It’s the holiday season, and that means an onslaught of bad actors trying to ensnare digital shoppers into their scams. Even Google had to publish a self-pat-on-the-back alert covering celebrity scams, fake invoice traps, and digital extortion. Of course, Big G took the opportunity to regale the virtues of Gmail’s anti-spam tricks.
The government, however, is dead serious about the threats, which extend well into the domain of intricate cyberattacks and telecom breaches targeting high-ranking officials and senior politicians. To that end, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines to protect smartphones.
Here’s the best part. You, the average smartphone user, can (and should) try to follow as many of these safety suggestions from the agency as possible. We’re talking about tips from the folks over at an agency overseen by the Department of Homeland Security (DHS), so you better pay some attention.
Messaging security tips
Let’s start with messaging. CISA’s first general advice for communications is to use end-to-end encrypted services. At this point in time, iPhone’s default iMessage pipeline and the RCS protocol championed by Google for its Messages app on Android are both end-to-end encrypted.
In case you live in a region where these two are not the norm, stick with platforms like WhatsApp or Signal. You can also enable end-to-end encrypted chats for Facebook, Instagram DMs, and Telegram, and we strongly advise that you go the extra mile here.
2FA and Passkeys
The next line of defense is enabling hardware-based or on-device authentication for identity verification. The ecosystem built around Google and Apple now offers Passkey support, and they are now tied to the respective Gmail and Apple ID, as well.
Go ahead and enable them if carrying a physical FIDO hardware key, like one from Yubico, sounds like too much of a hassle. Google’s Advanced Protection (APP) program and Apple solutions like Private Relay are a few other existing features that you should take advantage of.
Another crucial suggestion by CISA is that you should ditch SMS-based multi-factor authentication, as they are prone to various kinds of attacks. Instead, switch to authenticator apps. Authy is a great option, but if you want to remain within the software ecosystem, Google and Microsoft offer their own authenticator apps, too.
Use a password manager
If an authenticator app is not an option for your work or productivity flow, rely on a password management app instead of the inconvenient (and hack-prone) route of remembering a dozen passwords. We have a vetted list of the best password manager apps.
Google Password Manager is a great in-house option, and recently, Apple released its own fairly excellent Passwords app. There are a whole bunch of third-party options, too, such as LastPass and 1Password.
Of course, digital hygiene starts with a strong password. And no, we’re not talking about those perennially popular and easy-to-guess options like ABCD1234. Pick an alphanumeric mix and throw in a few symbols and upper/lower case letters, as well.
The value of a VPN
Moreover, if you live in a country where carrier accounts form the backbone of your cellular usage, set up a strong password for that SIM account. If you think snooping is a concern (which is a widespread grim reality), use a VPN for your internet surfing activities.
If possible, pay for one instead of going the free VPN route. Nothing good is free, and if it’s free, there’s a hidden cost to pay. In this case, it’s your digital identity and privacy. Don’t know where to start? Digital Trends experts rigorously tested the best VPN services for you to make an informed choice.
A few final security tips
Of course, safety starts at home. In this context, we’re talking about the computer that’s always on you — the humble smartphone. iPhones let you disable sending messages over the unsafe SMS protocol if data is not available. Go ahead and walk this path: Settings > Apps > Messages > Send as Text Message.
Next, head over to the Privacy & Security dashboard in the Settings app, review what permissions apps have been granted access to, and do some cleanup. Your designer calculator app shouldn’t know your location or have access to the onboard files. In this guide, we have detailed the steps to keep your app permissions in check for both Android and iOS.
If you sense malware activity on your iPhone, enable Lockdown Mode and reach a law enforcement authority. We have a detailed guide to help you with the pros and cons of this feature.
Google, on the other hand, offers a Security Checkup dashboard for all connected devices. I strongly suggest that you spend a few minutes flicking some toggles and clearing the security alerts in there.
There’s no way to 100% guarantee online/smartphone safety, but taking the time to follow a few tips can drastically reduce your risks. Be safe out there!
