You wouldn’t hand a stranger your credit card, or wear a T-shirt printed with your social security number. But if you’re frivolous about your digital privacy, you might as well.

If you want to keep your data and identity safe online, you have to take an active role in protecting yourself and your devices, says Michael Kaiser, executive director of the non-profit National Cyber Security Alliance.

“Especially for younger people who may spend a lot of time online and on their devices in public places, there are steps they can take to keep what we call a ‘clean machine,’ or one that’s less vulnerable,” he says.

Here’s how.

Yes, installing updates is annoying. But many of those updates are patches or improvements to remove potential security threats, Kaiser says.

He recommends setting up your phone to auto-update, or to remind you whenever new versions or software become available. At a minimum, you should be checking for and installing new updates on a weekly basis, he says.

Also, go through your devices once every few months and uninstall anything you’re not actively using. Kaiser says each of these could be a point of entry for online creeps or data thieves, and they’re not worth keeping if you’re not using them.

Kaiser recommends installing security software on all your devices. Yes, that’s true even if you’re an Apple user. “As Apple’s market share has grown, more and more attacks are targeting their users,” he says.

While he won’t recommend specific products, Kaiser says security software for personal use is cheap—almost always under $50, depending on whether you opt for cloud backup and other options—and a great way to keep your data secure from both theft and viruses.

Also, don’t neglect to protect your phone. “There are many great security applications for the mobile environment tailored to iOS or Android,” he says. Do your homework, and download one stat.

Multi-factor authentication involves inputting more than just a username and password to access a secure site. For example, every time you login to your bank account, you might have your bank’s site text your phone a passcode.

“Most sites that involve a login page offer multi-factor authentication, and it keeps you two steps ahead of the bad guy,” Kaiser says.

It may seem a little onerous. But at a bare minimum, use it to protect your email accounts. “If someone has your email address, they can reset all your passwords,” he explains. “You need to do everything you can to keep your email secure.”

If you’re working at a coffee shop or using a bar’s Wi-Fi, you’re opening your device up to all sorts of threats. “Using that public network, someone could access your computer or see your keystrokes, which they could use to get your passwords,” Kaiser explains.

He recommends always using your cellular network or hotspots, which are “much, much more secure” than that Wi-Fi connection. “I understand people want to limit their data usage, but I’d argue it’s not worth the risk,” he says.

Most of the big email providers offer “encryption,” which protects your email information from prying eyes, Kaiser says.

But when you send sensitive information in an email, there’s no telling who the receiver may forward it on to. “You really don’t want important details about you floating around out there in the wild,” he says.

If you have to give someone your social security number, call him or her instead. Also, DropBox or other password-protected cloud-based sites are more secure options for passing on sensitive documents. They also allow you to delete your info or documents while restricting who can access them.

Broadcasting where you are—or where you aren’t, like when you travel away from home or work—may leave your apartment or office vulnerable. It may sound overly cautious, but it’s a good idea to tweet that pic you took at the ball game the next day, not right away, Kaiser says.

Also, revealing too much personal information on social may allow scammers to target you with cons that utilize stuff they learned about you from Facebook, he says.

Apart from keeping your private life private, be suspicious of any emails or contact from people you don’t know, as well as odd messages that don’t sound much like the sender. “There are lots of ways to steal your information, some of which are really hard to spot until it’s too late,” he adds.