Is your phone secure?
Our phones are an extension of our brains these days. Don’t let just anyone in there. Let’s start by taking a minute to think about all of the things we use on our phones such as email, your bank apps. your social media accounts, your browser, your photos, and your text messages. Depending on other factors, it might also be connected to online dating apps, personal messages between you and loved ones, other messaging apps, all of your contacts…. And those are just the things that spring immediately to mind.
With all of that very personal — and, oftentimes, professional — information stored on our phones, one would think we would be more careful in securing them. But the truth of the matter is, most of us aren’t. Whether it’s out of ignorance or not wanting to be inconvenienced, too many people are taking security shortcuts that open them up to theft or privacy invasions.
So even if you think your phone is secure, review this list of six ways you can make sure that’s true.
1. Make sure your phone is locked: Look, it’s tempting to leave a lock off your phone screen, especially when you consider the fact that many of us spend up to five hours per day on the phone. Entering that PIN or drawing that unlock pattern can seem stressfull if you’re someone who checks back constantly on their phone.
However, a lock screen is your first line of defense for your phone. Think of it as the lock on your front door. It is more likely that someone is going to walk through and steal everything if you leave it open than when it is locked…So why take the risk?
If you’re a heavy phone user, some phones have an option of leaving it unlocked when you’re inside your own house. But if you’re out and about, be sure to set a PIN (six digits should do — more than that is too hard to remember), design, or enable a biometric unlock, like your thumbprint or Face ID.
2. Set up multi-factor authentication: If you haven’t set up multi-factor authentication on every account that offers it, stop reading right now and go do it. Multi-factor authentication requires a code sent to you— either via SMS, email, or an authenticator app — in addition to a password to access whatever program or account it’s protecting.
While it’s a little bit less useful for phone security than it is for laptop or desktop security — because the messages are sent to your phone and if someone has your phone in their possession, they’ll get your messages — it’s still an important step to take to protect your data. Basically, as many steps as you can put between your data and an attacker, the better.
3. Only download from reliable sources: We know it’s tempting to download that sweet new game, but it’s worth it to do your due diligence before downloading anything – because it might come with more than you planned for. In fact, in summer 2021 Avast researchers started tracking a form of malware that targets “cracked” (read: illegal) games. Called Crackonosh, the malware silently included a Monero coinminer, which gave criminals the ability to use gamers’ systems to mine cryptocurrency.
Avast researchers also uncovered a malware called BloodyStealer that steals not only cookies, usernames, passwords, and financial information, but also steals game sessions. So: only download from trusted sources and do a little research. Remember: Anything you download from a sketchy source could potentially put spyware on your phone.
4. Think about app permissions: Apps need permission to do certain things in order to function, but some unscrupulous Companies take advantage of app permissions to collect more information about you than they really need. Instead of automatically clicking “yes” on every app permission, take a minute to think whether or not they really need that thing to function. For example, Google Maps definitely needs to know your location, but does that puzzle game really need access to your photos? Probably not.
5. Don’t click on links without confirming: Phishing utilizes social engineering to get people to either click on malicious links that Install malware or to willingly hand over their personal information, like passwords and Logins. One way cybercriminals get you is by sending links that look like they’re from someone you know but are not. Use your best judgment before clicking on links (on your phone or in your browser) without confirming first that they came from the person they say they’re from. Even if it looks like it’s from your boss or your bank — just give them a quick to confirm.
While these six things might seem like a hassle, it only takes a couple of days to get into new, more secure habits. And isn’t it worth it? Our phones are an extension of our brains these days. Don’t let just anyone in there.