Content written for

Individuals & families
Small & medium business


There are a lot of things to think about when it comes to the use of personal devices (e.g. smartphones, tablets, computers and laptops). For example, compromises of personal devices and the information they store can have significant productivity, financial and emotional impacts.

This publication has been written to provide security tips to secure personal devices and protect your information.

Use legitimate software and keep it up to date

It is important that personal devices are configured to automatically apply updates for applications and operating systems as vendors regularly release updates to resolve security problems. Further, new versions of applications and operating systems often include additional security features to make it more difficult for personal devices to be compromised.

When purchasing new personal devices, consideration should be given to selecting devices that are supported by vendors with a proven track record of providing timely updates. Further, when operating systems are not supported by vendors you will no longer be able to receive updates, and consideration should be given to changing to devices which are supported.

Finally, you should always use legitimate applications that you have purchased from a physical store, a trusted app store or downloaded from a reputable vendor’s website. If you use pirated applications, or untrusted app stores, personal devices may become compromised or will not be supported by vendors with updates. Additionally, care should be taken to avoid applications that ask for excessive or suspicious permissions.

Monitor your online presence

Check your privacy settings on social media platforms to make sure you know who can see your information. Privacy settings sometimes change after functionality is added to social media platforms so it is important to check them regularly.

It is best not to put personal details online. Also, consider checking the information that others put online about you. While some information might not seem important, many pieces of information can be put together to form a picture about you. Never assume that anything you do or post online will remain secret.

Many high profile websites have been compromised resulting in the release of highly sensitive information about their users. If your personal information is accessible online it can be used against you. This could range from something as simple as sending you spam emails to something as serious as accessing your accounts and stealing or deleting all your information, or even identity theft.

Keep your online activity private

As we have moved to conducting more of our lives online, businesses have also developed technologies to improve their understanding of their customers when they are interacting online. These technologies, such as cookies, tracking pixels and social media icons, can be used to collect information about you and your preferences. This can include your location, device details, which advertisements you click, what products you purchase and what emails you read. These technologies are largely used legitimately by businesses to improve their marketing campaigns, service delivery and your online shopping experiences.

Many social media platforms, webpages, emails and mobile apps use these technologies and they can be hard to avoid. If you are concerned with some of these businesses collecting information about you, there are several ways to help minimise the collection and tracking of your information, but there is no guarantee that it will be completely prevented. For example, you can consider:

  • reading privacy policies and cookie consent pop-ups and disabling the collection of data that you are unhappy with
  • using an adblocker that can block tracking pixels and social media icons
  • using web browsers and search engines that enforce your privacy and anonymity
  • preventing your email from automatically downloading or displaying images
  • when clicking links in social media apps, opening them in your own web browser instead of the in-built web browser
  • using a Virtual Private Network service to hide some of your identifying information.

Back up your important files

Save all your important files to a storage device such as a USB stick, memory card, external hard drive or online storage service. Ensure storage devices are not left connected to personal devices after important files have been backed up.

If you have a problem with personal devices and they need to be reset or replaced, you will still have access to your important files if you have completed recent backups. Likewise, if personal devices are compromised by malicious software that prevents you accessing your important files until you pay a ransom, having recent backups can assist you in recovering your files.

Prepare for lost or stolen personal devices

One of the biggest risks to your information is from lost or stolen personal devices. Know where personal devices are at all times, avoid leaving them unattended when away from your home and, if leaving them at home, store them in a secure location. If personal devices support a ‘find my device’ function or the ability to encrypt your device, these measures can provide additional security in the event of it being lost or stolen.

Be suspicious of unsolicited communications

Unsolicited communications in the form of phone calls, SMS, instant messages and emails are often trying to get you to do something that will benefit someone else. It might just be spam trying to get you to buy things or it might be trying to get you to access a file that will compromise your personal device; access your information (such as your online banking details); or to produce revenue for someone else via the use of premium phone numbers, advertisements or app downloads.

Do not follow instructions from someone who rings to say your personal device has technical problems. Further, if someone has sent you an SMS, instant message or email that you think is strange (including requests to click on a link, open attachments or to provide a password), delete it.

Use antivirus software

Use antivirus software from a reputable vendor for personal devices and keep it up to date. Some operating systems even come with free antivirus software built-in.

Antivirus vendors ensure their software helps prevent personal devices from being compromised. If you have a supported and up-to-date version, you can be assured that the software is looking out for problems and stopping them where possible.

Use a screen lock

A screen lock with a strong password that contains a combination of uppercase letters, lowercase letters, numbers and symbols (where possible) should be used for personal devices. Swipe or gesture-based passwords can be easy to guess and should not be used.

If personal devices support biometric identification (such as a fingerprint scan) this can provide a convenient way to unlock a device after a password has initially been used to unlock the device.

Use different passwords for websites and apps

Use different passwords for websites and apps, especially for those that store your credit card details or any personal information. If you use the same username (such as an email address) and password for a number of websites and apps, and one website or app is compromised, someone accessing that information is more likely to be able to access other websites and apps which you commonly use.

Some websites and apps offer the ability to use multiple steps to log on, such as a number sent via SMS to your mobile phone to use after you enter your username and password. The use of such mechanisms, even though they may be slightly inconvenient to use, offer far greater security and protection for your information.

It is also important that the email address you use for websites and apps has a unique password that has not been used elsewhere before. Someone that knows, or can easily guess, the password for your email address could use the ‘password reset’ functionality on websites and apps your email address is associated with to gain unauthorised access.

Finally, do not use ‘remember my password’ functionality within your web browser. This can place your passwords at an unnecessary risk of being compromised. If you struggle to remember passwords, consider using a trusted password manager application or writing them down and storing them securely and separately to your personal devices.

Avoid free wireless networks

While the use of free wireless access may be alluring, their use with personal devices can often put your information at risk. Free wireless by its very nature is insecure; this can expose your web browsing sessions to someone looking to monitor your activities. Where possible use internet access from your telecommunications provider, or if the use of free wireless is unavoidable, avoid undertaking any sensitive activities unless you are also using a Virtual Private Network service.

Further information

Further information on the secure use of social media is available in the Security Tips for Social Media and Messaging Apps publication.

Further information on detecting socially engineered messages sent via social media is available in the Detecting Socially Engineered Messages publication.

Further information on common types of scams, and reporting if you have seen or are a victim of a scam, is available from the Australian Cyber Security Centre.

Contact details

If you have any questions regarding this guidance you can write to us or call us on 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it