5 Tech Tips To Keep Your Work Private And Personal Data Safe
It's often said that those with nothing to hide have nothing to fear, but we now live in a world where that attitude has a chance of upending your life. With hackers, identity thieves, rogue nation-states, data-hungry tech companies, and AI agents on the loose, information that would normally be innocuous can become a devastating weapon against you or your loved ones. Moreover, if an attacker steals company data you were responsible for, it could result in massive losses for your employer and the termination of your employment.
You've probably heard about some of the usual threats: suspicious emails that could be phishing attempts, pop-ups that claim your device is hacked, and so on. You've been told to change your passwords regularly and not to use the same one with multiple accounts. Many corporate workers have had details about these sorts of attacks and security reminders drilled into them through company training.
But cybersecurity is an infinitely deep rabbit hole, and there are many more things you can do to keep your data private and safe as you work. Half of the battle is knowledge. You can't fight back unless you know what you're up against. So, from locking down your accounts and devices to practicing good digital hygiene, here are five tips that will leave you better equipped to deal with digital threats, keeping your work private and personal data safe.
Use passkeys, not passwords, where possible
Passwords have never been the best way to keep our digital lives secure, but we've been stuck with them out of necessity. They force us to choose between convenience and security. Do you use the same password for everything and risk having your entire digital life stolen when a single account is exposed, or do you set unique, complex passwords for each of your accounts and risk losing access when you inevitably forget one? Password managers have stepped in to fill that gap, remembering unique passwords so you don't have to, but that just makes your password manager an attractive target for hackers.
One of the most basic steps anyone can take to improve their digital privacy and security is to use passkeys instead of passwords. Passkeys store an encrypted "key" on your device. When you sign into an account, you'll be asked to use the PIN, password, or biometric scan you normally use to unlock the device itself. Instead of remembering a hundred passwords, your computer or phone's unlock code becomes the only thing you need. This may seem less secure, but because passkeys are tied to your specific device, the website knows you aren't some hacker on the other side of the world. The service checks your device, and your device confirms that it's really you.
You can already use passkeys on many commonly used accounts, including Google, Microsoft, and more. Check in the security sections of each service's settings to make the switch. You should also pick a passkey manager to store your passkeys. Common options include 1Password, Proton Pass, NordPass, and Google Password Manager.
Use a password on your phone, not fingerprint or face unlock
When setting up the lock screen on your smartphone, you will be presented with a few options. All devices offer a password or PIN, while Android phones offer a pattern lock and often a fingerprint sensor or camera-based face unlock, and iPhones offer the three-dimensional Face ID system. However, due to legal and technical factors, the only options security-conscious users should choose are a password, PIN, or pattern. Although you must take care not to reveal your password, it cannot be forcibly extracted from you.
In the United States, police and other law enforcement officers cannot warrantlessly breach your password. That's because the Supreme Court has ruled that a password is private knowledge protected by the Fourth Amendment, meaning that you cannot be compelled to divulge it against your will. However, the law currently does not prevent a law enforcement officer from physically forcing you to unlock your phone or other devices by forcibly pressing your thumb to the fingerprint reader or putting you in a headlock to hold your face still while Face ID scans you.
Circuit courts have ruled in opposite directions, with a 9th Circuit judge finding in 2024 that forcing a defendant's thumb to the phone's fingerprint reader was no different than forcibly taking his fingerprints during booking. In 2025, the D.C. Circuit ruled the opposite, finding that a January 6th insurrectionist's rights were violated when the FBI forced him to open his phone with biometrics. Until the Supreme Court weighs in, it's a gray area. Either way, an individual officer may not know or care what the law says. For more information, see our explainer on why you should never give the police your phone without a warrant.
Be aware of your surroundings when dealing with sensitive information
Many people worried about their digital privacy and security go to great technical lengths to lock down their devices from prying eyes, but neglect to consider threats in the physical world around them. The weak point in all digital security is the human element, and the most effective hackers are often not typing on a supercomputer from some basement. Instead, they're using what are called social engineering attacks — in other words, chatting you up in an attempt to make you divulge the name of your first pet and the street you grew up on so they can reset your passwords, or asking you for your number so they can see you type your phone's password.
Some attacks may not involve any interaction, but did you notice that the security camera in your favorite cafe is pointed right toward your laptop as you type in your banking credentials? What about the man seated next to you, whose wandering eyes may have taken note of the same? Of course, one easy solution for some accounts is to use passkeys in tandem with biometric authentication on your phone, eliminating the need to enter passwords. As we discussed above, biometric security can backfire if you're ever in a tense situation with law enforcement, so it's up to individuals to determine whether state or non-state actors are likely to present the larger threat to you.
It's a bit crude, but a good rule of thumb when you're unsure whether to handle sensitive information in a particular environment is to ask yourself whether you'd look at "not safe for work" content there. If the answer is no, it's probably a good idea to wait until you're in a more private setting.
Always update your devices to get the latest security patches
You should almost always install updates on your phone, laptop, PC, and other devices when prompted. Your devices are doing a lot of work on their own to protect you from threats. Major operating systems like Windows, macOS, Android, or iOS include multiple layers of defense that, in most cases, block the most severe threats without any work on your part. However, because of the complexity of our devices and OSes, there are always hidden vulnerabilities waiting to be discovered. In the worst case scenario, which is known as a zero-day exploit, a threat actor discovers them first and deploys them against defenseless users. In the best case, your OS vendor discovers them first and issues a security patch.
When you don't update your phone or computer, you could lose a lot more than the five minutes it would have taken to install the latest software. Almost every system update to your devices contains at least a few security fixes, and if your OS vendor knows about those vulnerabilities, so do the bad guys. The sooner you update, the safer you'll be. There are minor exceptions. In January, a series of bad updates wreaked havoc on Windows PCs, breaking important features and even causing boot cycle issues. Microsoft quickly released an out-of-band patch to rectify those issues, at which point responsible users finally updated. If an update is known to cause problems, you should hold off until they're fixed.
Keep in mind that devices outside your phone and computer may need updates. Your smart TV, game console, smartwatch, wireless earbuds, and many other devices also receive occasional updates that should be applied as soon as possible.
Be cautious with Wi-Fi connections
In "The Lord of the Rings," the corrupted wizard Saruman uses a scrying orb called a palantir to communicate with the villain Sauron. Gandalf, unaware that his old friend has succumbed to evil, warns him against using the orb, saying, "We do not know who else may be watching." This is a particularly good metaphor for Wi-Fi, a technology nearly everyone relies on day-to-day. One of the things people aren't taught about Wi-Fi is that it's a two-way window. If a network is compromised, a threat actor could see everything you do and steal your most private work and personal data.
Evil twin attacks are among the most common Wi-Fi attacks, and happen most often in public areas like coffee shops, airports, and hotels, where lots of people are connected to the Wi-Fi. An attacker makes a network they control with the same name as the real network. Users may not notice that there are two networks named "Coffee Shop Guest" and connect to the fake one. Another common attack is man-in-the-middle, where an attacker positions themselves between two parties who are communicating, such as a payment vendor and a shopping site. And because Wi-Fi sends data through the air, sniffing attacks — where an attacker uses a specialized sniffing tool to intercept data packets — are also common.
You can prevent some attacks by encrypting your data, most commonly through a VPN. Because a VPN encrypts your network traffic, a network attacker will only see scrambled data if they breach a Wi-Fi network you're connected to. However, not all VPNs are created equal, and there are plenty of shady-looking services out there. Be sure to choose one of the best VPN services to ensure that your traffic is properly anonymized.