Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started.

First, begin by emptying your trash or recycle bin on your computer and clearing your browser cache of temporary files and cookies, both of which will free up valuable space on your hard drive, then follow these tips for cleaning your digital presence.

1. Clean up apps and files. Are some of your apps gathering dust? Do you have files from high school (and it’s been years since you graduated)? If you’re not using these items, think about deleting them. Clearing out old, outdated and unused apps, programs and files leaves more space and memory on devices to fill with things you use.
2. Back up your data. Our devices are a treasure trove of family memories like pictures and videos and they also often include key documents like tax forms and other sensitive information. None of us would want to lose any of these items, which is why it’s important to back up your data, and often. Back it up to both a cloud storage service and an external hard drive—just in case
3. Review privacy policies. Are your accounts as private as you want them to be? Take the time to review the privacy settings on your accounts and your apps so you understand how they use your data. This is important for your social media accounts so you can choose what you want or don’t want to share online. For a good resource on social media privacy, see this article. This is also critical for your apps as many apps access information they don’t need. In fact, McAfee Labs™ found that 80% of Android apps track you and collect personal info–most of the time without our knowledge.
4. Change your passwords. It’s always a good to idea to change your passwords on a regular basis and there’s no better time during a digital spring cleaning. To help you deal with the hassle of managing a multitude of usernames and passwords required to manage your digital life, use True Key™ by Intel Security. The True Key app will create and remember complex passwords for each of your sites, make them available to you across all of your devices, ensure that only you can access them simply and securely using factors that are unique to you, and automatically logs you in when you revisit your sites and apps—so you don’t have to.

So before you consider yourself done with your spring cleaning, make sure you finish this last bit of spring cleaning with these tips, and you’ll be well on your way to cleaning up your digital life.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! 

What’s it called if, for example, someone runs up your credit card line without your permission? Identity theft. ID theft isn’t necessarily someone going around impersonating you. But it is considered someone taking over your accounts.

Account takeover is also someone hacking into your computer and getting the password for your PayPal account, then sucking it dry. ID theft is an extremely common occurrence. The damage incurred by ID theft runs along a continuum, from light to heavy. At its worst it can:

• Cost thousands of dollars to repair the fallout
• Take months to fix this
• Destroy reputation
• Cause difficulty finding employment
• Cause rejection of loan applications
• Cause the victim to be arrested because the identity thief committed a crime in their name

There are tons of ways one can become a victim. It used to be that ID thieves would steal a wallet and gain information that way, or dig through your rubbish for bank statements. But these days, ID theft is prolifically committed in cyber space by thieves thousands of miles away.

For example, a thief halfway around the globe could trick you into giving your bank account information by sending an e-mail that looks like it’s from your bank, telling you that your online account has been compromised and that you need to supply your account information to repair the problem.

Or, clicking on a link that promises to show you a nude celebrity instead downloads a virus to your computer.

ID theft can also occur through no lapse in judgment of your own: when the retailer you buy things from with a credit card is hacked.

Protect Yourself

• All of your computer devices should have software: antivirus, antimalware and a firewall, and always updated.
• Educate yourself on recognizing scams. Some are ingenious and look legitimate. One way to drastically reduce the odds of being tricked by a ruse is to never, never, never click on any links in an e-mail. Never.
• Make all of your passwords unique, over 10 characters and a mix of numbers, letters and symbols: gibberish rather than the name of your favorite rock band or sport.
• View your credit report (it’s free) once a year from each of the three credit reporting agencies. Look for odd things like new accounts opened that you never opened and other false information.
• If you’re sure you won’t be applying for a loan for a long time, freeze your credit.
• Use only reputable merchants for online shopping when possible (we all know this rule doesn’t apply when you want to buy those big clumpy home-baked chocolate cookies from “Denise’s Gourmet Cookies”).
• Missing snail mail bills? Report this to the associated companies because a thief may have changed your billing address.
• Use a VPN. A virtual private network such as Hotspot Shield is one significant layer to protect your data and your identity by encrypting your information.

Consider it a red flag if you receive credit cards you didn’t apply for, especially if they have high interest rates.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. 

Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you.

Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as you use your laptop. Or, you can be tricked—via a phishing e-mail—into giving out your super strong password. The simple username/password combination is extremely vulnerable to a litany of attacks.

What a crook can’t possibly do, however, is log into one of your accounts using YOUR phone (unless he steals it, of course). And why would he need your phone? Because your account requires two-factor authentication: your password and then verification of a one-time passcode that the site sends to your phone.

