You’re using strong and unique passwords. You’re on the lookout for phishing emails. And you’ve set up two-factor authentication on every account that offers it. Basically, you’re acing Personal Cybersecurity 101. But with new threats popping up all the time, you may be looking for other proactive steps you can take to protect yourself. Here’s an easy one: Clean up your digital junk.

Most people have old email accounts floating around, forgotten thumb drives in a drawer, and years-worth of crap in a downloads folder. All that stuff is a liability. Saving data that you want or that will someday come in handy is…sort of the whole point of the digital revolution, but holding on to accounts and files that you don’t actually want anymore needlessly exposes you to all sorts of risks. Your devices can be lost or stolen (or hacked) and big companies can suffer data breaches that incidentally expose your information. So the less there is out there, the better off you are.

“The physical presence of data is so small that sometimes we don’t think about it as being clutter,” says Michael Kaiser, the executive director of the National Cyber Security Alliance. “But we accumulate massive amounts of it and some of it can be harmful if it gets lost or stolen.”

Here’s some tips from the experts on how to clean that clutter before it comes back to haunt you.

Digital Dumping Ground

First, address your physical devices. Destroy old CDs, thumb drives, and external hard drives you don’t need anymore. (Don’t forget the box of floppy disks in your basement. Seriously.) Consider old PCs, gaming consoles, and smart home gadgets, and back up anything you want from those devices before wiping them.

Next, deal with your current devices. Sort through your desktop and clean out your documents folder. Eliminating old PDFs of credit card statements or medical forms that you no longer need will go a long way toward keeping you safer. And it’s a good opportunity to make a plan for sensitive documents that you do want to hold on to. You might back them up to a cloud service or a password-protected external hard drive and then take them off the devices you use every day that could be lost or stolen.

The point isn’t to part with data that is personally meaningful or useful. The goal is to pare down what you have so if your data is ever compromised hackers aren’t getting copies of your friend’s son’s leg x-rays—complete with name, birthday, and social security number—for no reason. You can still reminisce about what an impressively gnarly break it was without the responsibility of defending those files.

“When we talk about security we often talk about protecting our own things,” Kaiser says. “But in reality in the digital world we actually do sit on large amounts of information about other people, and that’s something to consider with decluttering and storing data more securely.”

In the Ether

Now, go deeper. Get into applications, Internet services, and the cloud. The most important account to consider is your email, the central data hub of your online life. Your email account would be a valuable prize for a hacker, because it could contain information about a host of other people (friends, family members, coworkers) in addition to yourself. Deleting emails you no longer need and exporting old emails you still want to the cloud or a hard drive is a smart way to reduce what would be compromised if your email was ever hacked. And don’t forget about old email accounts (ahem, Yahoo).

“Think of the information you have saved,” the United States Computer Emergency Readiness Team notes. “Is there banking or credit card account information? Tax returns? Passwords? Medical or other personal data? Personal photos? Sensitive corporate information? … Depending on what kind of information an attacker can find, he or she may be able to use it maliciously.”

And as with thumb drives, you may have random files in all sorts of services that offer some free storage like Box, Google Drive, and Dropbox. Sort through what’s there and eliminate what you don’t need.

Cancel Those Accounts

Look for apps you don’t use anymore and shut them down. Are your photos backing up onto four different services for some reason? Clean that up. Do you still have an account with a messaging app you used once two years ago until your friends were like, yo, this isn’t cool anymore? Why is that calorie counting app still on your phone from 2014? Cancel and delete. That type of exposure is an unnecessary risk.

Before you delete the software, clean out and close your account with the company so it retains the smallest amount of data possible about you. Closing an account doesn’t necessarily mean that a company deletes all your data or eliminates the basic things it knows about you—data handling procedures should be laid out in an app’s terms of service—but it keeps the account from staying active and potentially continuing to collect data. For example, a fitness app that you haven’t thought about in months could be tracking your steps, heart rate, or even your whereabouts without you realizing. And if an account is deactivated, the company that manages it might still keep the data from it on record, but criminals won’t be able to figure out the credentials for the account, log in, and, say, use a credit card on file to go on a shopping spree.

And after your data spring cleaning is done, try to remember these best practices as you inevitably accumulate more digital dreck. Think twice about downloading fad apps or starting free trials. Back up what you need and then wipe the data storage on hardware as soon as you move on to something new. And when possible delete documents as soon as you’re done with them. The more understanding and control you have over your digital footprint the easier it is to defend.



Wired