From our testing of the best password managers our there, we recommend trying out LastPass or KeePass.

Learn How to Spot a Phishing Attack

Quickly clicking can be your worst enemy. When a new email or text message arrives, and it includes something that can be tapped or clicked, our instincts often lead us to do it straight away. Don’t.

Hackers have used the pandemic as cover to launch wave after wave of phishing attacks and dumb Google Drive scams.

Anyone can fall for these types of scams. The main thing to do is to think before you click. Scam messages try to trick people into behaving in a way they wouldn’t normally—with, say, pretend instant demands from a boss or messages that say an urgent response is required.

There’s no foolproof way to identify every type of phishing effort or scam—scammers are constantly upping their game—but being aware of the threat can help reduce its effectiveness. Be cautious, think before you click, and download files only from people and sources you know and trust.

Update Everything

Every piece of technology you use—from the Facebook app on your phone to the operating system that controls your smart lightbulb—is open to attack. Thankfully, companies are always finding new bugs and fixing them. That’s why it’s crucial you download and update the latest versions of the apps and software you’re using.

Start with your phone. Navigate to your device settings and find out what operating system you’re using, and update it if you’re not on the latest version (iOS 14 is the latest for iPhones; Android 11 is the latest from Google). For apps and games, Apple’s iOS 13 and above downloads updates automatically, although these settings can be customized. On Android, auto-updates can also be turned on by visiting the settings page in the Google Play Store.

Once you’ve updated your phone, you need to work out what devices to update next. Generally these should be done in order of potential impact. Any laptops and computers you own should be high up the list, and then work back through other connected devices in your life. Remember: Everything is vulnerable, including your internet-connected chastity belt.

Encrypt Everything

Protecting your communications has never been easier. Over the last half-decade, companies handling our personal data—including the messages we send and the files we upload to the cloud —have realized that encryption can help them as well as their customers. Using encrypted services means that what you’re sending is better protected against surveillance and won’t be accessible if your device gets lost or stolen.

There are two main end-to-end encrypted messaging services, Signal and WhatsApp. Messages (including photos and videos) plus voice calls and video calls are encrypted by default within both apps. They both also let you use disappearing messages, which remove what you’ve sent after a set period of time. The practice can help keep your chats private, even from those that have access to your devices. Our advice is to use Signal where possible, as it collects less metadata than WhatsApp and isn’t owned by Facebook. But if you can’t get your friends to move to Signal, WhatsApp offers a lot more protection than apps that don’t use end-to-end encryption by default.