Create a Personal Threat Model
A practical guide to identifying your real digital risks and making protection choices that fit your life.
There is no one perfect privacy or security setup for everyone.
We use technology differently, live in different circumstances, and carry different kinds of risk. That is why it helps to create a personal threat model.
If the idea is new to you, start with Understanding Your Personal Threat Model. This guide focuses on the practical side: how to think through your own situation and make choices that fit your life.
What is a threat model?
A threat model is a simple way to think through three questions:
- What do you want to protect?
- Who or what are you protecting it from?
- How much effort are you realistically willing to put into protection?
The point is not to defend yourself from every possible danger. The point is to focus on the risks that are most likely or most harmful in your actual life.
How to create your own
A personal threat model helps you move from vague anxiety to clearer priorities. Instead of reacting to every scary headline or trying random security tools, you can focus your time where it will help most.
Step 1: Decide what you want to protect
Start by listing the things that matter most in your digital life:
- accounts like email, banking, work, or social media
- personal information like your Social Security number, medical records, or home address
- photos, documents, and private messages
- devices like your phone, laptop, or tablet
Focus first on what would hurt the most if it were stolen, exposed, or lost.
Step 2: Decide who or what you are protecting it from
Different people face different threats. You might be most concerned about:
- scammers or hackers looking for easy targets
- companies collecting more data than you want to share
- someone you know, like an ex-partner or controlling family member
- employers, schools, or institutions with access to your devices or accounts
- government surveillance, depending on your work or location
You do not need to prepare for all of these at once. Pick the ones that are most relevant.
Step 3: Think about the likely impact
Not every risk deserves the same amount of attention.
Ask yourself:
- Would this be annoying, stressful, or life-disrupting?
- Could it affect money, reputation, housing, work, or physical safety?
- Is this something that would be hard to recover from?
This is what helps you set priorities.
Step 4: Be honest about effort and capacity
Security always involves tradeoffs. The more protection you add, the more friction you may feel.
Ask yourself:
- Am I willing to use two-factor authentication?
- Can I use a password manager consistently?
- Will I keep backups of important files?
- Am I choosing tools I will actually stick with?
Small, sustainable habits are more useful than perfect plans you will never follow.
Write it down
Create a simple note, table, or worksheet that connects:
- the thing you want to protect
- the threat you are most worried about
- how likely that threat feels
- what the impact would be
- what protection step you want to take next
You can do this in a document, on paper, or in a notes app. It does not have to be formal to be useful.
Put it into practice
Once you have your notes, choose one or two actions that match your priorities.
That might mean:
- turning on two-factor authentication for your email
- moving to a password manager
- using Signal for more private conversations
- tightening social media privacy settings
- backing up important files
Start with the high-impact, high-likelihood risks first.
Then revisit your threat model from time to time, especially after major life changes, new work, travel, conflict, or changes in your digital habits.
Final thought
Building a personal threat model is not about paranoia. It is about clarity.
When you know what matters most, what risks are real, and what habits you can actually maintain, your privacy and security choices become much more manageable.
Start small, stay honest, and build from there.