Please ensure Javascript is enabled for purposes of website accessibility

Mobile data can be especially vulnerable to cyberthreats. Take control of your privacy by implementing these best practices. 

The 21st century has led to the advent of life-changing technology, paving the way for everything from managing finances remotely to staying connected with friends and family across the world. However, with increased connectivity comes more privacy concerns and the need for heightened diligence.


As we share personal information on the Internet, awareness as to how that data is transmitted and used is paramount to maintaining privacy. Although we may lock our devices, keep social media accounts private and secure our networks, our mobile devices continuously transmit information.


Did you know that when you turn on your mobile phone, it automatically connects to the nearest cell tower to provide access to the network? Your phone then sends two numbers to the network: one identifying the Sim card and another identifying the phone (IMEI number). This information also contains your GPS location.


Potential threats


Identity theft through the means of cyberattacks is becoming more prevalent every day. To paint a more detailed picture, 33% of U.S. citizens have experienced identity theft at some point in their lives1 with individuals falling victim to identity fraud every 14 seconds.2 While those active on social media are more likely to become victims, most stolen identities are used to apply for government documents and benefits.


Our smartphones are goldmines of personal data, including our geolocation, bank information, photos, private messages and passwords. As this data is used for social media and mobile apps, it is collected, shared and sold to numerous organizations that aggregate the information to build a user profile. This is also known as data collection and harvesting, where advertisers pay third-party developers for user data which enables them to develop targeted campaigns.


While some targeted ads may be harmless, your information can be used against you if your credentials are stolen from a data breach. In 2021, data from 533 million Facebook accounts and 700 million LinkedIn accounts were sold to data brokers like Acxiom, which has 1,500 pieces of data on 2.5 billion people. Such a large amount of data changing hands leaves unsuspecting users vulnerable to identity theft, fraud, account takeover and cyberstalking.


What you can do


Disabling location services, managing your mobile apps, limiting ad tracking and enabling privacy settings in your device’s browser can help mitigate the risk of having personal information exposed, but these actions alone will not entirely eliminate them.




In order to have the best chance of keeping your personal information safe, you should mask your data by encrypting it on devices, apps and network connections. Encryption involves taking readable data and converting it into randomized, incomprehensible text that requires a key for the recipient to decrypt the data, turning it back into readable text (see below). Not only does this prevent data tampering and preserve the data’s integrity, but it also protects the confidentiality of data, which is essential to ensuring both security and privacy.





Most mobile devices offer the option for hardware encryption, which only allows data to be accessed through authentication with a chosen PIN, passcode or fingerprint. With this enabled, when you lock your device, either manually or because you’re inactive, it automatically encrypts.


Managing Permission Controls


There are three major permission controls key to maintaining privacy on mobile devices. These are your device’s camera, microphone and location. If you’ve ever observed the phenomenon when you come across on ad on social media and you’re certain you were just talking about it in-person with a friend, it’s not a coincidence. This can happen when your microphone is turned on and the app is accessing that data. The same goes for camera and location data.


You’ll notice every now and then that you get a pop-up from an app, requesting permission to access your device’s camera, microphone or location to improve its efficiency. Similarly, some apps request access to other hardware features, including Bluetooth connectivity, motion and fitness sensors, and devices on your local network.


Any app is a potential security risk. By keeping a minimal number of apps on your phone and disabling camera, microphone and location access, you can improve your personal cybersecurity. It can help to periodically review/change which apps have access to these features through your device’s settings menu.


Ad and Tracker Blockers


A more feasible measure is to use ad and tracker blockers. Ad blockers use filters to block specific content by informing browsers not to load content that does not adhere to their filters. Many ad blockers offer numerous filters that can be activated or deactivated; thus, the extent to which content is blocked is ultimately up to the user. This can be useful for removing distracting ads, increasing web speed, reducing bandwidth and battery usage, and it can help protect from malware, among other advantages.


Ad blockers also offer protection from trackers, which send information about you to website publishers as well as analytics or advertising companies. This information includes your search behavior and the type of device you use, helping them to personalize what you see on websites. Many would consider this an invasion of privacy, so if you’re serious about protecting your web privacy, ad and tracker blockers are a valuable set of tools.


