Seven ways to protect your mobile phone from hackers

Most of us are used to protecting our home computers with passwords, antivirus software and regular updates. But many people don’t realise that their smartphone or tablet is just as powerful - and just as attractive to cybercriminals and hackers.

Our phones carry some of our most personal information: messages, photos, financial apps, login details, and more. Keeping them secure is just as important as securing your computer or your wallet.

The good news? With a few simple habits, you can significantly reduce your risk.

Setting up a passcode, PIN or biometric authentication (like a fingerprint or facial recognition) is one of the quickest ways to protect your phone. Simple password patterns and birthdays are too easy to guess, so choose something strong and ensure your phone or tablet locks automatically after a few minutes.

Turn on Find my iPhone or Find your phone so you can track it if it gets lost or stolen.

Updates fix weaknesses that criminals exploit. Cybercriminals actively seek out devices running outdated software, and automatic updates are one of the strongest defences you can turn on. Switching on auto-updates for your operating system and your apps ensures you’re always protected with the latest security features.

MFA adds an extra layer of protection, which means even if someone steals your password, they can’t access your account. Adding an extra code, Face ID or authenticator application to protect you is one of the most effective ways to prevent unauthorised access, and it is strongly recommended for sensitive accounts, such as email, banking and super accounts. App-based or hardware-based MFA is recommended as it’s considered more secure than SMS.

There are several ways criminals could try to gain access to your mobile by offering convenient services. The Australian Cyber Security Centre recommends caution¹ when it comes to:

• Public Wi-Fi:  Connecting to public Wi-Fi and hotspots may allow attackers to intercept your private information, so avoid logging into sensitive accounts when using them. If you’re unsure whether a Wi-Fi network is legitimate, don’t connect. Instead, use your mobile data or wait until you’re on a trusted network.

• Public charging stations: USB ports in airports, cafés or shopping centres can be risky because they don’t just deliver power, they can also transfer data. Compromised public USB charging stations can expose you to malware – this is known as ‘juice jacking’. Using your own charger or a portable battery pack keeps you in control when you need to charge your phone on the go.

• Unintended Bluetooth connections: If your Bluetooth is always on and ‘discoverable', your device can become visible to others nearby. It’s considered good practice to limit unnecessary connectivity, so disable Bluetooth until you need it and avoid connections with unknown devices to reduce your risk of unexpected data access or malware. 

• QR codes: While legitimate QR codes can save you the trouble of typing a website address into your browser, cybercriminals can use them to take you to a harmful website, install a malicious app or connect you to an untrustworthy Wi-Fi network. Only scan QR codes located in prominent positions in a business.

Many smartphones include built-in protections, but additional security apps can offer extra feature such as malicious website blocking or scheduled scans. Antivirus software helps remove malware and should always be kept up to date.

Apps, websites and advertisers may track your activity, location or device information. While some of this is legitimate, choosing to minimise tracking can protect your privacy ². Learn more

It's worth reading privacy settings, restricting what data apps can access, using tracking blockers and disabling automatic image downloads in emails to minimise web tracking.

Only download apps from reputable companies and via official app stores. Beware of apps that require excessive permissions and remove old apps you no longer need.

Before selling, recycling or donating an old device, make sure your personal information is completely removed. Back up your data, sign out of all your accounts and perform a full factory reset.

These tips all strengthen your mobile security, but being alert to scams remains just as important when using your phone to monitor or manage your money. Remember:

Stop: Take a moment before clicking, tapping or responding

Check: Verify the message using official contact details. Don’t rely on links or numbers in the message itself.

Protect: If something feels wrong, don’t proceed. Change your passwords, contact your financial provider and report the scam.

Taking these steps and remembering that you’re just as vulnerable to cyber-crime on your mobile or tablet as on your computer may bolster your cyber security and help protect your personal information and money.