With millions of people at home with friends and family over the festive season, this is also a time of year when many struggle to fix spotty Wi-Fi in their homes or face a barrage of questions about their technology.
Instead, give the gift of good security advice this holiday season. Now is an ideal time to make meaningful changes to strengthen the cybersecurity of your loved ones. That’s not to say it’s not worth investing time into fixing your family printer, but sharing a little security advice can go a long way in protecting those you care about against the most common online threats.
As someone who has been covering hacks and breaches for over a decade, I think of cybersecurity as an investment in something you hope will never happen. No one wants to experience that “oh my gosh” moment when they realize they’ve been hacked or their bank account or online wallet has been drained. The passwords of yesterday may not be enough to defend against today’s hacking activities.
Often, just spending a few minutes with friends and family can be the impetus you need to get started with your cybersecurity and stay protected.
For her suggestions, I asked Rachel Tobac, CEO of SocialProof Security, a company that provides security awareness training to help people defend against cyber threats before they strike. Caitlin Condon, director of vulnerability intelligence at cybersecurity company Rapid7, offered top security advice to share with friends and family. Their recommendation is to focus on the security basics that do the most work to keep your online accounts safe.
An important part of delivering effective security advice is helping your friends and family get started with the apps and security features they need to stay secure. This way, they can learn alongside you and build new habits and practices over time.
“Simply recommending or installing security technologies is often not enough. We need to help our loved ones learn how to use these skills to build confidence and trust,” Condon said.
Set up a password manager to store complex and unique passwords
“When we go home for the holidays, our families often ask us things that aren’t actually the most important things to focus on,” Tobac said. For example, it’s no use advising a family member about cryptocurrency if they reuse the same password for every online account they have, Tobac said.
The best passwords are ones you never have to remember, and a password manager can help. Password managers save your login details and can even create and store complex, unique passwords, so you don’t have to remember the same passwords for different online services. (Using the same password on the Internet increases the risk of all your accounts being hacked if someone guesses or steals your password.)
There are many password managers to choose from. Your browser may already have a password app, and your iPhone and iPad have their own password apps. Bitwarden is also a popular free password manager that lets you access your passwords from your phone.
“It can be especially helpful to sit down with a non-tech-savvy loved one and walk them through the process of setting up a master password, installing browser plug-ins, and creating and storing new passwords, starting with financial or medical sites. Log in and log out of your password manager,” Condon said.
A common fear is forgetting or losing the master password that blocks your password manager from outsiders, Condon said. Some people decide to write down a copy of their master password and keep it somewhere in the house to keep it safe.
“In my experience, writing down your master password on a piece of paper and keeping it somewhere in the house is much less risky than reusing an easily guessable password,” Condon said.
Save time with multi-factor authentication
A password alone cannot protect your account from intruders. Some of the biggest hacks of 2024 were possible because large companies forgot to implement basic security features like multi-factor authentication (MFA), allowing hackers to break in right away with just stolen passwords.
Applying a second layer of security, such as MFA (also known as two-factor), to your online accounts makes it much more difficult for someone who only knows your password to access your account. MFA works by sending an additional second code to the device you own via text message, or by prompting you to generate a code in an authenticator app.
“Please help us enable multi-factor authentication for essential accounts, whether codes or text messages, especially email address accounts,” Tobac said. “This is the key to the last name for all other accounts.”
Tobac also recommends using MFA to lock your account with your phone provider, because just like your email account, anyone with access to your phone number can access all of your connected online accounts if you forget your password. Recommended. That’s why some people prefer to use an authenticator app created on their device rather than sending a text message to their phone (which can be intercepted).
There are tons of authentication apps out there. A popular choice is Duo Mobile, a simple app that generates two-step codes on the fly while optionally maintaining a cloud backup in case you don’t have access to your phone.
Remember, any MFA is better than none.
Be ‘politely paranoid’ on the phone
“Another problem people regularly struggle with is the wave of spam texts, calls, emails and notifications designed to get social engineer users to visit malicious websites or provide logins and personal data,” Condon said.
Often, diverting calls to voicemail can be an effective way to prevent scams and scams. Even with caller ID, phone calls inherently make it difficult to verify that the person you’re talking to is a legitimate person.
Tobacco suggests “polite paranoia,” which is the practice of verifying who people and companies are by using other communication methods to reconnect with them before handing over information that could cause harm, such as credit card numbers or passwords. . . Tobac explained that if you get a call from your bank telling you that an unusual charge has been placed on your account, you can politely hang up and call back using the official phone number on your bank card.
This also applies if they call you and ask for information, but we are not sure who it is. Before taking any action, you can check for yourself by checking the organization’s website, app, or secure message inbox.
By bookmarking common websites in your browser for easy access, your family can check for suspicious calls in seconds.
“Help your loved ones bookmark our official login page, where they can safely visit to confirm secure messages or account transactions if they are worried something may be wrong,” says Condon. “Show me how to get to that site via a pinned bookmark or browser shortcut.”
Password managers, multi-factor authentication, and being “politely paranoid” on the phone are some of the simplest and most effective obstacles to malicious hackers. Laying a cybersecurity foundation (and ensuring your loved ones understand its importance) is a good place to start with friends and family, Tobac said.
“That’s the best gift you can give them,” Tobac said. “The gift of not being hacked.”
