If you are like me, time is something that always seems like it is in short supply. That doesn’t mean I don’t try to make time or that I’m unorganized. It just means that my to do list, because of my many work and personal responsibilities, is always jam packed.
Check and respond to email. Post to social media. Develop graduate courses in information security. Oversee graduate and undergraduate programs and faculty. Teach. On a more personal level, open snail mail. Buy groceries. Replace socks with holes. Pay bills.
I must admit most days I’m probably a data scientist’s dream, which is why my data reset at the beginning of the year is so important. The reset helps keep things a little more manageable, but also reduces my data storage needs, improves my security, and even reduces the visual clutter that can zap my productivity.
Of course, just hitting delete isn’t the answer. By law, I’m required to retain certain email and documents. If you own a business or work for one that must retain data to ensure compliance with financial, health, or privacy regulations, you must retain data as well, or risk being subject to the consequences.
To help identify the data you must retain, please be sure to check out the helpful PDF I’ve created, which can be found at the end of this post.
What can you do to reset your data and improve your security?
Address your inbox. Dealing with your inbox doesn’t mean you need to adopt a method to get to zero inbox three times a day nor that you should archive all of your spam. What I am referring to is doing some targeted purging if your inbox is unwieldy, and adopting a method for reducing the amount of email that you archive and need to back up. I’m also talking about reducing the number of messages that you receive overall. Fewer messages means fewer opportunities for you to miss a phishing email (and unknowingly provide your credentials to a hacker), or open a malware-laden attachment.
Most users can safely delete the following:
- Emails that contain expired offers
- Email invitations for free white papers, webinars, training sessions and more
- Emails that were received as part of verification processes
- Emails that contain download links
- Emails that suggest items to be purchased in the future
- Emails that are notifications from social media accounts
To address the volume of email you receive, unsubscribe from mailing lists and, when given the option of whether you would like to receive notifications, think twice about whether you really need to receive an email in addition to a text message or some other form of communication. More isn’t always better, and at some point notifications simply become background noise and digital clutter.
Be careful, though. It can be easy to get bogged down by this task. Don’t set a goal to address email and then get stuck. Instead, look to build a process that works for you.
Deal with your desktop. Having a cluttered desktop, just like a cluttered desk, can make it tough to get work done. With many of us spending the last year working remotely, a cluttered desktop can also pose a security risk, especially if you share your screen during video conferences. If you share your screen first and then access a sales presentation, for example, it’s likely the viewer will get at least a glimpse of your desktop. I’ve seen this happen during vendor demos and I factor it into my decision-making process when evaluating solutions. It’s interesting to know who someone is receiving mail from, or to be treated to a quick glimpse of spreadsheets for someone’s clients, but it also makes me think my information could be treated similarly and the person seeing that information could be someone performing reconnaissance.
To deal with your desktop, limit the number of shortcuts, store folders and files elsewhere, and close programs and files before sharing screens when video conferencing.
Check your downloads folder. Is that free workbook or report on phishing from three years ago still there? Have you already installed the open source project you wanted to test? If so, are you saving the install file for some reason? Do you really need to be saving that GIF your friend sent you a year ago? (I know it was hilarious at the time, but you probably don’t need to be saving it for posterity.) Delete the folders and files that you don’t need and, if there are files you want or must keep, move them to appropriate folders elsewhere so you know they won’t be deleted inadvertently.
Go through your documents and pictures. Save the ones you want to and/or must to comply with data retention policies. If time allows, organize the remaining folders and files so that you can easily locate what you need when you need it. Also, consider the type of data that is on your PC or laptop. Does the data contain personally identifiable information (PII) or protected health information (PHI)? If so, make sure that you aren’t just retaining the information, but also storing it securely, as required by law.
Don’t forget…
Clearing cache is often the recommended solution when a browser is a little sluggish or a hosted application isn’t working quite right, but it’s also something that should be part of your regular device maintenance.
Cloud storage when performing a security reset. Google Drive, OneDrive, Dropbox and the many other cloud storage solutions that are available today are great for storing and sharing files, but just like our PCs and smartphones, they can become cluttered with outdated and irrelevant data. Conduct a quick review of the folders and files you are storing in the cloud and delete those you no longer need and don’t need to retain. You may find you don’t need to pay for additional storage capacity (and you’re able to get rid of that notification too)!
To check your apps, especially if you need to more free space, or don’t have time to regularly perform vulnerability scans or install program updates. Uninstall apps you don’t need and/or don’t use. Keeping outdated apps on devices, including smartphones, is like sending out an invitation to hackers, especially if the apps leave ports open and/or have known vulnerabilities that are easily exploited.
2021 Security Checklist
To verify the integrity of the 2021 Security Checklist, use a hash generator to create a SHA256 hash value. Then, compare the value that you generated to the one here. If the hash values match, then the file that you downloaded has not been altered from the original.
On a Windows 10 PC, you can use Powershell to obtain the hash value. Open Powershell and then type the command below.
2021-Security-Checklist-Data-Retention < PDF
where yourusername is the username that you use on your PC. Then hit Enter. Please note there is a space after get-filehash and that the example above is using the default location for downloads. If you downloaded the file to a different location, you need to use the file path for that location.
Hash Value
SHA256 34F1C307E40EE454AFFA8E5EAEA96C97F626121922E898AAC42EAB0E90B95AB3