10 Security Checks Everyone Should Perform Regularly

by Ben Stegner 6:49 AM Tech Bites

Security often feels like a daunting task. Who has time to spend hours locking down accounts and obsessing over everything on your phone or PC?

The truth is that you shouldn’t be scared of security. You can perform important checkups in a matter of minutes and your online life will be much safer because of them. Here are ten vital checks you can work into your schedule — do these every once in a while and you’ll be ahead of 90 percent of people.

1. Apply Updates for Everything

Everyone has clicked “remind me later” when prompted about an update. But the truth is that applying updates is one of the most important ways to keep your devices secure. When developers find a vulnerability in their software — whether it’s an operating system or app — patching it is how they fix it. By ignoring these updates, you open yourself up to vulnerabilities unnecessarily.

For instance, the majority of victims in the May 2017 WannaCry attack were running out-of-date versions of Windows 7. Simply applying updates would have saved them. This is one of the reasons why Windows 10 automatically installs updates — and most other platforms do, too. The Global Ransomware Attack and How to Protect Your Data The Global Ransomware Attack and How to Protect Your Data A massive cyberattack has struck computers around the globe. Have you been affected by the highly virulent self-replicating ransomware? If not, how can you protect your data without paying the ransom?

On Windows, head to Settings > Update & security > Windows Update to check for updates. Mac users can check the App Store’s Updates tab for the latest downloads. Android and iOS will both prompt you to download updates when they’re available. And when you open a program and see a prompt to update, do it as soon as possible.

Don’t forget about other devices, either. Updating your router, Kindle, Xbox One, etc. will keep you safer using those devices as well. 10 Things You Must Do With a Brand New Router 10 Things You Must Do With a Brand New Router Whether you just bought your first ever router or upgraded your old one to a new one, there are several crucial first steps that you should take right away to set up properly.

2. Update Your Weakest Passwords

Using strong passwords is vital for keeping your accounts safe. Short passwords, passwords you use on multiple websites, and obvious passwords are all easy targets for attack. We recommend using a password manager to set up strong passwords that you don’t have to remember.

Take this a bit at a time — start by changing your most important passwords like your email, bank, and social media accounts. You don’t need to change your passwords all the time, but you should keep an eye out for major breaches. If you’re affected by a leak, you only have to change one password to keep yourself safe. Tools like Have I Been Pwned? will check for your email address among breach data. Are Hacked Email Account Checking Tools Genuine Or A Scam? Are Hacked Email Account Checking Tools Genuine Or A Scam? Some of the email checking tools following the alleged breach of Google servers weren't as legitimate as the websites linking to them might have hoped.

This extends to your phone, too. Don’t use something obvious like 1234 as your PIN, and you should probably stop using a pattern lock.

3. Review Social Media Privacy Settings

With insufficient social media controls, you could be unknowingly sharing information with way more people than you think. It’s important to take a few moments to review who you’re sharing information with. 9 Things You Should Never Share on Social Media 9 Things You Should Never Share on Social Media Be careful what you share on social media because you never know when something could come back and ruin your life. Even the most innocent posts could be used against you.

On Facebook, visit your Settings page and click Privacy on the left sidebar. Review the settings here to change who can see your posts, who can contact you, and who can look you up using search. You should also review the Timeline and Tagging tab to change who can post on your Timeline and require reviewing of new posts.

For Twitter, visit Settings and click the Privacy and safety tab on the left. Here you can protect your tweets so they aren’t public, remove your location from tweets, disable photo tagging, and prevent others from discovering you.

Review our guide on how to make all your social accounts private for full instructions. How to Make All Your Social Media Accounts Private How to Make All Your Social Media Accounts Private Want to keep your social media life private? Hit the link to get a full guide to the privacy settings on Facebook, Twitter, Pinterest, LinkedIn, Instagram, and Snapchat.

4. Check App Permissions

iOS has allowed users to fine-tune app permissions for years, and Android has implemented on-demand permissions in Android 6.0 Marshmallow and newer. Whenever you install an app, it will pop up and ask for access to sensitive data like your camera, microphone, and contacts when it needs them.

While most apps aren’t malicious and need these permissions to work properly, it’s worth reviewing them at times to make sure an app isn’t taking information it doesn’t need. And in the case of apps like Facebook, the absurd amount of permissions might make you want to uninstall it completely. How Bad Are Those Facebook Messenger Permissions Anyway? How Bad Are Those Facebook Messenger Permissions Anyway? You've probably been hearing a lot about Facebook's Messenger app. Let's quell the rumors and find out if the permissions are as bad as they claim.

To review Android permissions, head to Settings > Apps (found at Settings > Apps & notifications > App info on Android 8.0 Oreo). Tap an app and choose Permissions on its info page to review all permissions that app has. Use the sliders to enable or disable any that you want to change.

iOS users can access an equivalent menu by visiting Settings > Privacy. Select a type of permission, like Contacts or Microphone, and you’ll see all apps that can access it. Use the sliders to revoke access.

5. Review Running Processes on Your PC

While you don’t need to know the exact purpose of everything that’s running on your computer, it’s a good idea to check what processes are active once in a while. Doing so will also help you learn more about your computer as you become more familiar with its workings. Your PC, Inside and Out Your PC, Inside and Out While your PC's technical specs change, its function remains the same. In this guide, we're going to set out exactly what each component does, why it does it, and why that is important.

On Windows, click the Start Button and search for Task Manager or use the shortcut Ctrl + Shift + Esc to open the Task Manager. On the Processes tab, you’ll see the apps running in the foreground. Below them are background processes, followed by system processes. Browse through and Google anything you see that looks suspicious. Just make sure you don’t terminate any vital processes.

