, or the full number appears in. If you can, ask the sender or recipient of those emails to delete them too.
“Think of the information you have saved,” the United States Computer Emergency Readiness Team notes. “Is there banking or credit card account information? Tax returns? Passwords? Medical or other personal data? Personal photos? Sensitive corporate information? … Depending on what kind of information an attacker can find, he or she may be able to use it maliciously.”
And as with thumb drives, you may have random files in all sorts of services that offer some free storage like Box, Google Drive, and Dropbox. Sort through what’s there, and eliminate anything that might pose a specific risk, like old tax returns or financial documents.
If you use a password manager (which you totally already do, right?!) you can go through your list of logins as one way of remembering old accounts you set up forever ago.
Cancel Those App Accounts
Look for apps on your phone and tablet, streaming devices, gaming consoles, and computer that you don’t use anymore and shut them down. Are your photos backing up onto four different services for some reason? Clean that up. Do you still have an account with a messaging app you used once two years ago? Why is that calorie-counting app from 2014 still on your phone? Cancel and delete. That type of exposure is an unnecessary risk.
Finding which accounts you still have active is easy enough. On iOS, got the App Store, tap Apple ID, then View Apple ID, then Subscriptions. On Google, tap the Menu button, then Account, then Subscriptions.