Skip to main content
Surveillance
Self-Defense

Seven Steps To Digital Security

This page was translated from English. The English version may be more up-to-date.

Digital security is as much of a mindset as it is a toolkit, and there are concepts to consider regardless of whether you're first getting started or you're a seasoned veteran. Before you start seeking out solutions, take a minute to step back and consider the whole picture of what you're trying to accomplish. 

1. Knowledge is Power anchor link

Good security decisions begin with proper knowledge about your own situation. To start, ask yourself the following questions:

  • What do I want to protect?
  • Who do I want to protect it from?
  • How likely is it that I’ll need to protect it?
  • How bad are the consequences if it doesn’t work out?
  • How much trouble am I willing to go through to try to prevent potential consequences?

Once you answer these questions you can better assess your digital security needs and create a security plan (sometimes called a threat model). You already have more power than you think!

2. The Weakest Link anchor link

The old adage that “a chain is only as strong as its weakest link” applies to security too. For example, the best door lock is worthless if you have cheap window latches. Similarly, using an encrypted chat app to share personal photos won't protect the confidentiality of those photos if you store unencrypted copies on your laptop and your laptop is stolen. Think about every part of your information and computer use and try to identify any weak links in your digital security practices.

3. Simpler is Safer and Easier anchor link

Some people are tempted by every shiny, new security solution they hear about. But soon they find themselves using so many tools, and trying so many things, that they can’t keep them all straight. Having a complex security system makes it harder to identify the weak links. So, keep it simple. Sometimes the safest solution may be the least technical solution. Computers can be great for many things, but sometimes the security issues of a simple pen and paper can be easier to understand, and therefore easier to manage. 

4. More Expensive Doesn't Mean More Secure anchor link

Don't assume that the most expensive security solution is the best, especially if it takes away resources needed elsewhere. Low-cost measures like shredding trash before leaving it on the curb can give you lots of bang for your security buck.

5. It's Okay To Trust Someone (But Always Know Who You're Trusting) anchor link

Computer security advice can end up sounding like you should trust absolutely no one but yourself. In the real world, you almost certainly trust plenty of people with at least some of your information, from your close family or partner to your doctor or lawyer. What's tricky in the digital space is understanding who you are trusting, and with what. You might give a list of passwords to your lawyers, but you should think about what power that might give them or how easily a bad actor could then access your passwords. You might save documents in a cloud service like Dropbox or Google that are only for you, but you're also letting Dropbox and Google access them too. 

Online or offline, the fewer people you share a secret with, the better chance you have to keep it private.

6. There is No One Perfect Security Plan anchor link

Make a security plan that works for you, and for the risks you face. A perfect security plan on paper won't work if it's too difficult to follow day-to-day.

7. What's Secure Today May Not Be Secure Tomorrow anchor link

It is important to continually re-evaluate your security practices. Just because they were secure last year or last week doesn't mean they're still secure. Keep an eye on big security news when you can (most people don't need to overdo this: think "huge data breach of an important piece of software like a password manager " type of news that's so important that it reaches big tech-focused media outlets like Wired or The Verge, or even The New York Times or The Washington Post, not "this specific exploit targets a specific CPU"), and check sites like SSD, because we update our advice to reflect changes in our understanding and the realities of digital security. Remember: effective security is a continual process.