H8. Clean up your devices and accounts

Description: Just as some people enjoy clutter-free, organized living spaces while some enjoy a more “livable” space, the same is true of your computers and accounts. You wouldn’t leave opened mail from your bank or stockbroker laying around the house for any visitor to look at. The computer is no different. Cleaning up after yourself reduces the places a nosey attacker can try to violate your privacy. There are many ways to clean up after yourself, but not all of them are obvious.

Threats: Leaving unused personal data, accounts, or systems accessible without protection can result in unauthorized use. Accounts left logged on after being used can lead to successful client-side attacks, such as CSRF, clickjacking, or XSS.

Impact: Data, systems, and accounts not properly secured when not in use can lead to the exposure of confidential data, unintended actions, destruction, or theft.

Recommendations:

Consumers should focus on:

1. Logout of accounts when you are done using them
2. Periodically review and delete online accounts no longer needed or used
3. Delete files no longer needed, including temporary files, text messages and chat logs, email (don’t forget sent mail), recycle bins, and old SSH keys

Tech-savvy users should also:

1. Periodically review and delete system accounts no longer needed or used
2. Periodically clean your browser cache
3. Properly clean and sanitize computer equipment before discarding

Example: Logging into an online site on a friends computer, phone, or a public computer and not logging out allows others you may not intend to view your personal information and make changes to your account.