Thank you for reading this post, don't forget to subscribe!
IT professionals do threat modeling every day. It sounds like the script from Mission: Impossible, but it’s actually a fancy way of saying that they regularly ask the question “What could go wrong?”
You can do the same to protect your online identity and your assets, and you don’t need any secret agent skills to get started. The trick is to keep asking questions even after you know the basics of cybersecurity. Enable Firewall? check. Strong passwords and 2FA? got it. Antimalware solution deployed? Sure.
In fact, these steps will protect you from most online attacks. But you can and should do much more.
Start by asking if there are dangers you’re not paying attention to. What if you get fooled by a clever phishing attempt and accidentally give away your password? What if someone steals your phone or laptop? What can you do if your files have been locked by ransomware? And most importantly, will you be able to recover from a security incident, no matter its source?
In this article, I have outlined four steps that you should consider in addition to the basics. None of them are platform-specific. They apply to Mac, Windows PC, and yes, even computers running Linux. Most of these security precautions are useful even if you do almost everything on a smartphone or tablet and never touch the laptop.
1. Make sure all your data is encrypted
Anyone who has ever seen a horror movie knows that sometimes the danger is coming from inside the house. Or office.
If you spend all your time worrying about the security of your online accounts, you may forget to plan for the possibility that someone will steal your laptop or your smartphone. Losing that expensive piece of hardware is painful enough, but the data on that device can be even more valuable if a thief can use it to steal your identity and drain your bank accounts.
The best protection you have against this type of damage is strong encryption, which makes your data completely unreadable to someone who steals your physical device. AES-256 encryption, the worldwide gold standard for modern tech gear, is extremely effective – just ask the FBI, which has fought (and lost) some well-documented battles to undermine its effectiveness.
The data on your smartphone is probably already encrypted. On Android devices and iPhones, all data on the phone is automatically encrypted as soon as you set the passcode. Just make sure the passcode is long enough (at least six characters). And consider setting the option to erase your phone after multiple failed attempts to enter your passcode:
- On Android devices, search auto factory reset In Adjustment,
- If you use an iPhone, go here FaceID and Passcode In Adjustment Find more erase data Option.
For PCs running any edition of Windows 10/11, including Home editions, Windows Device Encryption is available and enabled by default, but only if you sign in using a Microsoft account. This automatic encryption system protects the disk; However, you cannot encrypt a secondary disk or an external disk. You will find the switch for this feature in Adjustment , Privacy & Security , device encryption,
Windows Device Encryption is only available if you’re signed in with a Microsoft account
Screenshot by Ed Bott/ZDNET
On systems running Windows Pro, Enterprise, or Education editions, you can take advantage of a more advanced set of encryption management features called BitLocker. These tools allow you to encrypt all available disks, including removable disks. For more information, see ZDNET’s “BitLocker guide: How to use this Windows encryption tool to protect your data.”
The equivalent feature on Mac is called FileVault. Get all the details you need in this Apple Support article: “Protect data on your Mac with FileVault”. Don’t forget to save the recovery key.
For files stored in iCloud, there is also an option called Advanced Data Protection, which turns on end-to-end encryption; No one (not even Apple) can access that data, which means it’s important to set up a recovery method if you lose the ability to sign in to that drive. You can save the recovery key in a safe location, or you can designate a trusted friend as your recovery contact and call them if you lose access to your account. For more details, see “How to turn on Advanced Data Protection for iCloud.”
2. Back up the stuff that matters
Some digital things are irreplaceable. Your collection of family photos definitely falls into this category, especially those you’ve painstakingly created by scanning old photos. Other extremely important files, like your tax returns and real estate records, can technically be replaced, but ordering those copies can be inconvenient (not to mention expensive). And files that seem trivial now may be useful later.
Ask the question, “Which files would I absolutely hate to lose?” And you’ll probably have a list that looks something like this:
- Your smartphone’s camera roll
- Product key and license information for software and services you purchased
- Password and Encryption Key
- Sensitive documents such as medical records, tax returns, and will or trust papers
- Receipts for valuable items such as artwork
Knowing what needs support is half the battle. The other half is figuring out where to store those backups. You have lots of options.
Your smartphone can be automatically backed up (to iCloud or Google’s servers) for quick recovery. It’s worth checking your phone from time to time to make sure those backups are up to date. And consider uploading the contents of your Camera Roll separately to your favorite online photo storage. Either iCloud or Google Photos will work; Here too, you’ll probably have to pay to save full-resolution copies of all your photos and videos.
