For the millions of people at home with friends and family for the festive season, it’s also the time of year where many get roped into fixing the house’s spotty Wi-Fi or face a barrage of questions about tech.
Instead this holiday season, give the gift of good security advice. This is the ideal time of year where you can get hands-on to help make meaningful changes that bolster the cybersecurity of your loved ones. This isn’t to say fixing the family printer isn’t worth your time, but sharing a little security advice goes a long way in protecting those you care about from the most common online threats.
As someone who’s covered hacks and breaches for well over a decade, I think of cybersecurity as an investment in something you hope never happens. Nobody wants to experience the “oh s—t” moment of realizing you’ve been hacked, or had your bank accounts or online wallets drained, yet many default to the mindset that “it could never happen to me” without realizing that their account passwords from yesteryear may not be a sufficient defense against today’s hacking efforts.
Oftentimes, taking a few minutes with friends and family can be the impetus that they need to get started with cybersecurity, and stay protected.
As for what to suggest to your folks, I asked Rachel Tobac, CEO of SocialProof Security, a company that provides security awareness training to help people defend against cyber threats before they strike; and Caitlin Condon, the vulnerability intelligence director at cybersecurity firm Rapid7, for their top security advice to share with friends and family. Their recommendations are to focus on the security basics that do the most work to keep your online accounts secure.
An important part of passing along effective security advice is helping your friends and family get started with the apps and security features they need to stay secure. This way, they can learn alongside you and build up those new habits and practices over time.
“It’s often not enough to merely recommend or install security technologies; we need to help loved ones learn how to use these technologies to build confidence and trust,” said Condon.
Set up a password manager that stores complex and unique passwords
“When we go home for the holidays, a lot of times our family asks us for things that actually aren’t the top thing that they need to focus on,” said Tobac. It’s no good giving a family member advice on cryptocurrency — for example — if they reuse the same password for every online account they have, Tobac said.
The best password is one that you never have to remember, and that’s where a password manager can help. Password managers save your login details, and can also generate and store complex and unique passwords, so you never have to remember the same password across your various online services. (Using the same password across the internet makes all of those accounts more vulnerable to being hacked if someone guesses or steals your password.)
There are plenty of password managers out there to choose. Your browser may have one already, and iPhones and iPads have their own Passwords app. Bitwarden is also a popular free-to-use password manager that also lets you access your passwords from your phone.
“It can help to sit down with loved ones, particularly if they aren’t terribly tech-savvy, and walk them through setting up a master password, installing browser plugins, generating and storing new passwords — starting with financial or healthcare sites — and logging in and out of the password manager,” said Condon.
A common fear is forgetting or losing the master password that locks your password manager from outsiders, Condon said. Some people opt to have a copy of their master password written down and kept somewhere in their house for safekeeping.
“In my experience, it’s a lot less risky to write a master password down on paper and store that somewhere in your home than it is to reuse easily guessable passwords,” said Condon.
Multi-factor authentication can save the day
Passwords alone are not enough to protect your accounts from intruders. Some of the biggest hacks of 2024 were possible because corporate giants forgot to implement basic security features, like multi-factor authentication (or MFA), allowing hackers to walk right in with just a stolen password.
Having a second layer of security like MFA (also known as two-factor) to your online accounts makes it far more difficult for anyone with just your password to access your account. MFA works by sending an additional second code by text message to a device that you own or prompting you to generate a code in an authenticator app.
“Help them turn on multi-factor authentication, whether that’s a code, or text message, especially for the essential accounts — like your email address account — which is the key to the castle for all of your other accounts,” said Tobac.
Tobac also recommended locking down your phone provider’s account with MFA, because — just like your email account — anyone with access to your phone number could gain access to any linked online account in case you ever forget your password. That’s also why some prefer to use an authenticator app generated on a device instead of having a text message (which can be intercepted) sent to their phone.
There are plenty of authenticator apps; a popular choice is Duo Mobilea simple app that generates second-factor codes on the fly while having an optional cloud backup in case you lose access to your phone.
Remember that any MFA is better than none.
Be ‘politely paranoid’ on the phone
“Another thing I see folks struggle with regularly is the wave of spam texts, calls, emails, and notifications designed to social engineer users into visiting malicious websites or giving away logins and personal data,” said Condon.
Oftentimes, letting a call go to voicemail can be an effective way of avoiding scams and fraud. Even with caller ID, phone calls inherently make it difficult to know for sure who the person you are speaking with is legitimate.
Tobac suggests being “politely paranoid,” a way of verifying that people and companies are who they say they are by contacting them back using a different method of communication before ever handing over information that could do harm, like a credit card number or a password. Tobac explained that if you get a call purportedly from your bank to say there are strange charges on your account, you can politely hang up the phone and call back using the official number on your bank card.
The same goes for anyone who calls you that might ask for information but you can’t be sure who it is. You can check out the organization’s website, app, or secure message inbox to check for yourself first before taking any action.
Having those common websites bookmarked in the browser for easy access can help your relatives verify any suspect call in a matter of seconds.
“Help your loved ones bookmark official login pages they can visit safely to check secure messages or account transactions when they’re concerned there might be something amiss,” Condon. “Show them how to navigate to those sites via pinned bookmarks or browser shortcuts.”
A password manager, multi-factor authentication and being “politely paranoid” on the phone are by far the simplest, yet most effective roadblocks for malicious hackers. Ensuring the cybersecurity foundations in place (and your loved ones understanding their importance) is a great place to start with friends and family, Tobac said.
“That’s the best gift you could give them,” said Tobac. “The gift of not getting hacked.”
Comments are closed.