How to Reduce the Size of Your Attack Surface and Protect Yourself From the Bad Guys



Do you use social media? Do you go to websites? How about email? Do you have a computer of some kind or a home network? Do you get on WiFi? Do your devices have some kind of operating system on them like Windows, Mac, Linux, Android, or iOS? Do your devices have apps installed on them? If you can answer yes to any of these questions then you have an attack surface. The more of these questions that you can answer yes to then the bigger your attack surface is. In truth we all have an attack surface. What exactly does that mean?


What is Your Attack Surface?


Your attack surface is basically the entire area of your system and network. It includes apps, connected devices, social media accounts, and other digital spaces into which you have extended yourself. The bigger the attack surface the more potential attack vectors hackers have available to get into your system and network. An attack vector is a vulnerable point on the attack surface. In other words, your attack surface is the total digital area that you take up and your attack vectors are the vulnerable points in that area. The more things you connect, accounts you sign up for, applications you install, user accounts on your own systems that you create, and places in general that you place your personal data the bigger surface hackers have to work with to find vulnerable points that they can exploit to gain access.

What can you do to reduce the size of your attack surface and protect your files and personal information? Is just installing and layering more security applications enough? Not only is it not enough but it’s also not a good idea. Everything that you add will increase the size of your attack surface. Add to that running multiple antivirus programs at once will become counterproductive and will end up with them getting in each others way as they try to do their jobs. What can you do? First I’m going to share some ways to decrease your attack surface and protect your files and online accounts and then we are going to check out specific things you need to do after reading this blog post.


How Can You Reduce the Size of Your Attack Surface?


Attack surface reduction boils down to reducing the overall digital area that you take up. Yes there is some definite minimalism involved. After reducing the size of your attack surface the goal is making what is left more secure.


  • Don’t put your information on the internet if it doesn’t need to be there.
  • Minimalize your presence.
  • Minimalize your accounts.
  • Minimalize your apps.
  • Minimalize your connected devices.
  • Minimalize your operating system set up.
  • Eliminate unnecessary access to your operating system.
  • Eliminate unnecessary access to important files and folders.
  • Cleanup unnecessary files on your computer.
  • Follow best practices when it comes to passwords.
  • Use two factor authentication.
  • Use up to date antivirus.
  • Keep your operating system and apps up to date.
  • Keep your important data backed up.
  • Use a software and a hardware firewall.
  • Get a VPN.
  • In Windows 10 turn on Core Isolation.
  • In Windows 10 turn on Controlled Folder Access.


Practical Steps to Take Right Now to Reduce Your Attack Surface and Be Safer


Take a close look at the information that you have shared with your social media accounts, shopping accounts, and any other accounts that you have. Remove any information that isn’t necessary. I know this is a tedious one but it is important. The more information you have on the web the better chance it could be access by the wrong people or misused in some way. Do this in all accounts that you have shared your personal information on. Take the following steps with all of your accounts.


  1. Log into your account.
  2. Go into your account or profile settings.
  3. Remove any unnecessary information.


Close accounts that you created on the web once upon a time but no longer use. This can be a challenging one. Many of us have created what seems to be countless accounts on various websites over the years. For some of us there is no possible way to remember them all. Don’t stress about it. It is what it is. Take care of the ones you can remember and have access to. To find the ones you don’t remember run a search for your email address on Google. You might also find them in your inbox, spam folder, sent items, or deleted items. It is a good idea to close old accounts before they are compromised in a data breach. Some of them might already be compromised.


  1. Make a list of the old accounts you no longer use that you can remember.
  2. Search for ones you might have forgotten in your email,browser bookmarks, and saved passwords.
  3. Search for your email address on Google and see what comes up.
  4. Go to ‘;–have i been pwned?.
  5. Enter your email address and click “pwned”.
  6. Look at the results (if any) and make a list of accounts to either change the password for or to close.
  7. Change the password for any compromised accounts that you want to keep.
  8. For all accounts that you want to close you can find instructions on how at AccountKiller and JustDeleteMe.


Remove any apps that you no longer use. Do this on your PC, tablet, and phone. The more things you have installed the more potential vulnerabilities you have. On Windows I recommend using IObit Uninstaller or Revo Uninstaller. Either one will do a better job of completely removing software than the built-in uninstaller on Windows. Just look at the list of installed software and uninstall whatever is no longer useful to you.


If there are any devices connected to your network that you don’t really use disconnect them. Any device that is connected to your network could potentially be exploited to gain some level of access to it.


Remove any user accounts on your computer that aren’t being used. Though it is better for each user to either have their own or use the guest account rather than sharing accounts you should make sure that all unused accounts are removed.


  1. Click Start.
  2. Click the gear to open Settings.
  3. Click Accounts.
  4. Click Family & Other Users.
  5. Remove any unnecessary accounts.


Make sure any unnecessary sharing is turned off for any folders with important personal files in them. To check the sharing settings of a folder:


  1. Use File Explorer to navigate to the folder that you want to check.
  2. Right click on the folder.
  3. Click Properties.
  4. Click Sharing.


Clean up the files on your computer. It is common knowledge that allowing your system to become overrun with temp and junk files will eventually slow it down and eat up storage space. It can also lead to potential instability and security issues. The answer is to clean things up. The easiest way to do that is to use Storage Sense.


  1. Click Start.
  2. Click the gear to open Settings.
  3. Click System.
  4. Click Storage.
  5. Under Storage toggle the switch to the on position.
  6. Click Configure Storage Sense.
  7. Select how often that you want Windows to run Storage Sense. I have mine set to run every week.
  8. Make sure there is a checkmark beside Delete Temporary Files.
  9. Select your option for the Recycle Bin. I have mine set to delete files that have been there 30 days.
  10. Set your Downloads folder option according to your taste. I have mine set to Never. I do it this way so something that I have downloaded and want to keep won’t accidentally be deleted. I prefer to clean out the Downloads folder manually.
  11. Click Clean now.