Two-factor authentication also prevents someone from getting into your account from a device other than the one that you’ve set up the two-factor with.

You may already have accounts that enable two-factor authentication; just activate it and you’ve just beefed up your account security.

Facebook

• Its two-factor is called login approvals; enable it in the security section.
• You can use a smartphone application to create authentication codes offline.

Apple

• Its two-factor works only with SMS and Find my iPhone; activate it in the password and security section.
• Apple’s two-factor is available only in the U.S., Australia, New Zealand and the U.K.

Twitter

• Twitter’s two-factor is called login verification.
• Enabling it is easy.
• Requires a dependable phone

Google

• Google’s two-factor is called 2-step verification.
• It can be configured for multiple Google accounts.

Dropbox

• Activating two-factor here is easy; go to the security section.
• SMS authentication plus other authentication apps are supported.

Microsoft

• Enable it in the security info section
• Works with other authentication apps.

Additionally, check to see if any other accounts you have offer two-factor, such as your bank (though most banks still do not offer this as described above, but do provide a variation of two factor).

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. 

Is it Bank of America’s fault that a hospital was hacked and lost over a million dollars? Chelan County Hospital No. 1 certainly thinks so, reports an article on krebsonsecurity.com. In 2013, the payroll accounts of the Washington hospital were broken into via cyberspace.

Bank of America got back about $400,000, but the hospital is reeling because the hospital says the bank had been alerted by someone with the Chelan County Treasurer’s staff of something fishy. The bank processed a transfer request of over $600,000—even though the bank was told that this transfer had not been authorized.

In short, some say Bank of America failed to follow contractual policies. And what does the bank have to say for this? They deny the lawsuit allegations. They deny brushing off the hospital’s alert that the wire transfer was not authorized.

This scenario has been replicated many times over the past five years, says the krebsonsecurity.com article. Hackers use Trojans such as ZeuS to infiltrate banks. And not surprisingly, phishing e-mails are the weapon of choice.

Though bank consumers are protected from being wiped out by hackers as long as they report the problem within 60 days, businesses like hospitals don’t have this kind of protection. The business victim will need to sue the bank to recoup all the stolen money. Legal fees will not be covered by the defendant, and they are enormous, which is why it’s not worth it to sue unless the amount stolen is considerable.

Businesses and consumers should:

• Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails.
• Stage phishing attacks to see how well everyone learned their security training
• Retrain those who fell for the staged attacks
• Make it a rule that more than one person is required to sign off on large transfers
• Know in advance that the bank will not reimburse for most of the stolen money in a hacking incident, and that legal fees for suing can exceed the amount of money stolen.

The Russians have come…again—in the form of hackers. Not long ago Russian cyber criminals busted into the U.S.’s State Department system and mangled it for months.

This time, they got into a computer system at the White House. Luckily, this system did not hold any classified information, but nevertheless, the hackers got ahold of President Obama’s private itinerary. So it just goes to show you just what hackers a world away can do.

This isn’t the first time that the White House has been hacked into. Remember the attacks that were allegedly committed by the Chinese? These, too, did not involve sensitive information, but the scary thing is that these cyber invasions show how easy it is for other countries to bang into the computer systems of the No. 1. Superpower.

So President Obama’s personal schedule got hacked, and in the past, some White House employee e-mails got hacked. What next—top secret plans involving weaponry?

What the Russians may do next is of grave concern to the FBI. Perhaps the Russians are just teasing us with this latest break-in, and the next hacking incident will really rattle things.

Ironically, Obama had recently signed an executive order in the name of stomping down on cyber crime. Well, someone didn’t stomp hard enough, and the Russians, Chinese and everyone else knows it.

Obama’s efforts involve CISA: Cybersecurity Information Sharing Act. The Act would mandate that there’d be greater communication between the government, businesses and the private sector relating to possible cyber threats.

CISA is not well-received by everyone because it involves what some believe to be a compromise in privacy. This latest attack on the White House, say CISA critics, might encourage lawmakers to hastily pass the Act without first building into it some features that would protect the privacy of the private sector.

The chief concern, or at least one of the leading ones, of CISA opponents or skeptics is that of the government gaining access to Joe’s or Jane’s personal information. And why would the government want to get our private information? For surveillance purposes—that harken back to the efforts to increase cyber protection and prevent more hacking episodes.

