How to Spring Clean Your Digital Clutter to Protect Yourself

You don't have to get your hands dirty to do the most important spring cleaning of the year.
SpringCleanTA.jpg
Getty Images

You're using strong and unique passwords. You're on the lookout for phishing emails. And you've set up two-factor authentication on every account that offers it. Basically, you're acing Personal Cybersecurity 101. But with new threats popping up all the time, you may be looking for other steps you can take to protect yourself. Here's an easy one: Clean up your digital junk.

Most people have old email accounts floating around, forgotten thumb drives in a drawer, and years-worth of crap in a downloads folder. All that stuff is a liability. Saving data that you want or that will someday come in handy is sort of the whole point of the digital revolution, but holding on to accounts and files that you don't want anymore needlessly exposes you to all sorts of risks. Your devices can be lost or stolen (or hacked), and big companies can suffer data breaches that incidentally expose your information. So the less there is out there, the better off you are.

"The physical presence of data is so small that sometimes we don’t think about it as being clutter," says Michael Kaiser, executive director of the National Cyber Security Alliance. "But we accumulate massive amounts of it, and some of it can be harmful if it gets lost or stolen."

Here's some tips from the experts on how to clean that clutter before it comes back to haunt you.

Destroy Old Devices

First, address your physical devices. Destroy old CDs, thumb drives, and external hard drives you don't need anymore. (Don't forget the box of floppy disks in your basement. Seriously.) Consider old PCs, gaming consoles, and smart home gadgets, and back up anything you want from those devices before wiping them. You can walk through tips on how to digitally and physically destroy data here, with bonus cleaning tips here.

Next, deal with your current devices. Sort through your desktop and clean out your documents folder. Eliminating old PDFs of credit card statements or medical forms that you no longer need will go a long way toward keeping you safer. And it's a good opportunity to make a plan for sensitive documents that you do want to keep. You might back them up to a cloud service or a password-protected external hard drive and then take them off the devices you use every day that could be lost or stolen.

The point isn't to part with data that is personally meaningful or useful. The goal is to pare down what you have so if your data is ever compromised, hackers aren't getting copies of your friend's son's leg X-rays---complete with name, birthday, and Social Security number---for no reason. You can still reminisce about what an impressively gnarly break it was without the responsibility of defending those files.

"When we talk about security, we often talk about protecting our own things," Kaiser says. "But in reality, in the digital world we actually do sit on large amounts of information about other people, and that’s something to consider with decluttering and storing data more securely."

Social Media, Email, and Cloud

Now, go deeper. Get into applications, internet services, and the cloud. The most important account to consider is your email, the central data hub of your online life. Your email account would be a valuable prize for a hacker, because it could contain information about a host of other people (friends, family members, coworkers) in addition to yourself. Deleting emails you no longer need and exporting old emails you still want to the cloud or a hard drive is a smart way to reduce what would be compromised if your email was ever hacked. Virtually all email services, including Google and Yahoo offer ways to export your messages and other account data so you hold it locally and can delete it from the company’s servers. And don't forget to purge and delete old email accounts that you no longer use.

You should also take advantage of email search features (especially on Gmail) to comb through your old messages. You can bulk-delete everything from before a certain date or everything from a particular contact. And you can get strategic about it. Search for an old landlord's name, for instance, to delete any emails you sent them, since those are more likely to contain personal information like tax forms or pay stubs. You should also somewhat regularly search your email for the last four digits of your Social Security number and delete any messages it, or the full number, appears in. If you can, ask the sender or recipient of those emails to delete them too.

"Think of the information you have saved," the United States Computer Emergency Readiness Team notes. "Is there banking or credit card account information? Tax returns? Passwords? Medical or other personal data? Personal photos? Sensitive corporate information? … Depending on what kind of information an attacker can find, he or she may be able to use it maliciously."

And as with thumb drives, you may have random files in all sorts of services that offer some free storage like Box, Google Drive, and Dropbox. Sort through what's there, and eliminate anything that might pose a specific risk, like old tax returns or financial documents.

If you use a password manager (which you totally already do, right?!) you can go through your list of logins as one way of remembering old accounts you set up forever ago.

Cancel Those App Accounts

Look for apps on your phone and tablet, streaming devices, gaming consoles, and computer that you don't use anymore and shut them down. Are your photos backing up onto four different services for some reason? Clean that up. Do you still have an account with a messaging app you used once two years ago? Why is that calorie-counting app from 2014 still on your phone? Cancel and delete. That type of exposure is an unnecessary risk.

Finding which accounts you still have active is easy enough. On iOS, got the App Store, tap Apple ID, then View Apple ID, then Subscriptions. On Google, tap the Menu button, then Account, then Subscriptions.

Instead of just deleting the app from your phone, make sure you clean out and close your account with the app developer so it retains the smallest amount of data possible about you. Closing an account doesn't necessarily mean that a company deletes all your data or eliminates the basic things it knows about you—data handling procedures should be laid out in an app's terms of service—but it keeps the account from staying active and potentially continuing to collect data. For example, a fitness app that you haven't thought about in months could be tracking your steps, heart rate, or even your whereabouts without you realizing. And if an account is deactivated, the company that manages it might still keep the data from it on record, but criminals won't be able to figure out the credentials for the account, log in, and, say, use a credit card on file to go on a shopping spree.

If you’re feeling bold, use this step-by-step guide to delete your data and accounts from all the top social networks. Even if you don’t want to go all the way, you should still make sure you have your social media privacy settings locked down—here’s a detailed guide for how to do it on Facebook—and delete data in your social media profiles that you no longer want or need there.

Survey the Scene

Once you’ve Marie Kondoed the crap out of your devices and data, take a step back and think about what you might be forgetting. Are there photos of credit cards and your driver’s license in your smartphone’s camera roll? Did a friend trust you with their bank account information once while they were traveling and in a bind? Do you have scans of your family members’ passports and other documents from applying for visas or coordinating other immigration submissions?

You should also review the apps you have left on each device. Use this guide to check through your app permissions on Android, iOS, Windows, and MacOS to limit what data apps can collect in the first place.

And after your data spring cleaning is done, try to keep these best practices in mind as you inevitably accumulate more digital dreck. Think twice about downloading fad apps or starting free trials. Back up what you need and then wipe the data storage on hardware as soon as you move on to something new. And when possible delete documents as soon as you're done with them. The more understanding and control you have over your digital footprint the easier it is to defend.


More Great WIRED Stories