Check your smartphone’s settings to make sure it’s being backed up regularly
Screenshot by Ed Bott/ZDNET
The easiest and most widespread solution is to store files in a cloud storage service like OneDrive, Dropbox, Google Drive or iCloud. (However, you’ll have to pay for anything more than a nominal amount of storage). Depending on the service, you may even be able to recover from a ransomware attack. For example, OneDrive and Dropbox subscribers can use features that allow you to access snapshots of your backed up files by date; After clearing the ransomware, select a date before the files were forcibly encrypted and restore that version.
For sensitive documents and secrets like encryption keys (more on that later in this post), see if your password manager is up to the challenge. For example, using 1Password, you can upload files up to 1 GB per account to the Documents folder, and you can save secrets in the secure Notes folder; Bitwarden offers a similar capability, but only for paid accounts.
For your PC or Mac, there’s always the old-school option of a full backup to the cloud or removable local storage, using built-in tools like Apple’s Time Machine or third-party software. If you need advice about organizing your files, see “PC and Mac Backup: How to Protect Your Data from Disaster”; For recommendations on which backup app to use, read “Best Backup Software: Top Picks for Windows and Mac.”
Oh, and don’t forget to make sure your backup copies are encrypted and stored securely.
3. Know where the reset button is located
If you have a useful backup, the easiest way to recover from any type of problem on most devices is to reset it, restore your backed up files from the cloud, and then reinstall the apps as needed. It’s easier with a mobile device; Simply find the reset option in your phone settings and follow the prompts to restore your latest backup.
For PCs running Windows, you can find reset option in Adjustment, but what if you can’t start the PC? Consider creating and preserving a recovery disk. This bootable USB flash drive allows you to perform some simple repairs by booting into recovery mode; It also allows you to reset the device using the manufacturer’s preinstalled recovery partition. You can find full instructions here: “Windows 10/11: Create a recovery drive”.
If you have a full backup available, using the Reset PC option here can save you a lot of troubleshooting time.
Screenshot by Ed Bott/ZDNET
On a Mac, you don’t need any special tools to start fresh or restore from a backup. You can boot into recovery mode by restarting the Mac. Specific instructions vary depending on whether your Mac is based on Apple silicon or an Intel chip. For details, see the Apple Support article “How to reinstall macOS.”
With any of these options for Mac or PC, you can perform a variety of simple repair tasks or perform a repair installation.
4. Save your recovery codes
The most annoying security incidents are those where the cause is not a malicious actor but a simple hardware failure or human error. If your account is hacked or otherwise damaged or you are trying to recover data from an encrypted disk, recovery may be nearly impossible. Unless you can prove your identity and your right to access the device or data, you look just like a malicious actor.
If your device is managed by your organization, your support desk can almost always help you by resetting your password or locating the encryption key saved for your device.
If you’re using an unmanaged device, you’re virtually on your own, which means some advanced preparation is necessary. In particular, you need to generate and save recovery codes that you can use in an emergency. Exactly what you need to do depends on which platform you’re using.
Microsoft Accounts: If you’ve forgotten your password, you can use any of your multi-factor authentication options to recover it. If someone has taken over the account without your permission, you will have to go through the painful process of recovering starting from this page: “How to Recover a Hacked or Compromised Microsoft Account”.
Windows PC: Do you need a recovery key to unlock an encrypted drive? If you signed in using a Microsoft account, the key will be available here If you turned on BitLocker device encryption on a device running Windows Pro/Enterprise/Education, you’ll need to find the key you printed or saved during setup. You can find and save that key at any time by right-clicking the drive in File Explorer and selecting Manage BitLocker , Back up your recovery key,
Google Accounts: If you’ve lost access to your phone, you can use the backup code to sign in to get a recovery code or sign in with Google Authenticator. (Hint: If you know you have saved recovery codes, but can’t find them on your computer, use your computer’s search option to look for “backup-codes-username.txt” (the file extension before Substitute your username. For details on how to generate a new set of backup codes, see Google’s “Sign in with a backup code” help page.
Apple accounts and devices: You have the option to create a recovery code for your Apple ID. For details, see “Set up a recovery key for your Apple ID.” To access data on a Mac encrypted using FileVault, you’ll need a recovery key. Mac expert Glenn Fleishman gives detailed instructions (including information on how to find your recovery key) in this excellent article: “How to Unlock Your Mac with Its Recovery Key and File Vault Active”.
To regain access to the data in your iCloud account with Advanced Data Protection enabled, you’ll need the recovery key that you (I hope!) saved earlier, or you’ll need to call your recovery contact and ask for their assistance. Will need to be taken.