tips
The outgoing 2024 brought a number of record-breaking data breaches — from the Taylor Swift concert ticket case, to the incident with 100 million Americans’ medical records. AI technology and cybercrime made leaps and bounds all year long. So how can you stay on top of all this to ensure personal information security? Here’s how: make these seven New Year resolutions — and stick to them throughout 2025.
1. Learn to use AI assistants securely
Over the past year, the use of AI has evolved from a trending novelty to a part of life — especially after AI assistants became smartphone features. Given that AI is now literally in the palm of your hand — offering at times quite personal advice — it’s worth getting to grips with the rules for safe chatbot use to keep yourself and others out of harm’s way. Here they are in a nutshell:
- Double-check AI advice — especially when asking for information about medicines, investments, or other queries where errors are costly. Chatbots are known to “hallucinate”, so never blindly follow their tips.
- Disable AI features unless you know what they’re for. The “smart” craze is driving companies to integrate AI even where it’s not needed. The most striking example is the rollout of the controversial Recall feature in Windows 11, where it continuously captures screenshots for AI analysis. Disable AI if you’re not actively using it.
- Never give personal information to AI. Photos of documents, passport details, financial and medical information are almost never needed for AI to function correctly. Given that such data may get stored for a long time and used for AI training — and thus be more likely to leak — it’s better not to upload such data in the first place.
- Don’t chat with family and friends through AI. Such automation is rarely useful and won’t help maintain closeness.
2. Switch to passkeys instead of passwords
Tech majors are gradually ditching passwords for more reliable passkeys; for example, Microsoft plans to move a billion users over to this new technology. With it, logging in to any site will be by means of biometric verification or PIN code. The check is carried out locally on your computer or smartphone, after which the device decrypts from its storage a unique cryptographic key for the website in question, which “recognizes” you by this key. In some services, “Passkey” is the actual name of the login method; others, like Microsoft, mention “Face, Fingerprint, or PIN”. Whatever name it goes by, the method is more reliable than a combination of a password and one-time code — as well as easier and faster to use. If passkeys are on offer — get them!
3. Find and change all old passwords
Despite the advent of passkeys, passwords will remain with us for many years to come, and that means lots more leaks and hacks. Old passwords that you created years ago with little thought to length or strength can be brute-forced without too much trouble. For example, this year saw the biggest password leak in history. Dubbed RockYou2024, it contained 10 billion (!) unique records. Many of them are encrypted, but modern video cards can be used to crack shorter passwords. In our study of password strength, it turned out that six out of ten user passwords found in this leak could be broken in a few seconds to one hour.
To thwart password crackers, go through all your passwords and reset any that are short (fewer than 12 characters) or very old, and create new ones in accordance with best security practices. As you know, passwords should never be reused, so it’s best to generate new ones and store them in a reliable password manager.
4. Teach family and friends how to spot deepfakes
The rapid advance of neural networks has allowed scammers to move from deepfake videos of celebrities, to inexpensive and relatively massive attacks on specific individuals using fake voices and images of… absolutely anyone. Deepfakes were first used to promote financial pyramids or fake charities, but now targeted scams are in play; for example, calls from the victim’s “boss” or a “loved one”. It’s now easier than ever to make a video of someone you know well asking for money or something else, so always double-check unusual requests by making contact with the person through another channel.
Given the vast leakage of medical records in 2024, we can expect to see new targeted “doctor scams” in the coming year.
5. Switch to private messengers
For those who still believe in privacy, 2024 delivered a couple of major setbacks. First, the arrest of Telegram founder Pavel Durov raised fears that intelligence agencies could start snooping on users’ correspondence. Next, the United States was rocked by scandal when it broke that foreign intelligence agencies had hacked the legal wiretapping system operated by all U.S. telecom providers, and gained access to the calls and texts of Americans. The authorities went so far as to advise people to switch to private messengers for greater privacy.
To sleep more soundly at night, follow this tip and, together with your main contacts, move to a messenger with end-to-end encryption.
6. Set aside a monthly “backup hour” in your calendars
If you don’t even remember when you last backed up your data, it’s time to schedule this activity — which is no less important than annual car maintenance or spring cleaning your house; however, backups should be much more frequent: daily, weekly or monthly — depending on the data type.
Backup must be two-way: back up data on your phone and computer to cloud storage, and download cloud data to local storage. An example of the former is photos on your phone. An example of the latter is Gmail messages.
This way, you’ll be protected against a wide range of problems: computer crashes, smartphone theft, ransomware attacks, house fires, your favorite recipe site being shut down, movies and music disappearing from streaming platforms, sudden hikes in cloud-hosting charges, and so on. For best practices for backing up from the cloud, see our post here; and to the cloud, see here. Another of our guides explains how to save important online data stress-free, so you don’t have to worry about your favorite sites or services disappearing. And under the backup tag on our blog, you’ll find no end of practical tips on saving data from anywhere, including messengers, authenticator apps, and note-taking tools.
7. Enter your card number less often
In 2024, cloud storage provider Snowflake suffered a string of massive leaks of customer data. Among the companies affected were AT&T, Live Nation (Ticketmaster), and Santander. The exact makeup of the information in each leak remains unclear.
So as not to be left guessing if your payment data is safe, and not to mess around with contacting banks and reissuing cards after every major leak, save your card to a reputable, secure service (PayPal, Google Pay, Apple Pay, or similar), and use it to pay for purchases wherever possible. That goes for both offline and online purchases. This will make it harder for attackers to intercept your payment data and reduce the likelihood of damage in the event of a large store or online service hack.
If you need to enter card details but your preferred payment service isn’t an option, use the Safe Money feature in any of our home security solutions.
