Learn why your devices play a key role in protecting your data
Based on the other articles in this guide, you might think that all of the protection you need is in software code and in the “cloud”. That isn't true though! Protecting yourself online also has a physical component. Your accounts can have a secure password, two factor authentication, and all the other advanced protection in the world, but if the devices you use to access those accounts (phone, tablet, laptop, desktop, etc) aren't secure, then you're still exposed!
Lock Screens & SIM PINs
We understand that you want your devices to be as accessible as possible. Needing to enter a passcode or needing to scan your finger or face to unlock your screen is a drag, but these measures are also a hindrance to a cybercriminal who steals your device or finds it if you lose it! Think about all of the apps someone could access if they had your phone. Your email, online shopping, social media, documents/notes, and more are likely all accessible without an additional password.
The proliferation of lock screens and some of the other security measures in this guide have led cybercriminals to get creative. If one has access to enough of your personal information (e.g. through a data breach), they might be able to impersonate you on a support call with your phone carrier (e.g. Verizon or AT&T) and convince them that you got a new phone and SIM card. This would allow them to receive a two factor authentication text on their phone instead of your phone! To protect yourself from this sort of attack, we recommend setting up a SIM pin. If a cybercriminal doesn’t know it, your phone carrier would deny their request. Heads up that you’ll be asked to enter this SIM pin any time you restart your phone.
Installing Updates
You know those annoying prompts and reminders on your devices, apps, and programs asking you to install updates? You might hesitate to authorize these updates because sometimes they contain changes to the user interface or contain new features that you’ll need to learn. Primarily though, these updates are security updates! Just look at how frequently a company like Apple has to update their software to fix security issues! In many cases, Apple is able to push the update and give you time to install it before a cybercriminal could ever know to take advantage of it, but in other cases the updates are in response to security issues that cybercriminals are already taking advantage of. Either way, the longer you wait to install them, the more at risk you become!
Apple and other device manufacturers such as Amazon, Google, Samsung, HP, Dell, FitBit, keep extensive lists of the products they don't support anymore. You might mainly think of "not supported" as meaning the device cannot be fixed anymore if it breaks, but it also means that the device stops receiving security updates. You may still proudly use your old iPhone 6, but it and all earlier iPhone models don’t support iOS 15, which addressed many security vulnerabilities. And iOS 15 is already at version 15.5! Four of the updates between 15 and 15.5 had additional security fixes. Every day, your device becomes more likely to no longer be on the receiving end of new security updates. Is this finally convincing you to upgrade from you old device? If so, here are some tips from the FTC on steps to take turning off your old phone for good!
WiFi & Virtual Private Networks (VPNs)
The internet is all about connections. The more connections a device can make the more useful it is. Let's take your phone as an example. By connecting to WiFi, you can stream a movie or TV show. By connecting to Bluetooth, you can listen to music through wireless headphones or wireless speakers. By connecting to near-field communication (NFC), you can make a contactless payment (e.g. Apple Pay) at a retailer. By connecting to GPS, you can see where you are and get directions.
These connections bring you value, but they also represent vulnerabilities. The more you have open, the more vulnerable you are. Most of them are extremely safe though! For example, by connecting to your home WiFi, your home wireless speaker, or your car, you're making connections to systems that only you and people you trust also have access to (P.S. just like any other account, your home WiFi password should be strong!).
Now think of the public WiFi you might access at cafes, airports, and hotels. You can't be sure how secure those connections are and there could be thousands of other devices connected at the same time, some of which could be nefariously monitoring the activity and data coming through your device. The FTC has a good list of public WiFi do's and don'ts, but if you commonly need to access important data/accounts on public WiFi, we recommend using a virtual private network (VPN). A VPN masks and encrypts your data before it reaches a public network. NordVPN is one of the most popular, and also comes with other benefits - such as additional layers of privacy from internet service providers (like Comcast, Verizon, and AT&T) and unrestricted access to content that might be blocked when traveling outside of your home country.
We recommend leaving WiFi and Bluetooth off when you're not using them so that you don't inadvertently make any unsafe connections. Many devices are good about making you confirm new WiFi and Bluetooth connections, but it's better to be safe than sorry. NFC isn't normally as easy to switch on and off, but apps that use normally comes with robust security features that keep you safe while it's always on.