Is your phone actually secure?

Emma McGowan 30 Dec 2021

Our phones are an extension of our brains these days. Don’t let just anyone in there.

Let’s start by taking a minute to think about all of the things we use our phones for. If you’re like most people, your phone is probably connected at a minimum to your email, your social media accounts, your browser, your photos, and your text messages. Depending on other factors, it might also be connected to online dating apps, personal messages between you and loved ones, other messaging apps, all of your contacts…. And those are just the things that spring immediately to mind.

With all of that very personal — and, oftentimes, professional — information stored on our phones, you’d think we’d be better about securing them. But the truth of the matter is, most of us aren’t. Whether it’s out of ignorance or not wanting to be inconvenienced, too many people are taking security shortcuts that open them up to theft or privacy invasions.

So even if you think your phone is totally secure, review this list of six ways you can make sure that’s true.

Make sure your phone is locked

Look, it’s tempting to leave a lock off your phone screen, especially when you consider the fact that many of us spend up to five hours per day on the phone. Entering that PIN or drawing that unlock pattern can seem like a hassle if you’re someone who checks back constantly on their phone.

However, a lock screen is your first line of defense for your phone. Think of it like the lock on your front door. Is it likely that someone is going to walk through and steal everything if you leave it open? No. Is it way more possible than if you just turned the lock? Yup. So why take the risk?

If you’re a heavy phone user, some phones have an option of leaving it unlocked when you’re inside your own house. But if you’re out and about, be sure to set a PIN (six digits should do — more than that is too hard to remember), design, or enable a biometric unlock, like your thumbprint or Face ID.

Set up multi-factor authentication

If you haven’t set up multi-factor authentication on every account that offers it, stop reading right now and go do it. multi-factor authentication requires a code sent to you — either via SMS, email, or an authenticator app — in addition to a password to access whatever program or account it’s protecting. 

While it’s a little bit less useful for phone security than it is for laptop or desktop security — because the messages are sent to your phone and if someone has your phone in their possession, they’ll get your messages — it’s still an important step to take to protect your data. Basically, as many steps as you can put between your data and an attacker, the better.

Get serious about encryption

Most of the popular smartphones come with built-in encryption — check out this comparison chart to see how different phones rank for a range of security concerns. But if you want to add another layer of encryption on top of what your phone offers, particularly for web traffic, it’s worth looking into a high quality Virtual Private Network (VPN). VPNs encrypt any communication between your phone and the network it’s connecting to, making them a great way to protect your data even when it’s not directly on your phone.

Only download from reliable sources

We know it’s tempting to download that sweet new game, but it’s worth it to do your due diligence before downloading anything – because it might come with more than you planned for. In fact, in summer 2021 Avast researchers started tracking a form of malware that targets “cracked” (read: illegal) games. Called Crackonosh, the malware silently included a Monero coinminer, which gave criminals the ability to use gamers’ systems to mine cryptocurrency.

Avast researchers also uncovered a malware called BloodyStealer that steals not only cookies, usernames, passwords, and financial information, but also steals game sessions. So: only download from trusted sources and do a little research. Remember: Anything you download from a sketchy source could potentially put spyware on your phone.

Think about app permissions

Apps need permission to do certain things in order to function, but some unscrupulous companies take advantage of app permissions to collect more information about you than they really need. Instead of automatically clicking “yes” on every app permission, take a minute to think whether or not they really need that thing in order to function. For example, Google Maps definitely needs to know your location, but does that brain game really need to access to your photos? Probably not.

Don’t click on links without confirming

Phishing schemes are on the rise, with a 20% increase in the risk of individuals being phished recorded from June to October 2021. Phishing utilizes social engineering to get people to either click on malicious links that install malware or to willingly hand over their personal information, like passwords and logins. 

One way cybercriminals get you is by sending links that look like they’re from someone you know, but really aren’t. Use your best judgment before clicking on links (on your phone or in your browser) without confirming first that they came from the person they say they’re from. Even if it looks like it’s from your boss or your spouse or your mom — just give them a quick call or ping them on another messaging service.

While these six things might seem like a hassle, it only takes a couple of days to get into new, more secure habits. And isn’t it worth it? Our phones are an extension of our brains these days. Don’t let just anyone in there.

--> -->