“Private”/Incognito Browsing


Another measure you can take is to use “private”/incognito browsing, but it’s important to understand this does not ensure total privacy. Private browsing was not created to mask or hide your identity, but it does automatically erase browsing history, search history and cookies.


It can also limit web tracking, which means websites have a harder time keeping tabs on you; and some private browsers even help hide your location. However, it does not offer total privacy because internet providers can still see which websites you visit.




When it comes to encrypting your connection, using a Virtual Private Network (VPN) may be your best route. Because websites, internet service providers (ISP) or anyone connected to your network can see your browsing activity through your computer’s IP address (or virtual ID), private browsers do not protect you from snooping. However, a VPN can offer anonymity by masking your IP address from everyone except for the VPN provider. It does this by providing an encrypted tunnel from your device to the Internet, which blocks others from seeing inside.


Although many VPNs are available for use, it’s important not to go with free options since many contain malware. You should choose one that suits your budget and needs, and sign up for a trial to test out the speed beforehand.


The bottom line


Although technology has made our lives easier in many respects, it has also left us vulnerable to privacy attacks and identity fraud in ways that weren’t possible just a few decades ago. It’s important to be aware of who has access to our personal data and how it is being used. This could mean the difference between financial implications resulting in years of headaches and worry-free, continued use of advantageous technology.


BNY Mellon is committed to protecting your data and account information. BNY Mellon’s Enterprise Resiliency Office works in coordination with our digital and technology teams to deliver timely and effective incident identification, assessment, escalation, communication and resolution. This is done with the goal of providing clients with superior service as well as world-class products and services.




This material is provided for illustrative/educational purposes only. This material is not intended to constitute legal, tax, investment, or financial advice. Effort has been made to ensure that the material presented herein is accurate at the time of publication. However, this material is not intended to be a full and exhaustive explanation of the law in any area or of all of the tax, investment or financial options available. The information discussed herein may not be applicable to or appropriate for every investor and should be used only after consultation with professionals who have reviewed your specific situation. The Bank of New York Mellon, DIFC Branch (the “Authorized Firm”) is communicating these materials on behalf of The Bank of New York Mellon. The Bank of New York Mellon is a wholly owned subsidiary of The Bank of New York Mellon Corporation. This material is intended for Professional Clients only and no other person should act upon it. The Authorized Firm is regulated by the Dubai Financial Services Authority and is located at Dubai International Financial Centre, The Exchange Building 5 North, Level 6, Room 601, P.O. Box 506723, Dubai, UAE. The Bank of New York Mellon is supervised and regulated by the New York State Department of Financial Services and the Federal Reserve and authorized by the Prudential Regulation Authority. The Bank of New York Mellon London Branch is subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. The Bank of New York Mellon is incorporated with limited liability in the State of New York, USA. Head Office: 240 Greenwich Street, New York, NY, 10286, USA. In the U.K. a number of the services associated with BNY Mellon Wealth Management’s Family Office Services– International are provided through The Bank of New York Mellon, London Branch, One Canada Square, London, E14 5AL. The London Branch is registered in England and Wales with FC No. 005522 and BR000818. Investment management services are offered through BNY Mellon Investment Management EMEA Limited, BNY Mellon Centre, One Canada Square, London E14 5AL, which is registered in England No. 1118580 and is authorized and regulated by the Financial Conduct Authority. Offshore trust and administration services are through BNY Mellon Trust Company (Cayman) Ltd. This document is issued in the U.K. by The Bank of New York Mellon. In the United States the information provided within this document is for use by professional investors. This material is a financial promotion in the UK and EMEA. This material, and the statements contained herein, are not an offer or solicitation to buy or sell any products (including financial products) or services or to participate in any particular strategy mentioned and should not be construed as such. BNY Mellon Fund Services (Ireland) Limited is regulated by the Central Bank of Ireland BNY Mellon Investment Servicing (International) Limited is regulated by the Central Bank of Ireland. Trademarks and logos belong to their respective owners. BNY Mellon Wealth Management conducts business through various operating subsidiaries of The Bank of New York Mellon Corporation. The information in this paper is as of October 2022 and is based on sources believed to be reliable but content accuracy is not guaranteed.


©2022 The Bank of New York Mellon Corporation. All rights reserved. WM-305430