Most people install security tools like antivirus software, VPNs, and other security-focused apps whenever they want to improve the security of their devices and data. However, the harsh truth is that these apps are nearly useless if you don’t adopt security best practices when using your device.
Modern operating systems—such as macOS, Windows, Android, and iOS come with built-in security features that provide ample protection without the need for third-party tools. This means your best defense, both online and offline, is practicing safe and cautious behavior while using your devices.
In this article, I will walk you through the key behavior changes that can help you strengthen the security of your devices and data.
Essential Security Habits That Matter More Than Any App
Here are some essential habits you must adopt to enhance your device’s security:
Keep Your Software and OS Updated
Every operating system and most applications have security vulnerabilities that hackers try to exploit. That is why software developers regularly release updates to fix these weaknesses. If you don’t update your system, you leave known vulnerabilities open for attackers to use against you.
Many ransomware attacks exploit outdated software. For example, the infamous WannaCry ransomware attack in 2017 spread because victims had not installed a Windows security patch that had been available for months.
Use Strong, Unique Passwords and Enable 2FA
Hackers use brute force attacks and leaked databases to crack weak passwords. Common passwords like “123456” or “password” make it easy for attackers to access your accounts. Another bad practice that you must change is reusing passwords across multiple accounts.
For the best security, I recommend using a password manager to generate unique passwords for each account, eliminating the need to remember them. In addition to a strong password, use Two-Factor Authentication (2FA) to add another layer of security by requiring a second verification step.
Be Wary of Phishing and Suspicious Links
Simply put, phishing is when cybercriminals trick you into revealing sensitive information by pretending to be a trusted source. If you didn’t know, more than 90% of cyberattacks start with phishing. Most phishing links are sent via email, SMS, and sometimes mainstream social media.
When clicked, these links usually redirect users to a malicious website with login forms and other input sections that trigger users into revealing their personal information. A hacker creates a page that looks like your social media login page to steal your credentials.
How to Spot Phishing Messages
- Look for unusual sender addresses: Legitimate brands won’t email you from random Gmail accounts. They normally use custom emails that match their domain names.
- Check URLs before entering login credentials: Phishing sites often have slight misspellings in their URLs (e.g., “facebo0k.com” instead of “facebook.com”).
- Urgency to Take Action: Most phishing messages create a sense of urgency, warning you that if you don’t change your password, your account will be blocked.
If you notice any unusual signs in a message or email, be sure to double-check the sender before clicking any links. Even if the link is from a contact you know, it’s best not to click immediately. Consider verifying with them through another channel, as their account might be compromised.
Limit App Permissions and Data Sharing
Many apps request access to sensitive data they don’t need. For example, a flashlight app asking for access to your contacts and microphone is suspicious. When installing apps, ensure you don’t permit them to access your data without first verifying the purpose for which it will be used.
If you are uncertain, select the “Ask Every Time” option, especially for sensitive permissions such as microphone, photos, and location access. Occasionally, you should also review your app permissions in your device’s settings.
Avoid Public Wi-Fi
Public Wi-Fi in places like coffee shops and airports is highly insecure because hackers can intercept your internet traffic and steal your login details once they gain access to the same network (which is quite easy).
Some attackers even create fake Wi-Fi networks that appear legitimate but are designed to spy on you. Instead of using these insecure networks, stick to using mobile data and use your device to create a hotspot for your other devices that may not have built-in cellular service.
If you must use public Wi-Fi, avoid logging into sensitive accounts (like banking apps) unless you’re using a reliable VPN.
Install Software from Official Sources
While it can sometimes be useful, especially for apps that are not available on the official app stores, it carries major security risks. Unverified apps may contain malware or spyware. Sideloading also disables the option of getting automatic updates.
Best Practices for Installing Software
- Stick to official app stores: Apple, Google, and Microsoft have security checks for listed apps.
- Stick to Trust Developers: If you must sideload, you should only download apps from trusted developers’ websites.
Bonus Security Tips
- Turn off Bluetooth and Wi-Fi when not in use
- Don’t share too much personal information online. You may also consider setting your social media profiles like Instagram to private to restrict who can see your posts.
- Avoid charging your device using unknown public USB outlets.
- Consider using a Privacy-Focused Browser like Brave or Firefox.