Being the victim of phone hacking is a nightmare. The worst case of phone hacking is that the threat actor gains access to your online accounts, such as your social media, email, online shopping accounts, or worse, your banking information. This would force you to go through the headache of changing a ton of passwords, having to lock your credit, contacting your bank and online shopping vendors (Amazon, eBay, etc.), and trying to pinpoint everything else the hacker had access to.
It’s always better to be proactive instead of reactive. Don’t wait until you get hacked to care about your privacy and security. Take steps to protect yourself now.
Here are eight simple precautions you can take to remain safe and secure from would-be hackers.
Use a passcode lock or Face or Touch ID
When people think of getting hacked, the first thing that comes to mind is someone in a remote location executing a bunch of code to gain access to your device. This may sometimes be true, but the reality can sometimes be much more boring than that. Hacking simply means someone gains unauthorized access to data on your device. This means that if someone gets physical access to your phone and accesses your data without your consent, then by definition, you’ve been hacked.
Your mobile device’s first line of defense is your passcode lock or face or touch ID. While this technology isn’t 100 percent foolproof, having a password or other authentication measure enabled will certainly keep a large percentage of people out if they somehow get a hold of your phone. While it may seem like a minor inconvenience to add a lock on your phone, it’s nothing compared to the inconvenience of being hacked.
Frequently back up your phone
Keeping frequent backups of your phone is good for several reasons. Even if your phone doesn’t get lost or stolen, having a complete backup of your phone makes the transition to a new phone so much easier.
But, if your phone does get lost or stolen, you can wipe the data on that phone remotely while having the peace of mind that you still have access to all of your data. Remember, if you don’t have at least three copies of your data, then your data doesn’t really exist. Here’s how to back up your iPhone, and your Android phone.
Don’t store passwords (or other sensitive information) on your phone
In general, it’s best not to store passwords or other sensitive information, such as credit card details or personally identifying information, on your phone. If your phone gets hacked and the threat actor has access to that information, it will cause more than just a headache—it could completely destroy your credit and drain your bank account.
If you do want to store passwords on your phone, make sure you’re using a password manager. If you’re tight on cash, you can even get one for free. Password managers require a master password to access all of your account credentials, so create a strong master password and make it something you can remember. Most importantly, don’t store that master password on your phone.
Only download apps from an official app store
This mostly applies to Android users, as Apple’s app-vetting process is much stricter than Google’s. Additionally, you can download third-party apps with Android, allowing for the potential to download a malicious app.
Also, be mindful of what permissions you grant apps. Some apps request access to your camera, microphone, photos, etc. While some apps obviously have legit uses for this, it opens you up for fraud if you mindlessly give access to everything that just any app requests.
Keep your phone and apps updated
Foundry
While it can be easy to postpone updates, a lot of these updates provide critical security patches and/or enhancements. If there are known vulnerabilities in an OS or app, you can bet that threat actors are going to take advantage of them. Keeping your apps and phone systems up to date will keep you one step ahead of the would-be hackers.
Additionally, if you’re not actively using an app, it’s good practice to delete them.
Always use Two-Factor Authentication (2FA)
Two-Factor Authentication, also called 2FA, is an authentication method that enhances the security of your accounts. Instead of just requiring a password to get into your account, you’ll need to provide a secondary method of identity verification.
2FA comes in many forms, such as SMS, authenticator apps, Bluetooth, and even physical security keys. Each type of 2FA provides a varying level of security. Understanding the fundamentals will help you decide which method is best for your situation. When it comes to your phone, though, you really can’t beat a physical security key.
Use a VPN
When browsing the web on public Wi-Fi, always use a virtual private network (VPN). A VPN masks your IP and encrypts any data you send, making it difficult for threat actors to intercept or understand. This makes doing things like purchasing something online a bit more secure. But that just means they can’t access your personal information. Can they actually hack your phone if you’re not using a VPN? Yes.
Without a VPN, your IP address is out there in the open. One method of hacking, known as Remote Hacking, is when a threat actor gains access to your IP address and uses it as a backdoor into your smartphone (or any other device you may be using). With a VPN, you’re using the IP address of the VPN server you’re connected to instead of your device’s real IP address, protecting you from remote hacking.
Have a plan B if your phone gets stolen or hacked
In the unfortunate event that your phone does get hacked or stolen, it’s important to have a plan in place so that you can quickly neutralize any damage the hacker may be able to do to you.
First, don’t wait to learn how to remotely wipe your phone until your phone gets stolen. The quicker you wipe your information, the better. Once you’ve wiped the phone, it’s now time to locate it. You can use iPhone’s Find my iPhone or Google’s Android Device Manager to find your device even after you’ve wiped the phone or if it’s been factory reset by the thief/hacker.
The next thing you want to do is contact your local authorities to report the theft. Be thorough in your description to the police, and take note of any important information that you may later need to report to your insurance company of phone manufacturer, such as the officer assigned to your case, the case number, and so on. If your phone was hacked but you still have physical access to the phone, you can report the crime to the Internet Crime Complaint Center (IC3) if you’re US-based.
If you believe the hacker may have had access to your personal information, such as banking or credit card information, immediately contact your bank to freeze your account and all associated cards to prevent any unauthorized purchases. Also, freeze or lock your credit so that the threat actor can’t open any accounts in your name.
Lastly, take a deep breath. Everything is going to be ok.
[Further reading: What to do when your laptop is stolen (and how to prepare for it)]