If you have an Android phone in particular, you should seriously consider installing a security app. According to McAfee's latest threat report, 2020 is looking like the year of mobile sneak attacks.
What that means is that malware is going to hide away on your phone, spy on you and collect personal data without you knowing. Selling this information makes money for the criminals and you're none the wiser.
Hidden Android apps
Such apps are finding innovative ways to stay hidden, such as having no icon or name, so you don't see them in your app drawer or even in the list of apps in Settings.
Worse, apps such as LeifAccess and Shopper use accessibility features in Android to create accounts, post fake reviews of products and download other apps. They typically show fake security warnings which trick you into giving them accessibility permissions.
Some of this malware displays adverts on your phone, and for each one, the advertiser pays a small amount of money to the developer of the malware.
In the past, they'd display as many of these as quickly as possible to make money before you got annoyed and decided to track down and remove the app.
Now, the malicious apps are becoming more sophisticated and reducing the frequency of ads and other fraudulent behaviour in the hope you won't really notice or get so annoyed you remove them.
What phone security do I need?
As ever, much of the best security advice is common sense. When you install apps, only do it from the official app store on your phone. (At the same time, watch out for fake reviews of apps. Repetitive phrases and only 5-star ratings are typical giveaways.)
Google Play Protect helps to ensure that the apps you install from the Play Store don't contain any malware.
But as that's not a cast-iron guarantee, you should also consider installing an antivirus app.
However, dodgy apps aren't your only worry. It's just as easy to fall for phishing scams on your phone as on a laptop or PC.
So be vigilant and don't tap on links in emails unless you're certain the source of the email is legitimate. And even then, don't blindly enter your login details on websites without checking they are the genuine article.
This is another way mobile security can help, warning you of unsecure sites, or those which are known to be dangerous for some reason.
It's also worth watching out for any unusual requests to install certificates to "enable new features" - they might actually be spying on you.
Monitor your email and passwords
ID monitoring services have popped up in the last few years and alert you if your details are ever included in a breach where an online service is hacked.
It happens too regularly, and if you use the same email address and password for lots of websites, then you're opening yourself up to unnecessary risks.
Some free services exist which you have to check manually, including haveibeenpwned.com.
If the thought of having to use unique passwords for each website is too much, then get a password manager which will remember them (and enter them) for you, such as LastPass or 1Password, the latter of which integrates with Have I Been Pwned.