1) The Lock-screen should… Lock

It may sound silly, but many people seem to have lost sight of just why you have a lock-screen on your smartphone in the first place. It is meant to prevent anyone other than you from unlocking your device. Protection options ranked from best to worst:

  1. Fingerprint: The best example of low likelihood of being compromised with ease of entry. A fingerprint scan takes less time to enter than a password or a pin, while being a highly complex unique identifier.
  2. Password: Typically longer and more complex than a pin. The downside is that because it is the most complex, it takes the longest to enter.
  3. Pin: Possibly the most popular method, and for good reason. A 4 or 6 digit pin is pretty easy for most people to remember, doesn’t take long to enter, and is reasonably unlikely to be guessed.
  4. Pattern: Simple, but fairly easy to crack. From the grease trail left on the screen it can be easy for someone to work out. There also are fewer variables than most other protection methods.
  5. Face Detection: To say it is flawed is an understatement. This method can be fooled by using a photograph of you, can incorrectly identify someone who looks similar to you (like a family member), or just otherwise fail to recognize that it is someone other than you.

Pick the solution which best fits the way you use your device. The goal is to find the balance between convenience and security. If the method is too much of a hassle, you will end up turning it off. A good solution is one that works for you without you even having to think about it.

2) Update Everything

In software, the most recent version of an app is almost always the most secure version. Each version plugs vulnerabilities along with new features. The longer you continue to use an out-of-date version, the more likely you are to have a problem. You can set your Android or iOS device to automatically update apps as soon as new versions are available.

It is also critical to keep the Operating System (OS) up-to-date. Many people postpone the updates because they can be time consuming and a hassle. The downloads are large and sometimes require you to make space on the device. It is worth the time and effort because those updates are packed with security enhancements. Look for notifications about Android or iOS and make sure to upgrade as soon as possible.

3) Remove Unused Apps

On any computer, it is a good idea to keep only the applications you are going to use. Unused apps aren’t just taking up space, but typically on smartphones they have permissions to access your data. Some apps can backup photos, access your contacts, or track your location. These permissions are unfortunately the cost of doing business when it comes to smartphone ownership, however you should take whatever steps you can to limit just how many apps are using your private information. The fewer, the better.

4) Turn On “Find My Phone”

If your smartphone goes missing, you need to be able to locate it remotely and then be able to wipe the device if needed to protect your private data. Both Apple and Google offer services to help:

Find My iPhone | Android Device Manager

Make sure that these services are set-up and you understand how to use them before you ever have to.

5) Turn Off Unused Radios

Bluetooth, NFC, WiFi, etc. should all be turned off unless you are connecting them to something. An open, unconnected radio is an invitation to an attacker, especially in public places like coffee shops, parks, and airports. This will save your battery while protecting you from being unnecessarily vulnerable.

6) Don’t Use Public Hotspots

The WiFi at a hotel, coffee shop, or public library isn’t the same as what you’ve got at home; the risks are different. Public WiFi often has poor security in order to make it easy for guests to access. These locations are desirable for attackers because they can often find ways to watch the traffic across the network and see personal data. Other WiFi hotspots aren’t controlled by the venue at all, and are put up by attackers for the purpose of capturing traffic.

7) Beware of Shady SMS Text Messages

Bank of America Phishing SMS
Source: Malwarebytes

Would you click on that link? Unfortunately, many people do. Phishing attacks aren’t just limited to email anymore. Attackers send these kinds of texts to fool people into visiting sites which appear to look like the real version you are familiar with, but will capture your account information when you try to log in. A simple rule is not to follow links from text messages, especially when they are unsolicited or come from unknown numbers. If you are worried about your account’s security, then avoid taking the link, and go to that company’s website directly to see if there is a notification from them. Legitimate warnings will be visible in places other than a text message.