October is Cybersecurity Awareness Month, an annual wake-up call to purge your digital life of security vulnerabilities. Think of it as an opportunity to declutter the cybersecurity closets of your online identity: eliminate those dormant accounts that pose as ticking time bombs in the shadows.
Think of this as you would with the precision and caution you would exercise when disarming a bomb. Because those old, unused, and unmanaged accounts of yours are full of information, just waiting to be stolen by threat actors.
Time to say good-bye to those one-time-use PDF viewers you created a login when you forgot your Acrobat password. No more lurking resume builders, magazine subscriptions, or two-year-old salon accounts. Apart from being useless junk, they represent potential entry points for hackers who could infiltrate your personal life, leapfrog to other interconnected aspects of your online presence, and wreak havoc in unimaginable ways.
Step 1: Take Inventory of Your Online Accounts
Much like Security Operations Centers (SOCs) maintain a detailed inventory of protected assets, each individual should also catalog all their online accounts to gain a full view of their digital landscape..
Start by compiling a list of all your online accounts, from streaming services like Netflix to productivity suites like Office365. Choose a secure location to store this list—avoid including usernames and passwords, unless you’re working in an encrypted storage space. Let’s not create more liabilities. Options for fully encrypted workspaces include Tresorit, NordLocker, and Google’s GarbleCloud. For secure email communications, consider encrypted email services like ProtonMail, Prevail, Tutanota, among others.
If you already have your digital life neatly managed in a password manager – great. If not, now is the perfect time to invest in one. Not only will this streamline your account management, but it will also bolster your security posture. PCMag offers an excellent list of their favorites, including Dashlane, 1Password,NordPass, and Bitwarden. Research which feature(s) you want to lean into – say, overall management versus integration – and go from there.
You can also start from your browser, where a lot of online accounts are automatically saved. From Chrome, Safari, Edge, and Firefox, offer easy access to saved credentials via their Settings or Preferences menus. fFrom there, you can delete what you don’t need.
Keep in mind that you’ve probably signed in using your Gmail or social media account on a number of sites as well, which can introduce risks of their own. Also, consider the third-party services you’ve accessed via your Gmail or social media accounts. These ‘single sign-on’ methods can generate secondary accounts, much like the many heads of the mythical Greek Hydra. Platforms like Apple, Twitter, Facebook, Instagram, and Google allow you to review all the external services you’ve signed into other apps. For example, if you’re using an iPhone, you can go to Settings > Passwords & Security> Apps Using Your Apple ID.
Step 2: Delete Unnecessary Accounts
With your inventory complete, it’s time for some digital housecleaning. Stick to a simple rule of thumb, permanently delete accounts that ethier:
- You haven’t accessed in six months
- You don’t plan to use again in the coming year
Less is more; if your day-to-day life can survive without it, it’s best to let it go. Your attack surface will thank you.
When it comes to deleting accounts online, several methods are useful. The easiest might be to Google the name of the service, followed by “delete account”. Countless how-tos will pop up that you can follow. Sites like JustDelete.me contain a cache of deletion instructions for various accounts, and contacting customer support – via chat or even phone – is always an option.
And don’t forget devices. Our phones hold kilobytes of sensitive data. Too hard to keep track of it all, hunt it down, and secure every bit? Swap out the SIM card for a brand new one. It will give you a fresh start and peace of mind. Upload what’s necessary to the cloud, transfer it over, and start fresh.
Step 3: Manage Accounts That Can’t Be Deleted
Some accounts can’t be deleted. Seemingly innocuous services like Netflix, Pinterest, and Steam can be surprisingly stubborn. For those, there are some possible options. For example:
- Starbucks allows you to scramble your information or submit a request to delete your personal data from their books.
- EdX offers a self-deleting feature, whereby your account will automatically be erased after a certain period of inactivity.
- With Netflix, reaching out to customer service is your first step. While they might resist deleting your account, citing potential reactivation in the future, initiating the conversation is a step toward reducing your digital footprint.
- Pinterest provides an option to “permanently remove your information” under the “Deactivate Your Account” section.
