With so many scary headlines about data breaches and ID theft hitting the news cycle, you've probably loaded your home computer with antivirus software, installed a firewall and created strong password protection.
Yet odds are you haven’t given much thought to how secure your smartphone is.
Unfortunately, criminals have — and they just might take advantage of your vulnerability. Smartphone malware infections surged 96% from 2015 to 2016 alone, according to the Nokia Threat Intelligence Report; and 71% of phones have no security features to defend against this data-stealing software, according to a survey by Alcatel-Lucent Motive.
“Our mobile devices are small digital assistants that carry as much — if not more — very personal information as our desktop or laptop,” says personal security expert Robert Siciliano, CEO of IDTheftSecurity. “A lost, stolen or hacked phone provides an efficient way for a thief to steal your identity or drain your bank account.”
Want to protect yourself? These seven smartphone security precautions can help keep your private data out of the hands of hackers.
1. Update Your Operating System
You know those annoying banners that pop up on your screen letting you know that there’s an operating system update you should download? Don’t put it off. These updates typically include fixes for security issues found in the old operating system, says Siciliano. The longer you wait, the longer you’ll be hacker bait.
2. Clean Up Your Apps
Maybe you're addicted to Snapchat, Pokemon GO or Instagram — we all have our favorite apps. Yet many phone apps are fertile ground for infection. “If hackers find a security hole in an app, they can exploit it to access your personal data,” says Michael Kaiser, executive director of the National Cyber Security Alliance. “There’s no way to know what kind of information is being collected about you and where it’s being distributed.”
On a regular basis, do a KonMari to your phone and delete apps you no longer use. The danger is that outdated versions could be running in the background of your phone, exposing you without you realizing it.
Next, make sure your phone automatically updates your remaining apps, since most updates include security fixes. It's simple: On an iPhone, go into Settings, scroll to “iTunes & App Store,” and check that “Updates” is selected for Automatic Downloads. For Android, open “Settings” in the menu section of the Play Store app to verify that you have the “Auto-update apps” feature turned on.
Remember to log out of apps that contain sensitive info when you’re done using them. Finally, download apps only from iTunes or Google Play, which should help ensure that they’re legitimate.
3. Lock It Up
Not locking your phone is like leaving the door wide open to hackers. So make sure your auto-lock function activates after a short period of inactivity, say one minute, and create a powerful password.
“Set up both a biometric security measure, meaning a finger tap or swipe, as well as a passcode,” Kaiser says. “If your phone offers you the option of a 6-digit password over a 4-digit one, opt for that. The longer it is, the stronger it is.” Avoid obvious configurations like 0000, 1234 or your birthday in favor of a custom alphanumeric code that’s harder to crack.
And of course, all apps containing personal data, whether it relates to banking, email, or just your Amazon account, should also be password-protected.
4. Beware of Public Wi-Fi
Free public Wi-Fi sounds awesome in theory — after all, it reduces the burden on your data plan. But tapping into a network that's not secure makes it ridiculously easy for hackers to intercept and capture your info.
While it’s usually not too bad to use public Wi-Fi for web searches, Netflix and the news, avoid entering in any passwords or personal deets, like your credit card number. “If you do have to access your email or make a purchase, switch over to your cellphone’s data plan connection, which is much more private,” Kaiser says. For the same reason, turn off your Bluetooth whenever you’re not actively using it.
One way to help protect yourself is by using a virtual private network (VPN), which is software that encrypts your wireless session across a public network. Some devices (like a company-issued phone) come with a built-in VPN; you can check your status under general settings. Otherwise you can buy one via the app store for about $5 to $10 a month. “Some people use VPN for all of their wireless access, even in their home,” Kaiser says. “It’s safer than just a secure Wi-Fi network with a password.”
You don’t necessarily have to go that far, but make VPN use a habit when you’re accessing sensitive material no matter where you are, especially if you live in an apartment building or densely populated area.
5. Steer Clear of Smishing
Never heard this term before? Here’s where it comes from: The most effective way for thieves to hack a smartphone is by sending a fishy SMS, aka smishing. Once the user clicks a link in the text or responds to the message, cyber criminals can install malware on your device that pillages your data.
Android phones are particularly vulnerable. “They’re susceptible to tens of thousands of viruses and growing every day, and require an antivirus the same way a PC does,” Siciliano says. “Even if you don’t have a droid, consider adding a security package," advises Kaiser. Some network providers may even add an extra layer of security; check to see what safety measures yours takes.
6. Wipe Clean a Lost or Stolen Phone
Not only is losing your cell a huge inconvenience that can set you back hundreds of bucks, it can also leave you open to attack if you haven’t secured your device. To protect yourself, activate the “Find My iPhone” or “Android Device Manager” app, which allows you to track your phone's location and remotely delete all the data.
If you sell your old phone, be sure to reset it to factory settings and remove your SIM card and additional storage cards. Give the phone a thorough sweep to make sure none of your personal info is lingering.
7. Be Careful Giving Out Your Digits
You wouldn’t pass out your number to any random person who asks for it, right? So be picky about offering it when you’re prompted to online — like before signing up for a website or making a purchase. The more frequently you put it out there, the more at risk it puts you for smishing attacks and SIM swap scams (when hackers use a hijacked number to access accounts that use two-factor authentication through text messaging).
“Consider using Google Voice if you need the company to contact you by phone,” Siciliano says. Apps like Sideline, Line2 and Hushed allow you to add a second line to your mobile phone.