When we say locked down in this context, we’re talking about your online accounts rather than your physical whereabouts, though some of the thinking is the same—reducing your exposure to something that could harm you.
One seriously effective security measure you can put in place is to make sure two-factor authentication is put in place on all your key digital accounts. It means that even if someone gets your password and username, they won’t be able to get into your account without a third piece of information, usually a code sent to your phone. For even better protection—especially against so-called SIM swap attacks—you should use a dedicated authenticator app rather than just texts.
Just about every major online account supports 2FA now: Google, Apple, Microsoft, Twitter, Facebook and many more. You should be able to find the option fairly easily somewhere in the security settings. Logging in on new devices is slightly less convenient, but it’s worth it for the extra security protection.
It’s also a good idea to limit the number of third-party accounts linked to your main accounts as much as possible—so all those apps and sites you’ve registered for using your Facebook or Google credentials. There’s nothing inherently wrong with this, but the more accounts you have connected, the more routes hackers have into your key accounts.
Dig into the settings for your most important accounts and you should be able to find options for reviewing and disconnecting third-party accounts that you no longer need: For Facebook the page is here, for example, and for Google it’s here.
These steps are essentially putting up more barriers for the scammers to get over before they’re able to access your most important accounts and files—even if you’re fooled into clicking on a suspect link or attachment, you’ve still got a safety net to fall back on.
Be Suspicious by Default
With software and AI getting smarter at spotting suspicious links arriving over social media, via email, or simply as you browse the web, the scammers are upping their game too: Phishing attacks designed to tempt you into a fake site that looks genuine are getting more elaborate, while social engineering tricks are also getting more sophisticated.
Your default position should be wariness of anything that arrives in your inbox, your chat clients, or your SMS app—especially if it comes from a source you don’t recognize, and especially if there’s no (or very little) context. Remember that scam messages will try to elicit a sense of fear, or urgency, or intrigue, which is why incidents like the Covid-19 outbreak often lead to a rise in phishing attacks.