Halloween isn’t the only spooky thing about October. In 2004, the National Cyber Security Alliance and the U.S. Department of Homeland Security (DHS) put a spotlight on the vulnerability of Americans’ online data by designating October as Cybersecurity Awareness month. The month is a chance to highlight how to protect yourself online.

John Gerek, a cybersecurity specialist at Northwestern Mutual, says the monthly designation is helpful for creating awareness about the dangers of not securing your online data as well as the protective resources available. “Securing your personal assets is a natural habit for most of us: You lock your house before you go out and your car when you get to the store,” he says. “Since we all do so much online now, you really should think about personal cybersecurity the same way by taking protective steps every day.”

Here are 4 best practices for protecting your digital privacy.


Identity theft made headlines nationwide in 2017 when news of the Equifax breach revealed hackers had accessed the confidential information of 143 million American consumers. That’s nearly half of the entire U.S. population.

“The most valuable thing that everybody has is their identity, which makes everyone a target,” Gerek says. “The size of your bank account doesn’t matter. A hacker can use your identity to open up credit cards, apply for loans or any number of things.”

To combat these types of threats, Gerek recommends requesting your free your credit report at least once a year. You can also periodically check your email’s security status to see if it’s been compromised. You may also want to consider freezing your credit at all three reporting agencies.

It is best to be cautious about sharing any type of personal information unless absolutely necessary. Even the most basic data (birth dates, phone numbers, addresses and email addresses) can be used to steal your identity. For example? Gerek points to certain online quizzes.

If you take an online quiz, make sure you know the source. “It can be a data mining activity that could be hosted by a bad guy — even if it seems kind of goofy, they’re designed to find out more information about you,” Gerek says.

Another danger? Public Wi-Fi, which Gerek says, “is fine if you’re just browsing the internet for something. But you shouldn’t use it for doing a banking transaction, online shopping or anything that will take you into one of your personal online accounts.”


We all have so many different usernames and passwords that it can be difficult keeping track of them all. But don’t make the mistake of using the same one for everything. The longer your password is, the better, and don’t save passwords in your browser or on online sites.

Additionally, always use multifactor or two-step authentication when it’s offered. And Gerek says to consider using a password manager, which you set up by creating one master password that you will need to memorize. After that, the service will do the rest.

If you’re active on social media, Gerek stresses that it’s important to learn how to set up privacy settings for every platform. Photos and content you upload are not always secure and could lead to identity theft. The good news is that more awareness has led to more transparency about security standards. “Everybody should take the time to understand what settings are available and learn how to make adjustments accordingly,” Gerek says.


Update your operating systems

Your personal computer will periodically receive updates for your operating system: Always apply them or configure your machine to do it automatically. Gerek says that you should install antivirus software, if it doesn’t come pre-installed, and make sure it’s always on so you get the automatic updates.

Back up your data

Be sure to make regular backups of your data and verify their integrity. Secure the backups by making sure they are not always connected to the computers they are backing up. Whenever you plan to dispose of any old devices, make certain you have wiped them of any personal information.

Set up a personal VPN

With the massive shift to working from home during the pandemic, many office workers became familiar with logging on to their company’s virtual private network (VPN). Gerek says it’s worth investing in one for your personal devices. “They’re relatively inexpensive and provide a lot of protection because it hides your activity from any outside parties providing a secure internet connection,” he says. “It acts as a go-between from your computer to an internet site and anonymizes you, which keeps hackers from having a direct line to your activity.”

Gerek adds that you should also protect your Wi-Fi networks with a password and change the default admin passwords on all your connected devices.


“Phishing is the No. 1 threat to every person and every business,” Gerek says. “It’s the main way bad actors obtain confidential information.”

So, if you have any suspicions about an email, don’t click on anything. Confirm with a phone call from the sender. Or, instead of clicking on anything in the email, go directly to the website it seems to represent.

Gerek also recommends setting up a second email address if you want to enroll in any contests or sign up for shopping discounts. “The more places you enter your email, the higher your chances for getting spam and malicious emails,” he says. “Set up one email where you won’t care that you get a bunch of junk mail in it. And only use your more legitimate email for your friends and family and important accounts you access online.”

Recommended Reading