Instagram is a great way to share photos with friends, family, and the rest of the world, but it could also open you up to privacy and security risks. It doesn’t have to be that way, though. It’s easy to protect yourself and still get the most out of what Instagram has to offer.

Here are five ways to keep your account safe. There are separate instructions for the web and for mobile apps and notations where the iOS and Android apps differ.

Make your account private

Take a simple privacy step by turning your public account into a private one. This will let you share your photos with a select group of people while keeping them hidden from everyone else. That way, only people you really care about will be aware of your activities.

On mobile

Go to your profile by tapping the “person” icon on the lower-right corner of the screen. Swipe to the left and tap the Settings gear icon that appears.

Select “Privacy and Security” then “Account Privacy.”

Toggle “Private Account” on.

On the web

Click on the “person” icon in the upper-right corner, and then look for the gear icon next to your name.

Select “Privacy and Security” then “Account Privacy.”

Click on the checkbox for Private Account.

From now on, only your existing followers will be able to see your posts. Anyone else will have to send a follow request to you first.

Block specific followers

If one of your followers becomes annoying (or worse), you can also block specific followers from seeing your posts. (Don’t worry: followers aren’t notified that you’ve blocked them.)

On mobile

Tap “Followers” at the top of the main mobile menu.

Search for the follower you want to block.

If you’re using iOS, tap the three horizontal dots next to their name. If you’re using Android, tap the three vertical dots. Select “Remove.”

On the web

Click on the person icon and then on “Followers.”

Search for the follower you want to block.

Click on that person’s icon, then look for the three horizontal dots to the right of their name. Select “Block this user.”

Turn on two-factor authentication

Worried that someone will log in to your Instagram account and pose as you? Turn on two-factor authentication, which will send you a text message with an authentication code every time you log in to Instagram on a new device. You’ll then have to type in the code to complete logging in.

On mobile

Go to “Settings” > “Privacy and Security” > “Two-Factor Authentication” > “Get Started.”

Toggle on “Text Message.”

If you’d prefer to instead use an authentication app like Google Authenticator, toggle on “Authentication App” instead. The app will see if you already have one installed. If you don’t, it will suggest one.

On the web

Go to the person icon, then click on the gear icon.

Click on “Privacy and Security” > “Edit Two-Factor Authentication Setting”

Check “Text Message.” If you have an authentication app available, you will also be able to check “Use Authentication App.” Otherwise, it will be grayed out.

Prevent third-party apps from getting your data

There are tons of third-party apps that ask you to get access to your Instagram data, like an app that schedules Instagram posts for you. So before agreeing to let one access your data, factor in that the more companies that have private information about you, the more likely it is that the information can be misused or stolen. Even more important: make sure that you only grant Instagram access to apps that truly have a need for it.

To revoke access to apps that already have it, you have to use the web interface; you can’t do this through the mobile app.

Log in to Instagram on a browser on a phone or computer, and click or tap the person icon on the upper-right corner of the screen.

Click or tap on the gear icon.

Click on “Authorized Apps.” (Look for it on the left-hand menu.) You’ll see a list of apps that have been authorized to access Instagram.

Click on the “Revoke Access” button for any app that you want to unauthorize, and then select “Yes.”

Check if someone has hacked your account

Worried that someone has hacked your Instagram account? You can check by viewing your past account activity, including logins, logouts, changing a password, and more.

Using the mobile app, go to “Settings” > “Privacy and Security” > “Access Data.” On the web, tap the “person” icon in the upper-right of the screen. Click the gear icon, and select “Privacy and Security” > “View Account Data.”

You’ll come to an info page that has a great deal of data on how your account has been used. You can click any category to get more information, such as “Account privacy changes,” “Logins,” “Logouts,” “Hashtags you follow,” and so on.

Pay special attention to “Account privacy changes,” “Password changes,” “Logins,” “Logouts,” and “Stories Activity.” If you see anything that’s unfamiliar, it may mean that someone else is using your account. Immediately change your password to lock them out.