Let’s start by taking a minute to think about all of the things we use our phones for. If you’re like most people, your phone is probably connected at a minimum to your email, your social media accounts, your browser, your photos, and your text messages. Depending on other factors, it might also be connected to online dating apps, personal messages between you and loved ones, other messaging apps, all of your contacts…. And those are just the things that spring immediately to mind.

With all of that very personal — and, oftentimes, professional — information stored on our phones, you’d think we’d be better about securing them. But the truth of the matter is, most of us aren’t. Whether it’s out of ignorance or not wanting to be inconvenienced, too many people are taking security shortcuts that open them up to theft or privacy invasions.

So even if you think your phone is totally secure, review this list of six ways you can make sure it is.

Make Sure Your Phone Is Locked

Look, it’s tempting to leave a lock off your phone screen, especially when you consider the fact that many of us spend up to five hours per day on the phone. Entering that PIN or drawing that unlock pattern can seem like a hassle if you’re someone who checks back constantly on their phone.

However, a lock screen is your first line of defense for your phone. Think of it like the lock on your front door. Is it likely that someone is going to walk through and steal everything if you leave it open? No. Is it way more possible than if you just turned the lock? Yup. So why take the risk?

If you’re a heavy phone user, some phones have an option of leaving it unlocked when you’re inside your own house. But if you’re out and about, be sure to set a PIN (six digits should do — more than that is too hard to remember) or a secure design.

Set Up Two-Factor Authentication

If you haven’t set up two-factor authentication on every account that offers it, stop reading right now and go do it. Two-factor authentication requires a code sent via SMS in addition to a password to access whatever program or account it’s protecting. While it’s a little bit less useful for phone security than it is for laptop or desktop security — because the messages are sent to your phone and if someone has your phone in their possession, they’ll get your messages — it’s still an important step to take to protect your data. Basically, as many steps as you can put between your data and an attacker, the better.

Get Serious About Encryption

Most of the popular smartphones come with built-in encryption — check out this comparison chart to see how different phones rank for a range of security concerns. But if you want to add another layer of encryption on top of what your phone offers, particularly for web traffic, it’s worth looking into a high quality Virtual Private Network (VPN). VPNs encrypt any communication between your phone and the network it’s connecting to, making them a great way to protect your data even when it’s not directly on your phone.

If you’re using an Android device, Tenta Browser offers fully encrypted browsing with built-in VPN and DNS over TLS. Already have a VPN? No problem! You can still use Tenta free and get maximum security with Tenta DNS. And if you’re using a Apple device, ExpressVPN is a good one.

Only Download From Reliable Sources

We know it’s tempting to download that sweet new game, but it’s worth it to do your due diligence before downloading anything. Only download from trusted sources and do a little research. Remember: Anything you download from a sketchy source could potentially put spyware on your phone.

Think About App Permissions

Apps need permission to do certain things in order to function, but some unscrupulous companies take advantage of app permissions to collect more information about you than they really need. Instead of automatically clicking “yes” on every app permission, take a minute to think whether or not they really need that thing in order to function. For example, Google Maps definitely needs to know your location, but does that brain game really need to access to your photos? Probably not.

Don’t Click On Links (Without Confirming)

Phishing schemes are on the rise, and one way cyber criminals get you is by sending links that look like they’re from someone you know, but really aren’t. Use your best judgment before clicking on links (on your phone or in your browser) without confirming first that they came from the person they say they’re from.

While these six things might seem like a hassle, it only takes a couple of days to get into new, more secure habits. And isn’t it worth it? Our phones are an extension of our brains these days. Don’t let just anyone in there.