đ Ever had that sinking feeling when you realize you might have just clicked a shady link? Or worried that your passwords are floating around in some hackerâs underground vault?
I have.
In fact, my Social Security Number recently showed up on the dark web. Thatâs rightâI, someone who nerds out on security and privacy, discovered that my sensitive data was out there for who knows who to see.
I wasnât careless. I wasnât reckless. But I also wasnât as locked down as I could be.
So I did what any self-respecting tech geek would do: I doubled down on security, reinforced my digital walls, and refined the five simple security habits that every person should be usingâincluding you.
And hereâs the best part: These arenât complicated. You donât need a computer science degree, an IT department, or a tinfoil hat. Just a few small tweaks to your habits can keep your data (and your sanity) safe from prying eyes.
Letâs dive in.
đ 1. Use a Password Manager (Because âFluffy123â Wonât Cut It Anymore)
The Problem:
Be honestâare you using the same password for multiple sites? Do you have a list of logins in a Google Doc or Notes app? If so, congratulations! Youâre an all-you-can-eat buffet for hackers.
The reality? Reusing passwords is like using the same key for your house, car, and office. If one gets stolen, everything is compromised.
The Fix: Get a Password Manager
A password manager creates strong, unique passwords for every account and stores them securelyâso you only have to remember one master password.
â
Choose a trusted password manager (like 1Password, Bitwarden, or Dashlane).
â
Generate unique passwordsâat least 16 characters, mix of letters, numbers, and symbols. (Remember, you don’t have to remember strong passwords with your password manager, so use a strong password.)
â
Enable two-factor authentication (2FA) for extra protection. (Yes, it can be a pain, but you’ll get used to it; I promise).
â
Use the built-in secure sharing feature, and separate login accounts for team members when you can. (Never share a password when a separate account can be created, and never email or text passwords).
â
Check for password leaks. Many password managers have this built in. You can also use. Have I Been Pwned.
đ´ DONâT: Write your passwords down on sticky notes. Or in a spreadsheet. Or (please, no) in a Google Doc.
đĄ Pro Tip: Let your password manager auto-fill passwords so you never have to type them (or remember them).
đ 2. Delete Sensitive Data Securely (Because âDeleteâ Isnât Enough)
The Problem:
Deleting a file doesnât actually delete it. Itâs still recoverableâlike writing your secrets in pencil and just erasing them. Someone with the right tools can restore those files, and youâd never know.
The Fix: Use Secure Deletion Tools – If you ever store sensitive filesâthink financial info, business data, scanned IDsâyou need to make sure theyâre really gone when you delete them.
â
Use a secure deletion tool (BleachBit, File Shredder, or ).
â
Empty your recycle bin/trash regularly.
â
Donât keep sensitive files on USB drives or unencrypted cloud storage.
â
Encrypt sensitive documents before storing or sharing them.
â
Before selling an old computer/phone, wipe it properly (factory reset alone isnât enough).
đ´ DONâT: Assume that dragging a file to the trash makes it disappear forever. Hackers know better.
đĄ Pro Tip: If you must store something sensitive, encrypt it with VeraCrypt or BitLocker first.
đ 3. Limit Where You Keep Business Data (So You Can Find & Delete It Easily)
The Problem:
If your business or personal data is scattered across emails, random folders, and multiple cloud accounts, you canât secure it properly. And worse? You wonât remember where it all is when you need to delete it.
The Fix: Consolidate & Control Where You Store Data
Fewer storage locations = less risk, less stress.
â
Store business data only in designated, secure locations (encrypted cloud storage or a CRM).
â
Regularly audit where data is kept and delete anything unnecessary.
â
Use secure file-sharing services (not email attachments).
â
If you no longer need business data, delete it properly (see Step 2).
â
Encrypt before storing or sharing sensitive information.
đ´ DONâT: Let sensitive business information and files live forever in your email, downloads folder, or random cloud storage accounts.
đĄ Pro Tip: Set a recurring reminder to check and clean up your stored data every quarter.
đ 4. Audit & Limit App & Device Access (Because Not Every App Deserves Your Data)
The Problem:
Every app youâve ever signed into might still have access to your data. Same with old devices you donât even use anymore.
That old fitness app? Still tracking your location.
That weather app? Reading your contacts.
That old laptop? Still logged into your cloud storage.
The Fix: Review & Restrict Access
â
Check what devices have access to your accounts (Google, Apple ID, social media).
â
Remove third-party apps you no longer use from Google, Facebook, LinkedIn, etc.
â
Set up login alerts for suspicious activity.
â
Turn off unnecessary permissions (e.g., does your calculator app need your location? No.).
â
Log out of old devices and browsers that donât need access anymore.
đ´ DONâT: Assume apps will be responsible with your data. They wonât.
đĄ Pro Tip: Check Google and Appleâs âThird-Party App Permissionsâ page right nowâyouâll be shocked at whatâs still connected.
đ¨ 5. Use Encrypted Communication for Sensitive Info (Because Email is a Postcard, Not a Vault)
The Problem:
Standard email and SMS are not secure for sensitive information. Theyâre easily interceptedâlike sending an important letter on a postcard for the world to see.
The Fix: Use Encrypted Messaging & Email
â
Use Signal or Telegram for secure messaging.
â
Switch to a privacy-focused email (ProtonMail, Tutanota).
â
If you must email sensitive files, encrypt them first (password-protected ZIP files).
â
Avoid public Wi-Fi for sensitive conversations (or use a VPN).
â
Use end-to-end encrypted cloud storage (like Tresorit) for sharing sensitive files.
đ´ DONâT: Send passwords, contracts, or personal data via standard email or text.
đĄ Pro Tip: Set up automatic email encryption if you handle a lot of sensitive info.
đ Vet Your Vendors: 5 Security Questions You Should Ask
Before you sign that next contract or start using a new service, take a moment to ask: Is this vendor protecting my data as seriously as I am? Too often, small businesses assume their vendors have airtight security, but many donâtâeven well-known companies have had massive data breaches.
Here are five critical questions every small business should ask before trusting a vendor with their data:
đš How do you store and protect client’s data? (Is it encrypted? Where is it stored?)
đš Who has access to my data, and how is it restricted? (Do team members or third parties have unnecessary access?)
đš What happens to my data if I stop using your service? (Will it be deleted? Can I request removal?)
đš Have you ever had a data breach? (And if so, how did you handle it?)
đš What security compliance measures do you follow? (Look for adherence to GDPR, CCPA, and strong security practices such as those listed above.)
đ¨ Red Flag: If a vendor canât answer these questionsâor gives vague responsesâitâs time to reconsider working with them. Your data security is only as strong as the weakest link in your supply chain!
đ Small Changes, Big Security Wins
You donât need to be a cybersecurity expert to stay safeâyou just need smart habits.
Start with one or two of these today, and youâll be way ahead of the average person when it comes to security.
