Businesses have come to rely on smartphones for a range of commercial operations: inventory control, customer relations, advertising and marketing, banking and more. There's nothing scarier than the thought of someone scouring your data — maybe even following your keystrokes — in an attempt to access company secrets and financial information, scam you or steal your identity. But you can avoid the intrusion of ransomware, extortionware, data-stealing trojans, spyware and other malware.
Here are a few simple ways to keep your smartphone data for your eyes only.
1. Update your OS and apps promptly.
Did your phone alert you that there is an OS or app update – and you ignored that notification? Software updates can sometimes seem disruptive, but they are critical in protecting your phone's security. Many hackers exploit vulnerabilities that companies strive to fix before the disaster of stolen information or fraud takes place. The longer you wait to update, the more vulnerable your system becomes.
2. Lock it up.
Sure, it's a lot easier to keep your phone unlocked all the time because you can get to your email, camera, texts and other features more quickly. But just think how you would feel if a stranger found your phone on a bus seat or in a coffee shop and could just tap on your email or contacts or banking app or photos.
To prevent that from happening, always engage the four- or six-digit passcode – or set up a longer alphanumeric code – so that if you ever lose track of your phone, it won't open your entire business to a stranger.
Touch ID or Face ID (depending on your handset) can get you into your iPhone without entering the password. Android users have a choice of setting up a PIN or a pattern screen lock. Also, be sure to password protect all mobile apps that contain personal data, such as banking, email and your Amazon account.
3. Plan ahead for emergencies.
Even if your phone gets lost or stolen, you can contain the damage by making sure none of your precious secrets can be accessed by thieves or strangers. Both Apple and Google offer Find Device services such as Find My iPhone and Android Device Manager that can locate your phone on a map and automatically disable it. These services can also make your phone ring, either alarming the thief or just locating a phone you have temporarily lost track of. You can even arrange for the phone to delete all information after five to 10 false passcode tries.
4. Strengthen permissions.
Check the apps on your phone to determine whether they have more privileges than they need to get the job done. You can grant apps permissions like access to the camera, the microphone, your contacts and your location. Keep track of which permissions you've given to which apps, and revoke permissions that are not needed.
For iPhones, go to Settings and tap on Privacy, where you'll see a list of all permissions and the apps you've granted them to. Android users can find app permissions in the Application Manager under Device > Application in some Android versions.
5. Avoid public Wi-Fi and disable Bluetooth.
Try to use only your private cell connection whenever possible and switch off Wi-Fi on your mobile phone whenever you are in a public place. And of course, do not sign on to unencrypted open networks. If that is not possible, consider using a VPN, but choose carefully, as all are not created equal. A VPN tunnels your network traffic through an encrypted connection to a server based in another location. Unless you are wearing a smartwatch that requires a Bluetooth connection for functionality, it's also a good idea to disable Bluetooth when you're out and about.
6. Use two-factor authentication wherever possible.
Two-factor authentication (2FA) is one of the least favorite security options around because you need to receive and type in an additional code beyond your password to get into your apps. However, it offers another solid barrier to access your private information.
If you use an iPhone, be sure to also enable 2FA on your Apple ID because your Apple ID hooks into all your devices and can access your iCloud account. That means entering a password plus a six-digit authorization code when logging in to a device from a new machine.
7. Ignore spam emails and texts.
Do not click on links in promotional emails or from anyone you don't know. Avoid suspicious links, password prompts and attachments. If you get an email from your bank or health insurance company, go directly to those websites in your browser, where you have to sign in with a password.
Bogus texts are another way hackers can get their hooks into a smartphone. Do not respond to texts from strangers, because when you click a link or respond to the message, hackers can install malware on your device.
8. Back up your data.
Bad stuff happens, but don't compound the problem by not being prepared. Always back up your data. This is general good practice and protects your important documents and images in case of any smartphone loss.
For an Android phone, make sure "Back up my data" and "Automatic restore" are enabled in the settings and then sync your data with Google. For an iPhone, choose your device in the settings and then back up to iCloud.
9. Use an antivirus app.
Hackers typically use malware to steal passwords and account information. There are plenty of smartphone antivirus apps — some of which are linked to companion desktop apps. These provide enhanced security by ensuring apps, PDFs, images and other files you download aren't infected with malware before you open them. Antivirus apps like Avast, McAfee and Panda can halt such threats.
10. Know where your apps come from.
Don't just download any app to your phone. While iPhones only run apps from Apple's App Store, which vets all apps sold for the platform, standards are not quite as high on Android. The Google Play Store has made progress in ensuring its apps aren't running malware, but the Android platform does allow installation from various, less regulated environments. The best way to avoid malware on Android is to stick with the Google Play Store unless you are sure you can trust an independent app from somewhere else.
