Your smartphone is the key to not just your online life, but increasingly, almost every aspect of your everyday life.
You use it for communicating with friends and family, taking photos, sharing posts on social media, browsing the web, accessing your bank account, online shopping, streaming and much more.
That’s great, but it also means that your smartphone holds vast amounts of information about you — your private conversations, your passwords, your bank details, your browsing history.
Also: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed
And the security risks which potentially threaten your smartphone and accounts by criminals isn’t just limited to hackers; if your smartphone is lost or stolen, whoever ends up with it could easily take advantage of your info for their own gain.
Here’s five simple tips for keeping your smartphone secure – whether it’s straight out of the box, or a phone you’ve used for years.
Apply software updates and security patches
This one should be easy: when you buy a new smartphone, whether that’s an Android smartphone or an Apple iPhone, one of the very first things you should do when setting it up is download the latest update for the operating system.
Among the quality of life improvements, these software updates fix cybersecurity vulnerabilities which have been found in the operating system – so applying the updates is the best way to prevent cyber criminals from exploiting known security issues. In many cases, applying the update is easy, because the phone will issue you with a notification that it’s ready to install.
You should also keep your smartphone apps up to date with the latest security updates because, as with the phone itself, using the latest version of the app can go a long way to keeping that application, the account tied to it and your device secure from unwanted issues.
Be aware, though, that if your smartphone model is more than a few years old, it’s possible the manufacturer could cease supplying security updates. While smartphone makers are getting better at providing updates for longer, you may find that updates for some phones may cease after only a couple of years. That’s where things get more complicated: while the hardware may still be absolutely fine, the operating system on your phone could be out of date, putting your data at risk. That might mean it’s time for an upgrade.
Secure your phone with a password, PIN code or biometric security features
You use a password to keep your email account secure and you use a PIN or a password to keep your online banking information secure. So, when it comes to using a password or another method of identity verification to secure our smartphones, it should be second nature.
But many of us still don’t use even the most basic protection to help keep our smartphones, and the data they contain, safe.
Sure, it’s convenient to pick up your phone and start using it immediately without having to enter a password or enter a PIN – but that also means that anyone else who ends up with your phone in their hands can see what’s on your phone too.
You may think you don’t need to worry about friends seeing what’s on your phone, but what if your phone gets lost? Without a PIN or password, anyone who finds it can access all your data – there’s a small chance they’ll use that for good and return your phone to you, but unfortunately that’s unlikely.
If your phone gets outright stolen from you and your phone isn’t locked with a verification method, then not only have you lost your phone, it’s likely you’ve lost personal data from your accounts too, as criminals look to profit any way they can from stolen devices.
All this means that one of the key things you can do to help protect your phone is secure it with a password, PIN, or biometric verification, all of which can help keep intruders away from your personal data if your phone ends up in the wrong hands.
And when it comes to passwords, you should be mindful of ensuring that any applications which you use to access sensitive information are secured with unique passwords. And that those passwords are not the same as the one which locks your phone.
Use multi-factor authentication wherever you can
While passwords are useful for keeping your accounts secure – using one is better than not using one, after all – passwords are one of the most sought-after pieces of information by cyber criminals.
With someone’s account password, attackers can use the account as though they were the actual user – so they can send messages to your friends and comb through your social media profiles, documents and photos for sensitive personal data, including your bank details, if they’re saved in apps.
If your password is considered weak, it’s possible that hackers could simply guess it, or use a brute force attack to crack the password. Even if your password is strong, there’s the possibility it could get leaked via a phishing attack — either one targeting you specifically, or the company running the account.
That’s why you should secure the accounts you use on your smartphone with multi-factor authentication (MFA), so if somehow your password gets phished, it isn’t possible for the attacker to directly access your account, because you’ll get an alert asking if it was you who accessed it.
If it wasn’t you, login and change your password immediately – and be sure to force a logout of any other active sessions, which you can do from your browser.
Also: How to find and remove spyware from your phone
If you’re extra security-conscious, using a physical security key is the best way to secure your phone. This form of multi-factor authentication requires the attacker to be physically holding a security key to access your accounts, which unless they’ve managed to steal it directly from you, isn’t something they’ll have.
