Home for the holidays? Share these important cybersecurity tips with friends and family
For millions of people who are home with friends and family this holiday season, it’s also the time of year when many are busy fixing spotty Wi-Fi at home or faced with a barrage of questions about technology.
Instead, this holiday season, give the gift of good security advice. This is the perfect time of year when you can get hands-on to help make meaningful changes that enhance the cybersecurity of your loved ones. That’s not to say that fixing the family printer isn’t worth your time, but sharing a few security tips goes a long way in protecting the people you care about from the most common online threats.
As someone who has covered hacks and breaches for over a decade, I think of cybersecurity as an investment in something you hope never happens. No one wants to experience the “oh my god” moment when they realize you’ve been hacked, or that your bank accounts or online wallets have been drained, yet many succumb to the “it could never happen to me” mentality without realizing that their accounts have been compromised. Yesterday’s passwords are not a sufficient defense against today’s hacking efforts.
Often times, spending a few minutes with friends and family can be the motivation they need to start cybersecurity and stay protected.
As for what I should suggest to your folks, I asked Rachel Toback, CEO of SocialProof Security, a company that provides security awareness training to help people defend against cyber threats before they strike; and Caitlin Condon, Director of Vulnerability Intelligence at cybersecurity firm Rapid7, for their top security tips to share with friends and family. Their recommendations are to focus on the security basics that do the most work to keep your online accounts safe.
An important part of providing effective security advice is helping your friends and family get started using the apps and security features they need to stay safe. This way, they can learn alongside you and build those new habits and practices over time.
“It’s often not enough to simply recommend or install security technologies; we need to help our loved ones learn how to use these technologies to build trust,” Condon said.
Set up a password manager that stores complex and unique passwords
“When we come home for the holidays, a lot of times our family asks us for things that aren’t actually the most important thing they need to focus on,” Toback said. Toback said it’s not a good idea to advise a family member about cryptocurrencies, for example, if they reuse the same password for every online account they have.
The best password is one that you never have to remember, and this is where… Password manager can help. Password managers save your login details, and can also create and store complex and unique passwords, so you never have to remember the same password across your various online services. (Using the same password online makes all of these accounts more vulnerable to hacking if someone guesses or steals your password.)
There are plenty of password managers to choose from. Your browser may already have one, as do iPhones and iPads Apply their passwords. Betwarden It is also a popular password manager that is free to use Which also allows you to access your passwords from your phone.
“It can be helpful to sit down with your loved ones, especially if they’re not very tech-savvy, and walk them through setting up a master password, installing browser plug-ins, and creating and storing new passwords — starting with financial or healthcare sites — and it can be helpful,” Condon said. “Sign in and out of your password manager.”
A common fear is forgetting or losing the master password that locks your password manager out from strangers, Condon said. Some people choose to write down a copy of their master password and keep it somewhere in their home for safekeeping.
“In my experience, writing the master password down on paper and storing it somewhere in your home is much less risky than reusing passwords that can be easily guessed,” Condon said.
Multi-factor authentication can save the day
Passwords alone are not enough to protect your accounts from hackers. some The biggest breakthroughs of 2024 This was possible because the giant companies forgot to implement basic security features, such as multi-factor authentication (or MFA), allowing hackers to get right in with just a stolen password.
Having a second layer of security like MFA (aka two-factor) for your online accounts makes it more difficult for someone with just your password to access your account. MFA works by sending an additional second code via text message to a device you own or requiring you to generate a code in an authentication app.
“Help them turn on multi-factor authentication, whether that’s a code or a text message, especially for basic accounts — like your email address account — which is the key to the castle for all your other accounts,” Toback said.
Toback also recommended locking out your phone provider account with MFA, because — just like your email account — anyone with access to your phone number can access any associated online account if you forget your password. This is also why some people prefer to use an authentication app built on the device instead of sending a text message (which can be intercepted) to their phone.
There are a lot of authentication applications; A popular choice is Duo Mobilea simple app that quickly generates two-factor codes with an optional cloud backup in case you lose access to your phone.
Remember, any MFA is better than nothing.
Be “politely polite” on the phone
“Another thing I see people regularly experiencing is a wave of unwanted texts, calls, emails and notifications designed to social engineer users to visit malicious websites or reveal login information and personal data,” Condon said.
Often times, letting a call go to voicemail can be an effective way to avoid scams and scams. Even with caller ID, phone calls by their very nature make it difficult to know for sure Whoever you are talking to is legit.
Tupac suggests Being “politely paranoid” A way to verify the identity of people and companies by contacting them again using a different communication method before handing over potentially damaging information, such as a credit card number or password. Tupac explained that if you receive a call purporting to be from your bank informing you of strange charges on your account, you can politely hang up the phone and call back using the official number on your bank card.
The same applies to anyone who contacts you and may ask for information but whose identity you cannot confirm. You can check the organization’s website, app, or secure message box to verify yourself first before taking any action.
Bookmarking these popular websites in the browser for easy access can help your relatives check any suspicious call within seconds.
“Help your loved ones bookmark official login pages they can safely visit to check secure messages or account transactions when they worry something might be wrong,” Condon said. “Show them how to navigate to those sites via pinned bookmarks or browser shortcuts.”
A password manager, multi-factor authentication, and being politely paranoid on your phone are some of the simplest and most effective barriers to malicious hackers. Making sure you have cybersecurity foundations in place (and your loved ones understand its importance) is a great place to start with friends and family, Toback said.
“This is the best gift you can give them,” Tupac said. “The gift of not being hacked.”