For those accounts tied to your Google identity—like YouTube—you have the nuclear option of deleting your entire Google account. While drastic, it’s effective. A less extreme measure is to simply remove your YouTube channel and any of its associated content.
The bottom line is to slash any unnecessary liabilities or bring those risks down to a minimum.
Now, you can sit back and admire it. This represents your digital footprint. This is the list every hacker wants their hands on, and you have it. Consider this comprehensive list of your management station, HQ, Star Command, or what have you. From here, you can control, update, and manage what happens with your digital life and how secure it is – all from one place.
Step 4: Prioritize Account Updates
At this point, it’s time to shift from minimizing risk to fortifying what remains.
Identify what’s most important. What gives access to the most valuable – or detrimental – data in your life? If this account were hacked, what would be the consequences?
Start with the account that poses the biggest risk and work your way down from there..
In all likelihood, your financial accounts will be at the top of your priority list. This includes banking, investment, and any accounts, anything linked to personal and sensitive health information, and accounts tied to finances in any way – bills, mortgages, even mobile devices.
Email accounts cannot be overlooked, either. They are the linchpin that often connects various aspects of your digital life. From medical appointments and insurance claims to financial statements and personal communications, a lot of sensitive information funnels through your email. Therefore, it’s crucial to ensure that all your primary, non-spam email accounts are as secure as possible.
Step 5: Updating Passwords and Security Settings
If you have ever reused credentials across different sites, change them now. It gives attackers a freebie they don’t deserve and you a headache you don’t need.
If you took our advice from Step 1 and employed a password manager, updating your credentials should be relatively painless. Some password managers, like Keeper, offer browser extensions that expedite the process by allowing you to change all passwords simultaneously, even generating new, secure passwords on the fly. You’ll find this in a lot of password managers, and it’s great if you’ve ever been in a data breach and need to change credentials across the board.
Password managers offer several advantages: they help you create strong, unique passwords, encrypt your passwords, and facilitate easy management. With a password manager, regularly updating and bolstering your online login credentials becomes a manageable task, rather than an overwhelming chore that takes up an entire day.Enabling Multi-Factor Authentication (MFA) is also a must for locking down access to accounts. It prevents the spread of compromised passwords because it does happen and will ensure that a brute forced or lucky guess ends there. Even if a hacker succeeds in brute-forcing or guessing your password, MFA ensures they can’t proceed further without additional verification, such as biometric data, a secure email, or a text message code.
Step 6: Regular Account Maintenance
You’ve climbed the mountain. You’ve done more in five simple steps to thwart eager adversaries than years’ worth of hand wringing combined. And it was simple.
One in three Americans have been compromised due to weak passwords. Thanks to the steps you just took, chances are drastically lower that you won’t be in that number. But remember, cybersecurity is not a set-it-and-forget-it endeavor—it requires ongoing vigilance.
Keep to the system you’ve just created, whatever that might be. If it’s a password manager, stay on top of it. Make sure every new account gets fed into it, and utilize the secure password generator function. You’ll thank yourself.
Set reminders to periodically review and update any accounts periodically if you’ll forget to add as you go, and comb back through these steps to find the outliers. Bookmark this page if you have to. And think twice before giving your username and password (especially an insecure one and especially a reused one) to an account you know you really don’t need or won’t use. It will come back to haunt you.
Going a Step Further
Staying on top of your digital footprint means setting up a secure system that works for you. Set it up once, set reminders, then let it work.
Be vigilant with password updates. Switch all your passwords to a secure one once you’ve got them in your central manager, and update them anytime you get wind that you were in a data breach.
Attackers go for the low-hanging fruit. Can a cybercriminal weasel into your accounts using super sophisticated tools even after you’ve locked down your accounts? Sure. But statistics and human nature say they won’t want to. According to the Verizon 2023 Data Breach Investigations Report, over 50% of all breaches originated from stolen or bad passwords. Threat Attackers more often than not are just going for the easy wins, and locking down your accounts with secure credentials increases the chances that you won’t give them one.