Mac users can see running processes with the Activity Monitor. The fastest way to open it is pressing Command + Space to open Spotlight, then type Activity Monitor and press Enter. Have a look through the CPU tab to see what’s running on your machine. Activity Monitor: The Mac Equivalent of Ctrl+Alt+Delete Activity Monitor: The Mac Equivalent of Ctrl+Alt+Delete If you want to be a fairly proficient Mac user, it is necessary to know what Activity Monitor is, and how to read and use it. As usual, that's where we come in.

While you’re at it, you should also review installed browser extensions. Malicious add-ins can hijack your browsing, and even once-innocent extensions get bought out and become spyware. In Chrome, go to Menu > More tools > Extensions and disable or remove any that look suspicious. Firefox users can find this list at Menu > Add-ons.

6. Scan for Malware

You might know when you have malware on your PC, but it could also be silent. A good antivirus scanner should catch most viruses and other nasty infections before they can get on your system, but a second opinion from an anti-malware scanner never hurts.There is a lot of malware and online security misinformation online, and following these myths can be dangerous. If you've taken any as truth, it's time to get the facts straight!

On Windows, nothing beats Malwarebytes. Install the free version to scan for malware of all kinds and remove it with just a few clicks. Mac users don’t need a dedicated antivirus unless they make stupid mistakes, but there’s nothing wrong with a quick Malwarebytes for Mac scan if you want confirmation.

If you find something particularly aggressive, try a more powerful malware removal tool. Typical free anti-virus suites will only be able to get you so far when it comes to exposing and deleting malware.

7. Check Your Account Connections

Lots of websites allow you to sign in with another account’s credentials, usually Facebook or Google. While this is convenient since you don’t have to remember a separate login, having all those sites connected to one account is a bit worrying. That’s why you should review which sites and apps you have connected to your core accounts.

Check your Google apps by visiting Google’s My Account page, then click the Apps with account access in the Sign-in & security box. Click Manage Apps in the resulting panel to view them all.

Take a close look at these, especially if you’ve used a Google account for a long time. You should revoke access to apps you no longer use, and review the access that current apps have. Click an entry then hit the Remove Access button to toss it.

Facebook has a similar panel. Visit the Facebook Settings page and click the Apps link on the left sidebar. You’ll see apps and websites that you’ve used your Facebook account to log into — click Show All to expand the list. How to Manage Your Third-Party Facebook Logins [Weekly Facebook Tips] How to Manage Your Third-Party Facebook Logins [Weekly Facebook Tips] How many times have you allowed a third-party site to have access to your Facebook account? Here's how you can manage your settings.

Each app lists which audiences can see content shared from those apps. Click one for detailed permissions, showing what exactly that app can access. You can remove some permissions or click the X icon over an app to remove it from your account.

If you want to completely disable this functionality, click the Edit button under Apps, Websites and Plugins and choose Disable Platform.

You may also want to review apps you’ve connected to your Twitter account. Visit the Apps tab of your Twitter Settings to view them all. Click Revoke Access to remove any that you don’t use anymore.

8. Set Up Two-Factor Authentication Everywhere

It’s no secret that two-factor authentication (2FA) is one of the best ways to add more security to your accounts. With it enabled, you need not only your password but a code from an app or text message to log in. While it’s not a perfect solution, this prevents malicious access to your accounts even if someone steals your password.Two-factor authentication use has exploded over the last decade. But it isn't perfect, and can come back to haunt you if you aren't careful.

The process to enable 2FA differs a bit for each service. To get you on your way, we’ve covered how to lock down the most important services with 2FA. Then, enable 2FA on your social accounts and gaming accounts to keep them safe. We recommend using Authy as your authenticator app, as it’s better than Google Authenticator.

9. Review Account Activity

Another tool that several sites offer lets you see what devices have logged into your account recently. Some will even send you a text or email when a new device logs in. You can use these to make sure that you know right away if someone else breaks into your account.

For Google, head to the Device activity & security events section of your account settings. You’ll see Recent security events showing new recent sign-ins and Recently used devices. Click Review Events for both and make sure you recognize all devices and activity. By default, Google will send you an email whenever a new device signs into your account.

Select an event or device to get more info on it. Clicking an event will show you its IP address and approximate location. If a device hasn’t had any Google account activity in 28 days, you can click Remove to revoke its access. Running through Google’s security checkup can help you review other important information while you’re here. For the first time, search giant Google is offering a way for you to check the information it has about you, how it is gathering that data, and new tools to start reclaiming your privacy.

To check this on Facebook, visit the Security and Login tab of your account settings. Check the top Where You’re Logged In section and click See More to everywhere you’re logged into Facebook. Click the three dots next to an entry to Log Out or select Not You? if you suspect foul play.

Also on this page, ensure you have Get alerts about unrecognized logins enabled. This will alert you by text and/or email when a device logs into your account.

Finally, check your Twitter active session on the Your Twitter data settings page. Scroll down to Your Devices and Account access history to see where you’ve recently logged in.

You may have noticed several of these tips revolve around your most important accounts (Google, Facebook, Microsoft) and they’re the most important because an attacker could do the most damage with them. If someone got into your email, they could use the “forgot password” reset links on other sites and change any password that was linked to your email.

10. See Who’s Using Your Wi-Fi

Would you like it if someone was snooping on your home network? Certainly not. You hopefully have a strong password on your router so unauthorized people can’t connect. It’s worth a quick check to make sure that your neighbor didn’t figure out your password or something.

Did Your Checks Unearth Any Issues?

Congratulations, you’ve just run through ten important security checks. They might not be fun or glamorous, but the steps you’ve taken with these will go a long way in keeping you safe. Now all your devices are updated, you know exactly what apps can access your accounts, and you’ve eliminated weak links in your security chain. That’s a big deal!

Unfortunately, none of these steps can help protect from corporate incompetence like with the Equifax breach.