Last Updated: August 4, 2016

Connecting to the Internet with a smartphone? You're likely to be one of the 190-million-plus Americans who may encounter one of the two million versions of malware by the end of the year, according to G Data, a Bochum, Germany-based security researcher. Malware creates vulnerabilities that can allow criminals to steal logins, passwords and anything else typed or stored on your smartphone from emails to photos. As an added bonus? Thieves can hijack built-in cameras and microphones to spy on users.

“Malware hands control of a user's phone to a cyber criminal – and then that hacker can steal information and upload text messages and other files to the attacker's server to be used at a later time," says Pat Clawson, CEO of Blancco Technology Group, an international data security company.

As that's hardly the scenario you want, here are the top eight questions to ask yourself to ensure your mobile device is safe — before it's not.

1. Have you backed my mobile device to a cloud, a hard drive, or some external platform? Both Apple and Google offer free on-line back up services — crucial should your smartphone or handheld get hacked, and data is lost.

2. Is your password secure? Experts suggest you use upper and lower case letters interspersed with symbols and numbers. Also? Avoid names of a child, spouse, address, pet, or famous place or person – anything easy to reference from your social media pages.

3. Know what's the most effective way to erase data from this device — and what's the least effective way. “Make sure the data erasure solution has a proven overwriting method," says Blancco Technology Group's Clawson, referring to how data is removed from a hard drive. For those users who want to know even more details, they can ask the total number of overwriting passes a software uses, Clawson says.

In addition, Clawson suggests checking for proof that data has been erased: “Does the data erasure or wiping solution I've used provide a tamper-proof certificate that verifies all data has been completely removed?" he says. “Can I get a physical copy of this certificate?"

4. Do you know what you actually have stored on your device? Computers are closets. We forget and we rarely dust. Years of accumulated data may include proprietary information and material you don't want broadcasted publicly, and in the wrong hands.

5. Have you applied all vendor-supplied updates to the operating system and checked applications regularly for updates and installed them? “An app update will often fix vulnerabilities in the app," says Andy Hayter, G DATA's Security Evangelist.

6. Where is your anti-malware software coming from — and as we mentioned above, have you checked that this program is also up to date? You should buy anti-malware only from “a known app store like Google Play Store of Apple App Store or another trusted vendor," says G DATA's Andy Hayter.

7. Start off safely and make sure you buy your device from a trusted supplier, avoiding “grey market or cheap devices as many of those have malware pre-installed on them," Hayter says. “Avoid online stores that don't appear to be legitimate or if something about the sale or deal is fishy."

8. Finally, avoid logging on to any financial web site, such as your brokerage account or bank, or do any online shopping with your credit card over a public Wi-Fi network. Hackers thrive in these spaces. Instead, if you must log-on while out, use a virtual private network, says Hayter. Sure, you'll have to take an extra step or two. But better than than the hundreds of steps you'll be taking should hackers get a hold of your data.