Are you worried about your phone getting hacked? You should be. In the cybersecurity arms race between defenders and attackers, the latter usually have the upper hand due to the large attack surface most devices have. What can you do to protect your privacy from hackers? The first step is to start following all the rules listed below.
1. Password-protect everything
It is hard to imagine a privacy-wary individual would allow easy access to any of their devices, communications, or documents. If anything gives you the option to protect it with a password, do it.
2. Use strong passwords
Keep in mind that the technology to brute-force or guess passwords has evolved dramatically in the past few years, so anything short of having unintelligible passwords is useless. Read more about how to come up with strong passwords here.
3. Do not use recognizable keystroke patterns
While we’re at strong passwords, let’s give an example of something that isn’t. Do you think “ygvuhbijn” is a strong password? No, it isn’t. Just look at your keyboard and you will find out why. A good cracking algorithm can do the same.
4. Do not put personal information in passwords
If you use social media, your birth date, the name of your dog, the sports team you support – all the information you share willingly – is very easy to obtain. Hackers can use it to design an attack on your profile. Using personal information in passwords makes them weaker.
5. Do not reuse passwords, ever
You might be tempted to come up with just one ridiculously strong password and use it for everything. Do not ever do that. Hackers would just love having to break one password instead of a dozen. It is something many people are prone to, though – and it is the main reason accounts get hacked in the first place.
6. Update your passwords
Another reason why attackers have a certain advantage against defenders in cybersecurity is that the latter are rarely proactive. The threat landscape is constantly evolving. You should keep pace. A five-character password might have been good enough a few years ago. Today, it is recommended to use at least nine-character ones.
7. Never store your passwords in plaintext
Ok, so you have dozens of super-complex passwords that you also update now and then. How do you make that work? The obvious solution is to write them down. But if you do it in plaintext, that would, again, be too easy for hackers. Use a password manager – an app that manages an encrypted library of credentials for multiple accounts. To decrypt the database, you need a password – and it is the one that you have to remember.
8. Do not share passwords with anyone
Not because a friend or co-worker is going to hack you. But because they might store it somewhere in plaintext – say, their Gmail – and it might be compromised when they get hacked.
9. Keep your security and privacy settings up to date
Speaking of the things social media can reveal about you, there is a way to manage that. Facebook, for example, gives you a lot of control over various privacy settings. You only have to invest time in managing them. And you should be careful not to miss an update, as these are rather regular.
10. Use two-factor authentication
No matter how good a password is, there is always an attack that can break it. You need to use a different method for authentication on top of passwords. For example, this could be a security code that gets sent to your phone very time you try to log into an account, or a security token.
11. Update your software regularly as well
Updates bring new features and fix bugs. The latter could be security vulnerabilities. This is why updating your apps is an important part of security.
12. Manage app permissions
Many apps ask for permissions that they don’t necessarily need to function properly. If they are outrageous – like a game asking to access your contacts – there might be something phishy about the app. Newer versions of Android let you manage the permissions every app uses and turn off those that worry you.
13. Be wary of third-party app stores
Speaking of weird apps, most of the ones designed for malicious purposes are sold at third-party app stores (not the licensed ones like the Apple App Store or Google Play). Users are usually lured in via phishing schemes to download malicious versions of legitimate apps. Better stay away from them.
14. Be careful what you click on
Besides leading you to shady stores, phishing can fool you to infect your device with viruses, Trojans, or even worse, ransomware. Do your best to avoid falling for such tricks. Always check the URL of a page before you fill any private information into it, as well as the URLs that links lead to.
15. Encrypt everything: devices, storage, communications
There are ways around authentication, and even cautious users are sometimes fooled. But there is a way to make all your data unreadable to unwelcome intruders – encrypting it. It is advised to use encryption for everything you can. You can encrypt your device, the files stored on it, browse the Internet only via HTTPS, and use apps that provide end-to-end encryption for your communications.