If you’re using an iPhone running iOS 16.3 or later, you can use Security Keys for Apple ID, which allows you to use a hardware key as an extra layer of authentication. Security Keys for Apple ID is, as stated, tied to your Apple ID and requires your username and password, as well as the hardware key to access your account or device.
You need the key your possession to access your account, something that prevents attackers from remotely stealing MFA access codes sent using an app or SMS.
But while MFA provides an excellent added layer of defence for your smartphone and accounts, it’s worth remembering that it still isn’t completely infallible.
Only download applications and updates from trusted sources
No matter what sort of smartphone you own, you’ll likely want to download some applications – social media, fitness trackers, route planners and much more. If you own an iPhone, the best place to download apps is the Apple App Store, while if you own an Android phone, it’s the Google Play Store.
While many apps are free, others you need to pay for or subscribe to. Some people might be tempted to see if it’s possible to download them for free from elsewhere, by doing a quick search online for a free version of the app in question.
This is not a good idea: any ‘free’ versions of these applications won’t come from the official store, but a third-party site, which could put you at risk of a security breach.
Scammers and cyber criminals know that people want cheap or free versions of many popular applications. Fraudsters will promote websites they own in search, and it’s even been known for crooks to buy adverts to promote their malicious sites — something known as ‘malvertising’.
The false site might look nearly identical to the real thing, while offering the possibility to download the application you’re looking for.
However, these third-party download sites are risky. In many cases the the application that you think you’ve downloaded for free won’t work in the way it’s intended; worse, it could just be a way to trick you into downloading malware or entering your username and password for crooks to steal.
Either way, downloading applications from untrusted, risky sources could leave you vulnerable to hackers.
Another common method false downloads are distributed is via phishing emails, which warn there’s an issue with a commonly used application, or that a subscription is about to run out – and that you should download the update at once.
Legitimate applications will almost never ask you to download an update via email – this is just another method used by scammers to trick you into downloading a malicious payload. When your applications do need updating, these downloads will be pushed by your app store and come directly from the developer themselves. You’ll either get a pop up, or you can check the status of your apps in your phone settings.
It’s also worth noting that while official app stores are safer than third party sites, it’s not unknown for malicious apps to bypass application store protections and be available to download from legitimate sources.
Because of this, you should be mindful of what you download. Check which permissions the app wants: if it wants full control of your phone but the app is only for one specific purpose, that could be a warning sign. It’s also useful to check the reviews, which could provide a warning that something is off with the app.
Be careful about of what wireless networks you connect to — and consider a VPN
Phone contracts can offer you copious amounts of 4G or 5G data to help you use apps, browse the web, stream music and videos and more. But somehow, it never seems to be enough, or maybe you just want to save your phone data – so why not connect to a public Wi-Fi-network?
While many free wireless hotspots are legitimate, they’re not devoid of privacy risks. The nature of public Wi-Fi networks means they’re open for anybody to use – and data being transferred isn’t as secure as it would be on your home or corporate network.
It’s also not impossible that scammers will have set up their own free Wi-Fi networks in busy locations, allowing people to connect, then snooping on the data being transferred, putting your login names, passwords, bank details and other personal information at risk.
There’s nothing inherently wrong with connecting to public Wi-Fi, but it’s worth being mindful of the risks when you do. For example, how do you know it’s a legitimate wireless network? If you’re in a coffee shop, airport or another public space offering free Wi-Fi, it’s likely the connection details will be on display somewhere, giving you the name of the legitimate network to connect to. Think whether you really need to log onto your bank account at this time — perhaps you could wait until you get home?
It’s also worth being cautious about what information you enter on public Wi-Fi networks: if possible, avoid entering passwords or payment information. If you’re not entering it into the network, then that information won’t run the risk of getting leaked. This is the point where you might want to consider using a mobile VPN, which can do a better job of protecting the data you’re sending while keeping your web usage more private.
MORE ON CYBERSECURITY