The bottom line is that this latest attack by the Russians will surely add a few more logs to the fire in that lawmakers will feel more pressure than ever to strongly consider passing CISA.

“My house was hacked!” Had you said this 25 years ago, people would have thought a burglar vandalized it with an axe. Say it today and nearly everybody will know what you mean: A thief or prankster “broke” in to your house via its connected-to-the-Internet gadgets.

If something’s connected, like your refrigerator, the possibility of hacking exists. All of these smarthome gadgets make it to market without a lot of attention on security, leaving them with “back doors” through which hackers could enter. This craeates a larger “surface area” for potential cyber invasions.

In January 2014, connected refrigerators were actually sending out spam e-mails. So don’t think that all of this is just hyped up anxiety. And unless you’ve been living in a cave, you’ve already heard about the man who hacked into a baby monitor and yelled obscenities through it. A hacker could infiltrate through any vulnerable device in your house and use it as a launching pad to get into your e-mail account and redirect your web traffic to them.

Though nothing is ever 100 percent secure, the issue boils down to how important it is for you to control your home’s thermostat or coffee pot while you’re away, which means adding one more “smart” thing to your house, increasing its surface area of potential attack.

Smart gadgets are especially vulnerable to attack because they may not be replaced for many years, such as a smart washing machine. This means the appliance or device needs to have a long-term ability to receive security updates.

To combat security threats, makers of smart gadgets and appliances need to have security in mind from the beginning of manufacturing. They need to set up a monitoring system for these products for as long as they are in use, so that the smart washer is just as protected in its 15th year of use by the homeowner as it is in its first year.

Though the smart coffee pot may come across as a status symbol of a tech-savvy person with money to burn, some smart devices can save money such as a system that monitors water usage and can even identify which pipe has a leak.

The homeowner has to do a risk/benefit analysis and just perhaps forego the coffee pot and the smart egg container that tells you when you’re down to your last few eggs. To check if your kids are sleeping you may just have to do it the old-fashioned way: walking to their bedroom and peeking in.

When making an investment in smarthome devices make sure to check out the reviews, do your research to see if anyone has experienced security issues. And make sure to update any software of firmware over the lifespan of the device.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. 

Would you give up your bank account and credit card numbers to a stranger on the street after he approaches and asks for them? Of course not. But that’s essentially what people do when they’re tricked by online crooksters into revealing sensitive personal information, including their Social Security numbers.

One of the most common ways this is done is through phishing.

• The phishing attack is when the thief sends out thousands of the same e-mail. If enough people receive the message, sooner or later someone will take the bait.
• The bait may be a notice you’ve won a prize; a warning that your bank account has been compromised or that you owe back taxes; an alert that something went wrong with your UPS delivery; or something about your medical insurance.
• These subject lines are designed to get you to open the e-mail and then follow its instructions to remedy the problem—instructions to the tune of typing out your personal information including passwords.
• Sometimes the fraudster has already gained information from a victim and will use that to make the victim think that the phishing e-mail is legitimate.
• These e-mails contain links; never click on them. They’re designed to entice people into giving up personal information, or, the site they take you to will download a virus to your computer.
• Sometime the e-mail will contain an attachment. Opening it can download a virus.
• What if the e-mail appears to be legitimate, complete with company logo, colors, design and details about you? Contact the company first, by phone, to see if they sent out such an e-mail. Don’t click any link to get on the company’s site; instead go there via typing into the URL field.
• You may have heard that hovering over the link will show its true destination, but this isn’t always the case.
• Remind yourself that you are not special: Why would YOU inherit money from some strange prince in a foreign country?

Passwords

• Passwords should never contain words or names that can be found in a dictionary. I know you so desperately want to include the name of your favorite football team in it, but don’t. Such passwords are easier for hackers to crack.
• Never use keyboard sequences; again, a hacker’s tool can find these.
• Make a password almost impossible to crack by making it at least 12 characters, a mix of upper and lower case letters, and include numbers and other symbols.
• Use a different password for every account.

Anti-malware Software

• You should have a complete system that’s regularly updated.
• Have a firewall too.

Virtual Private Network

• Download Hotspot Shield to encrypt your data on public WiFi hotspots.
• Shield your IP address from webtracking companies who desire your information to sell you stuff or from search engines who hand that data over to the government.

Secure Sites

• Whenever possible, visit only sites that have https rather than http, because the “s” means it’s a secure site.

A padlock icon before the https means the site is secure.