You probably change the batteries in your smoke detectors when daylight saving time rolls around. It’s a once-a-year habit that takes five minutes and could save your life. Your digital security deserves the same treatment.

I’m not talking about anything complicated here. This isn’t an all-day project. Below is a straightforward checklist — things anyone can do, no technical background required — that dramatically reduces your risk of becoming a victim of identity theft, account takeover, or fraud.

Set aside 20-30 minutes. Pour a coffee. Let’s do this.

Step 1: Check If Your Email Has Been Exposed

Go to haveibeenpwned.com and type in your email address. This free, legitimate service (run by a well-known security researcher) tells you if your email address appeared in any known data breach.

As of early 2026, the site tracks over 12 billion records from nearly 1,000 breached websites. If your email shows up, it doesn’t mean you’ve been hacked — but it does mean the password you used at that breached site should be changed immediately, especially if you use it anywhere else.

Do this for every email address your family uses.

Step 2: Update Passwords on Your Most Important Accounts

You don’t need to update every password — just the ones that matter most. Work through this list:

  • Email accounts (these are the master keys — prioritize these)
  • Banking and financial accounts
  • Social media accounts
  • Your Amazon, Apple ID, or Google account

If you use a password manager (see my post on why you should), use it to generate new, unique passwords for each. If you don’t have one yet — today’s a good day to start.

Step 3: Review App Permissions on Your Phone

Both iPhones and Android phones let you see which apps have access to your location, camera, microphone, and contacts. It’s worth checking once a year because apps accumulate permissions quietly over time.

  • iPhone: Settings → Privacy & Security → review each category (Location Services, Microphone, Camera, etc.)
  • Android: Settings → Privacy → Permission Manager

Ask yourself: does this flashlight app really need access to my microphone? If the answer is no, revoke it.

Step 4: Check Your Social Media Privacy Settings

Social media platforms quietly adjust their privacy settings over time — often in the direction of sharing more. Take a few minutes to check:

  • Who can see your posts? (Friends only is usually the right answer)
  • Is your phone number or birthday publicly visible? (It shouldn’t be)
  • Are you tagged in photos anyone can see?
  • What apps have you authorized to connect to your Facebook, Google, or Apple account?

That last one is a sleeper. You may have connected apps years ago that you’ve completely forgotten about — and they may still have access to your account data.

Step 5: Freeze Your Credit (If You Haven’t Already)

I’ve written a full post on how to do this, but the short version: freezing your credit at all three bureaus (Experian, TransUnion, Equifax) is free and prevents anyone — including a thief who has your Social Security Number — from opening new credit in your name.

If you haven’t done this, it’s the highest-value 15 minutes you’ll spend all year.

Step 6: Make Sure Two-Factor Authentication Is On

Check that your most important accounts have two-factor authentication enabled. If you’re not sure what that is or how to set it up, I’ve got a whole post on it.

At a minimum: email, banking, and social media accounts.

That’s it. You don’t have to do all of this in one sitting. Even knocking out two or three steps moves you significantly ahead of the average person — and criminals, like most predators, tend to go for easy targets.

Bottom line: Think of this like an annual physical for your digital life. You’re not trying to become unhackable; you’re just making yourself a harder target than the person who did nothing. Pick a date — maybe the first of the year, or when the clocks change — and make it a habit.