Create strong passwords. This is both extremely important and something that most of us severely neglect.


  • A strong password shouldn’t be something someone can easily guess about you. That means the names of people that you care about, your birthday, your favorite color, and other things that are known to be significant to you are out.
  • It shouldn’t be something common like the ones on this list.
  • It should be at least 8 or more characters long. The longer the better.
  • Avoid reusing passwords. If you use one password for several logins and it is compromised then every account at all sites that you use that password for is compromised.
  • Avoid sharing passwords with others.
  • Avoid writing passwords down.
  • Use a mix of characters. That includes upper and lower case letters, numbers, and special characters.
  • Remember that a passphrase is much stronger than a password.


Make sure two factor authentication is turned on for your online accounts. Two factor authentication is exactly what it sounds like. It is adding a second layer of authentication. If you set up two factor authentication on an account then when you go to log into that account a code will be sent to your mobile device. You won’t be able to access your account without providing the code you just received. So even if someone steals your password they still wont get into your account without having access to your mobile device. I would recommend turning two factor authentication on for all of your accounts that you can. If you don’t want to go that far then at least set it up on your financial, shopping, and social media accounts.


Be sure that either Microsoft’s built-in antivirus in turned on or install a quality 3rd party antivirus. Keep the virus definitions up to date.


Keep Windows up to date. If you neglect updating Windows then security holes won’t be patched. That is dangerous. Besides addressing security vulnerabilities staying up to date also addresses system performance issues and sometimes installs new features.


  1. Click Start.
  2. Click the gear icon to open Settings.
  3. Click Update & Security.
  4. Click Check for Updates. If any updates are available click to install the updates.


Go through your installed applications and make sure they are the latest stable version available. This is important for the same reasons that it’s important to keep Windows up to date. For apps from the Microsoft Store:


  1. Open the Microsoft Store.
  2. Click to open the 3 dot menu in the upper right corner of the window.
  3. Click Downloads and Updates.
  4. Click Get updates.


Go into the app store on your mobile device and make sure your apps are up to date.


Make sure your mobile device’s system itself is up to date. It’s easy to do. In Android open Settings > tap System > tap Update Center > tap System Update > tap Check for update. On iOS open Settings > General > Software Update > Tap Install. The procedure to update your tablet should be similar. If you are running a different version of Android or iOS the procedure probably wont be that different. If you run into any problems go to Google or YouTube and you should be able to find the answer you are looking for.


Backup the files on your PC. Keeping backups of your files is the most important step you can take to make yourself more secure. If you have properly backed up your data then if the worst happens and you have to start over again you won’t have actually lost anything important. The key hear is redundancy. A good rule of thumb is to keep two backup copies of your data. A good example would be one copy of your data on an external hard drive and another copy in the cloud. Either way, if you keep two backup copies of your data then no matter what it will be safe.


Backup the files on your phone or tablet. On iOS you can back your data up to iCloud. On Android you can go into the settings and have Google back your data up to Google Drive. A good 3rd party backup app for Android is G Cloud.


Check and make sure Windows firewall is turned on. It should be on by default but it doesn’t hurt to make sure.


  1. Click Start.
  2. Click Settings.
  3. Click Update & Security.
  4. Click Windows Security.
  5. Click Firewall & Network Protection.
  6. In the window that opens make sire that it says the firewall is on.



Check and make sure the firewall on your router is turned on. Open your routers settings and look for the settings for your firewall. After you turn it on it will act as an extra layer of protection for your network.


Get a good VPN. I use NordVPN. The top VPN providers I recommend are NordVPN and Express VPN. There are other good ones out there too. You can find them with Google. A VPN hides your real location and encrypts your data. Using a VPN will help increase your security and privacy. A word of caution though, avoid free VPNs. I know, free is an attractive price tag. The problem with free in this case is that if they aren’t making money off of your subscription then they are making it selling your data. Another issue is that free VPNs can all too often prove themselves less reliable than their paid counterparts.


Turn on Core Isolation in Windows 10. What is Core Isolation? Basically it is an extra layer of protection against malware and hackers. With Core Isolation Windows creates a secure and isolated area of system memory. Then system processes and security software can run in this secure area. This protects the processes and security software from being tampered with. I advise turning it on but if you start running into incompatibility issues turn it back off.


  1. Click Start.
  2. Click Settings.
  3. Click Update & Security.
  4. Click Windows Security.
  5. Click Open Windows Security.
  6. Click Device Security.
  7. Click Core Isolation Details.
  8. Toggle Memory Integrity on.
  9. If User Account Control pops up click Yes to allow.


Turn on Controlled Folder Access in Windows 10. This protection is primarily to protect your system from ransomware. In the beginning you might need to train it a bit by giving apps permission to make system changes when they are blocked.


  1. Click Start.
  2. Click Settings.
  3. Click Update & Security.
  4. Click Virus & Threat Protection.
  5. Click Manage Ransomware Protection.
  6. Make sure Controlled Folder Access is toggled on.


Now you have an idea of what an attack surface is and what attack vectors are. If you took the steps listed above your attack area has been reduced and you are far more secure than you were before. In all honesty there is no way to use a computer or network without having an attack surface and where there is an attack surface there will always be attack vectors. But if you do what you can to stay secure you will be a step ahead of many of the other users out there.

Leave a Reply

Your email address will not be published. Required fields are marked *