Hardening Information Security and Privacy


Here some best practices I’ve learned to harden security of my devices (mainly Android) and privacy of my information:

Circle of trust is as minimum as possible in information world

I use Google and Microsoft services a lot. So, they already know a lot about me… Do I need more? On other hand, I believe that it’s better not to have all eggs in one basket! I’m not a famous person to fear that much after all 🙂

Applications permissions – thanks Google (Android / Chrome)

Before installing an application (or extension), we need to understand the permissions it requires. We have to trust the developer and to make sure that the permissions do make sense. There is always an alternative if needed… For example, some might argue that Telegram is more secure than Whatsapp. Don’t forget the nature of the service itself here. That’s, installing Facebook app won’t change the fact that my privacy has been already breached (theoretically) when I initiated my account there and connected to my friends.

The device / account

  • Strong Passwords
  • Two-Factor Authentication.
  • Build-in Security. Third party lock screen apps for example on Android’s might override build-in security.
  • Activate Firewall on computer
  • Activating the locating of the phone through Android Device Manager. I found it impractical when my phone was stolen though! I had to change my passwords then and to remove related authentications appropriately.
  • Encrypting Data on the device.
  • Multiple backups (encrypted if possible) of important data even if it’s already backed up online.
  • Do we need to show our locations, birth date, or sensitive information everywhere?!
  • In case of deleting a social account such as Facebook, it’s recommended to alter our personal information there and wait for some time before deleting the account.
  • Buying the phone from a trusted (well known) company. Disabling/removing strange or unwanted apps. Rooting a device if needed should be done with caution & good management.
  • Make sure to format (factory rest) the device before selling it.

Don’t save important passwords online or without encrypting

Famous online safes & password managers are always targets for hackers. Writing hints instead of the full passwords might be better. I use offline safe with AES encryption.


Using VPN and staying away from Public Wi-Fi as much as possible are encouraged by many. Try also to make sure of the online navigation security (HTTPS, certificates…) especially when we’re providing/viewing sensitive information such as credit card. We have to be careful to what we are navigating; some websites or ads are fake and aiming to collect our information or hacking our devices. It’s important to familiarize ourselves with the terms of spam, fishing, and social engineering to avoid them or to minimize their effects.

Do we read the privacy terms (or terms & policies in general) when we register a new account or installing an app?

النسخة العربية من المقالة

10 thoughts on “Hardening Information Security and Privacy”

  1. Even after a factory reset, there are still ways to recover some data. So, after doing a factory reset, I think that it’s a good idea to transfer several random files to the phone then do a factory reset reset again.

  2. Only a recycling company would want a degaussed drive 😀 But it’s still better than selling it to scrap metal shop. 😃

    Well, if the drive contains very sensitive information anyway, it’s better to be safe than sorry…


Leave a Reply

%d bloggers like this: